Linux syslog Introduction

First, Introduction

Syslog is the default log daemon for Linux systems. The default primary and secondary configuration files are/etc/syslog.conf and/etc/sysconfig/syslog files, respectively. Normally, Syslog accepts information from various functions of the system, each of which includes important levels. The/etc/syslog.conf file notifies syslogd how to report information based on device and information importance levels.

Second, the configuration file

The/etc/syslog.conf file is configured in the following format

Facility.level    Action

Description: Facility.level is a selection condition, which itself is divided into two fields, separated by a decimal points (.). tab is used between action and Facility.level.

The facility message type, which specifies the Syslog functionality, mainly includes:

Kern     Kernel information, first pass through KLOGD, user     user process, mail     message, daemon   background process, Authpriv authorization information, syslog   system log;  LPR       print information, news     newsgroup information, uucp     information cron     program and task information generated by UUCP. Mark     syslog internal features are used to generate timestamp local0----local7   SSH functionality

* Wildcards represent all functions except mark

Level message levels, which specify the syslog priority, mainly include:

Emerg or Panic   The system is unavailable (most urgent message) alert            needs to be modified immediately (Emergency message) Crit             error conditions that prevent some tools or subsystem functionality from being implemented (important message) Err              Error conditions (error messages) that prevent the tool or some of the subsystem partial functionality from being implemented warning          alert information (warning message) Notice           General conditions of importance (common but important messages)info              Messages that provide information (informational messages) Debug            does not contain additional information about a function condition or problem (Debug level - maximum information) None             is not important and is usually used for troubleshooting (no log messages are logged)*                All levels, except none

Action action fields, which mainly include:

/var/log/lastlog: Record the time each consumer recently checked in to the system

W.H.O. , users, finger and other directives will check this file.  Last This command will check the file. This file also records the movements of shutdown and reboot. /var/log/Secure: Login System Information /var/log/Maillog: Record sendmail and pop and other related messages. /var/log/cron: Record crontab related messages, timer information /VAR/LOG/DMESG:/bin/DMESG willshow this file, it is the screen message when the boot. FTP take those files. Login Login FTP su and so on.

Iii. Examples of programming

http://blog.chinaunix.net/uid-25120309-id-3359929.html

Linux syslog Introduction