The syslog mechanism is responsible for sending and recording the information generated by the system kernel and tools. It consists of the syslog () call, the syslogd daemon process, and the configuration file/etc/syslog. conf. When the system kernel and tool generate information, send the information to syslogd by calling syslog (), and then syslogd according to/etc/syslog. the Configuration Requirements in conf are as follows:
Recorded in system logs
Output to System Console
Forward to a specified user
Syslogd forwarded to other hosts through the network
With the syslog. conf configuration, We can flexibly control the transmission and storage of information.
The syslogd process is started by/etc/rc2.d/S74syslog at system startup. To manually start or stop syslogd, run the following command:
1
#/Etc/init. d/syslog start | stop
A configuration record in the/etc/syslog. conf file consists of "selector" and "action", which are separated by tabs. The "option" is composed of one or more reserved fields in the format of "type. Level". Each reserved field is separated by a semicolon.
The "type" in the reserved field indicates the source of information generation, which can be:
01
Kern information generated by the kernel;
02
Information generated by user processes. For information generated by programs or tools not listed here, the default type is "user ";
03
Information generated by the mail system;
04
Daemon system daemon information, such as in. ftpd and telnetd;
05
Auth information generated during identity authentication by login, su, and getty;
06
Syslogd internal information;
07
The lpr line prints the spooling system information;
08
News USENET information of the network news system;
09
Uucp UUCP system information;
10
Cron and at tool information;
11
The local0-7 is reserved for local use;
12
Timestamp information generated inside mark syslogd;
13
* All types except mark (this symbol cannot represent all levels ).
The "level" in the reserved field indicates the importance of the information, which can be:
1
Emerg is in the Panic status. Generally, it should be broadcast to all users;
2
Alert. The current status must be corrected immediately. For example, the system database crashes;
3
Crit critical status warning. For example, hardware faults;
4
Other err errors;
5
Warning;
6
Notice Note: Non-error reports, but should be specially handled;
7
Info notification information;
8
Information about the debug program;
9
None is usually used for program debugging, indicating that information generated with the none level does not need to be sent. For example, *. debug; mail. none indicates that all information except the mail information is sent during debugging.
The action field indicates the destination of the message. It can be:
1
/Filename log file. The file name specified by the absolute path. This file must be created in advance;
2
@ Host remote host;
3
User1 and user2 specify the user. If the specified user has logged on, the user will receive the message;
4
* All users. All logged-on users will receive the message.
Let's take a look at the instances in the/etc/syslog. conf file:
1
...
2
3
*. Err; kern. debug; daemon. notice; mail. crit/var/adm/messages
4
5
...
The "action" in this line is the/var/adm/messages file that we often care about. The source "selector" output to it is:
1
*. All general error messages of err;
2
Debugging information generated by kern. debug core;
3
Daemon. notice daemon precautions;
4
Mail. crit critical warning information of the mail System