xref: /netbsd-src/usr.sbin/syslogd/syslog.conf.5 (revision 001c68bd94f75ce9270b69227c4199fbf34ee396) 
1.\"	$NetBSD: syslog.conf.5,v 1.10 2003/07/02 08:33:22 wiz Exp $
2.\"
3.\" Copyright (c) 1990, 1991, 1993
4.\"	The Regents of the University of California.  All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\"    must display the following acknowledgement:
16.\"	This product includes software developed by the University of
17.\"	California, Berkeley and its contributors.
18.\" 4. Neither the name of the University nor the names of its contributors
19.\"    may be used to endorse or promote products derived from this software
20.\"    without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\"     from: @(#)syslog.conf.5	8.1 (Berkeley) 6/9/93
35.\"
36.Dd June 9, 1993
37.Dt SYSLOG.CONF 5
38.Os
39.Sh NAME
40.Nm syslog.conf
41.Nd
42.Xr syslogd 8
43configuration file
44.Sh DESCRIPTION
45The
46.Nm
47file is the configuration file for the
48.Xr syslogd 8
49program.
50It consists of lines with two fields: the
51.Em selector
52field which specifies the types of messages and priorities to which the
53line applies, and an
54.Em action
55field which specifies the action to be taken if a message
56.Xr syslogd 8
57receives matches the selection criteria.
58The
59.Em selector
60field is separated from the
61.Em action
62field by one or more tab characters.
63.Pp
64The
65.Em Selectors
66function
67are encoded as a
68.Em facility ,
69a period
70.Pq Sq \&. ,
71and a
72.Em level ,
73with no intervening white-space.
74Both the
75.Em facility
76and the
77.Em level
78are case insensitive.
79.Pp
80The
81.Em facility
82describes the part of the system generating the message, and is one of
83the following keywords: auth, authpriv, cron, ftp, daemon, kern, lpr,
84mail, mark, news, syslog, user, uucp and local0 through local7.
85These keywords (with the exception of mark) correspond to the
86similar
87.Dq Dv LOG_
88values specified to the
89.Xr openlog 3
90and
91.Xr syslog 3
92library routines.
93.Pp
94The
95.Em level
96describes the severity of the message, and is a keyword from the
97following ordered list (higher to lower): emerg, alert, crit, err,
98warning, notice, info and debug.
99These keywords correspond to the
100similar
101.Pq Dv LOG_
102values specified to the
103.Xr syslog 3
104library routine.
105.Pp
106See
107.Xr syslog 3
108for a further descriptions of both the
109.Em facility
110and
111.Em level
112keywords and their significance.
113.Pp
114If a received message matches the specified
115.Em facility
116and is of the specified
117.Em level
118.Em (or a higher level) ,
119the action specified in the
120.Em action
121field will be taken.
122.Pp
123Multiple
124.Em selectors
125may be specified for a single
126.Em action
127by separating them with semicolon
128.Pq Sq \&;
129characters.
130It is important to note, however, that each
131.Em selector
132can modify the ones preceding it.
133.Pp
134Multiple
135.Em facilities
136may be specified for a single
137.Em level
138by separating them with comma
139.Pq Sq \&,
140characters.
141.Pp
142An asterisk
143.Pq Sq \&*
144can be used to specify all
145.Em facilities
146or all
147.Em levels .
148.Pp
149The special
150.Em facility
151.Dq mark
152receives a message at priority
153.Dq info
154every 20 minutes
155(see
156.Xr syslogd 8 ) .
157This is not enabled by a
158.Em facility
159field containing an asterisk.
160.Pp
161The special
162.Em level
163.Dq none
164disables a particular
165.Em facility .
166.Pp
167The
168.Em action
169field of each line specifies the action to be taken when the
170.Em selector
171field selects a message.
172There are four forms:
173.Bl -bullet
174.It
175A pathname (beginning with a leading slash).
176Selected messages are appended to the file.
177.It
178A hostname (preceded by an at
179.Pq Sq @
180sign).
181Selected messages are forwarded to the
182.Xr syslogd 8
183program on the named host.
184.It
185A comma separated list of users.
186Selected messages are written to those users
187if they are logged in.
188.It
189An asterisk.
190Selected messages are written to all logged-in users.
191.El
192.Pp
193Blank lines and lines whose first non-blank character is a hash
194.Pq Sq #
195character are ignored.
196.Sh FILES
197.Bl -tag -width /etc/syslog.conf -compact
198.It Pa /etc/syslog.conf
199The
200.Xr syslogd 8
201configuration file.
202.El
203.Sh EXAMPLES
204A configuration file might appear as follows:
205.Bd -literal
206# Log all kernel messages, authentication messages of
207# level notice or higher and anything of level err or
208# higher to the console.
209# Don't log private authentication messages!
210*.err;kern.*;auth.notice;authpriv.none	/dev/console
211
212# Log anything (except mail) of level info or higher.
213# Don't log private authentication messages!
214*.info;mail.none;authpriv.none		/var/log/messages
215
216# The authpriv file has restricted access.
217authpriv.*						/var/log/secure
218
219# Log all the mail messages in one place.
220mail.*							/var/log/maillog
221
222# Everybody gets emergency messages, plus log them on another
223# machine.
224*.emerg							*
225*.emerg							@arpa.berkeley.edu
226
227# Root and Eric get alert and higher messages.
228*.alert							root,eric
229
230# Save mail and news errors of level err and higher in a
231# special file.
232mail,news.err						/var/log/spoolerr
233.Ed
234.Sh SEE ALSO
235.Xr syslog 3 ,
236.Xr syslogd 8
237.Sh HISTORY
238The
239.Nm
240file appeared in
241.Bx 4.3 ,
242along with
243.Xr syslogd 8 .
244.Sh BUGS
245The effects of multiple selectors are sometimes not intuitive.
246For example
247.Dq mail.crit;*.err
248will select
249.Dq mail
250facility messages at
251the level of
252.Dq err
253or higher, not at the level of
254.Dq crit
255or higher.
256