Due to the many default log files in DebianSyslog. confRemove unnecessary files in the/var/log directory ..
For different types of UNIX, standard unixlog system settings, except for some different keywordsSyslog. confThe format is the same. Syslog uses a configurable and unified system registration program to receive log requests from all over the system at any time, and then according to/etc/Syslog. confTo write the log information to the corresponding file, mail it to a specific user, or send it directly to the console as a message. It is worth noting that, in order to prevent intruders from modifying or deleting the record information in messages, printer records or attempts to defeat intruders can be used.
See man .Syslog. conf. Here isSyslog. conf.
/Etc/Syslog. confA configuration record in the file consists of "selector" and "action", which are separated by tab tabs (the space interval is invalid ). The "option" is composed of one or more reserved fields in the format of "type. Level". Each reserved field is separated by a semicolon. The following lines are shown:
Type. level [; type. level] 'tab' action
The "type" in the reserved field indicates the source of information generation, which can be:
Auth authentication system, that is, asking for the user name and password
Information issued by the cron system during scheduled task execution
Daemon Syslog of some system daemon programs, such as logs generated by in. ftpd
Syslog information of the Kern Kernel
Syslog information of the LPR printer
Syslog information of the Mail System
The timer program for Mark to send messages at a scheduled time
Syslog information of the news system
User Local User Application syslog Information
Syslog information of uucp Subsystem
The SYSLOG information of 7 Local types can be defined by the user.
* Represents the above devices
The "level" in the reserved field indicates the importance of the information, which can be:
Emerg is in the panic status. Generally, it should be broadcast to all users;
Alert alert. The current status must be corrected immediately. For example, the system database crashes;
Crit critical status warning. For example, hardware faults;
Other err errors;
Notice Note: Non-error reports, but should be specially handled;
Info notification information;
Information about the debug program;
None is usually used for program debugging, indicating that information generated with the none level does not need to be sent. For example, *. debug; mail. None indicates that all information except the mail information is sent during debugging.
The action field indicates the destination of the message. It can be:
/Filename log file. The file name specified by the absolute path. This file must be created in advance;
@ Host remote host; @ symbol can be followed by an IP address or a domain name. By default, the loghost alias under the/etc/hosts file has been specified to the local machine.
User1 and user2 specify the user. If the specified user has logged on, the user will receive the message;
* All users. All logged-on users will receive the message.
3: specific instance
Let's take a look at/etc/Syslog. confFile instance:
*. Err; Kern. debug; daemon. Notice; mail. crit [Tab]/var/adm/messages
The "action" in this line is the/var/adm/messages file that we often care about. The source "selector" output to it is:
*. Err-all common error messages;
Kern. debug-debugging information generated by the core;
Daemon. Notice-daemon precautions;
Mail. crit-critical warning information of the Mail System