Syslog introduction (II): basic configuration of syslog in Linux

Source: Internet
Author: User
Tags rsyslog


Different Linux distributions use different syslog programs to record system logs.
Debain 4.0/ubuntu8.04 (desktop version) uses sysklogd by default, and the configuration file is/etc/syslog. conf.
By default, fedora9 uses rsyslogd. The configuration file is/etc/rsyslog. conf.
Opensuse11 uses syslog-ng and the configuration file is/etc/syslog-ng/syslog-ng.conf.

Here, only Debian is used as an example to introduce the configuration of syslog. conf. The format of rsyslog. conf is basically the same as that of syslog. conf. You can run the man syslog. conf command to view the configuration help.

The configuration file consists of multiple rules. Each rule has three parts. # starts with a comment. Each rule is divided into three parts to specify the facility, severity, and the measures to be taken. Rules are combined.

The following rules specify the facility as mail, and the severity as the/var/log/mail. Err file for logs above err, while logs below err are ignored:
Mail. Err/var/log/mail. Err

Facility and severity can be separated by commas (,) and can be specified with wildcards:
Auth, authpriv. */var/log/auth. Log

There can be multiple combinations of facility and severity, which are separated by semicolons. Adding a minus sign before the file indicates that the log is not written to the file immediately, but accumulating certain conditions in the buffer before writing, this improves performance, but data may be lost on the machine:
*. *; Auth, authpriv. None-/var/log/syslog

You can send a Syslog message to port 514 of the syslog server through UDP:
*. Err @

When an error occurs, screen on the console:
*. Err/dev/console

Log format 
Syslogs sent out of Debian 4.0 end with a line break \ n, with no host name and time. For example:
<38> su [2257]: (pam_unix) session opened for user root by root (uid = 0)
<30> dhclient: bound to -- renewal in 878 seconds.

Sample (/var/log/auth. Log) in the local syslog log file, with host name and time, but no facility and severity
Oct 8 22:36:56 Debian sshd [2261]: (pam_unix) session opened for user root by root (uid = 0)

The SYSLOG forwarded by rsyslogd of Fedora does not end with a line break \ n.

Finally, the default syslog. conf file for debian4.0 is provided:

#/Etc/syslog. conf configuration file for syslogd.
# For more information see syslog. conf (5)
# Manpage.

# First some standard logfiles. log by facility.

Auth, authpriv. */var/log/auth. Log
*. *; Auth, authpriv. None-/var/log/syslog
# Cron. */var/log/cron. Log
Daemon. *-/var/log/daemon. Log
Kern. *-/var/log/Kern. Log
LPR. *-/var/log/lpr. Log
Mail. *-/var/log/mail. Log
User. *-/var/log/user. Log
Uucp. */var/log/uucp. Log

# Logging for the mail system. Split it up so that
# It is easy to write scripts to parse these files.
Mail. Warn-/var/log/mail. Warn
Mail. Err/var/log/mail. Err

# Logging for INN news system
News. crit/var/log/news. crit
News. Err/var/log/news. Err
News. Notice-/var/log/news. Notice

# Some 'catch-all' logfiles.
*. = Debug ;\
Auth, authpriv. None ;\
News. None; mail. None-/var/log/debug
*. = Info; *. = notice; *. = warn ;\
Auth, authpriv. None ;\
Cron, daemon. None ;\
Mail, news. None-/var/log/messages

# Emergencies are sent to everybody logged in.
*. Emerg *

# I like to have messages displayed on the console, but only on a virtual
# Console I usually leave idle.
# Daemon, mail .*;\
# News. = crit; news. = err; news. = notice ;\
# *. = Debug; *. = Info ;\
# *. = Notice; *. = warn/dev/tty8

# The named pipe/dev/xconsole is for the 'xconsole' utility. To use it,
# You must invoke 'xconsole' with the '-file' option:
# $ Xconsole-file/dev/xconsole [...]
# Note: Adjust the list below, or you'll go crazy if you have a reasonably
# Busy site ..
Daemon. *; mail .*;\
News. crit; news. Err; news. Notice ;\
*. = Debug; *. = Info ;\
*. = Notice; *. = warn |/dev/xconsole

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.