xref: /openbsd-src/usr.sbin/syslogd/syslog.conf.5 (revision b2ea75c1b17e1a9a339660e7ed45cd24946b230e) 
1.\" Copyright (c) 1990, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"     from: @(#)syslog.conf.5	8.1 (Berkeley) 6/9/93
33.\"     $OpenBSD: syslog.conf.5,v 1.8 2001/02/07 06:15:46 fgsch Exp $
34.\"	$NetBSD: syslog.conf.5,v 1.4 1996/01/02 17:41:46 perry Exp $
35.\"
36.Dd June 9, 1993
37.Dt SYSLOG.CONF 5
38.Os
39.Sh NAME
40.Nm syslog.conf
41.Nd
42.Xr syslogd 8
43configuration file
44.Sh DESCRIPTION
45The
46.Nm syslog.conf
47file is the configuration file for the
48.Xr syslogd 8
49program.
50It consists of blocks of lines separated by
51.Em program
52specifications, with each line containing two fields: the
53.Em selector
54field which specifies the types of messages and priorities to which the
55line applies, and an
56.Em action
57field which specifies the action to be taken if a message
58.Xr syslogd
59receives matches the selection criteria.
60The
61.Em selector
62field is separated from the
63.Em action
64field by one or more tab characters.
65.Pp
66The
67.Em Selectors
68function
69are encoded as a
70.Em facility ,
71a period
72.Pq Ql \&. ,
73and a
74.Em level ,
75with no intervening whitespace.
76Both the
77.Em facility
78and the
79.Em level
80are case insensitive.
81.Pp
82The
83.Em facility
84describes the part of the system generating the message, and is one of
85the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail,
86mark, news, syslog, user, uucp and local0 through local7.
87These keywords (with the exception of mark) correspond to the
88similar
89.Dq Dv LOG_
90values specified to the
91.Xr openlog 3
92and
93.Xr syslog 3
94library routines.
95.Pp
96The
97.Em level
98describes the severity of the message, and is a keyword from the
99following ordered list (higher to lower): emerg, alert, crit, err,
100warning, notice, info and debug.
101These keywords correspond to the
102similar
103.Pq Dv LOG_
104values specified to the
105.Xr syslog
106library routine.
107.Pp
108Each block of lines is separated from the previous block by a tag.
109The tag is a line beginning with
110.Em !prog
111and each block will be associated with calls to syslog from that specific
112program.
113.Pp
114See
115.Xr syslog 3
116for a further descriptions of both the
117.Em facility
118and
119.Em level
120keywords and their significance.
121It's preferred that selections be made on
122.Em facility
123rather than
124.Em program ,
125since the latter can easily vary in a networked environment.
126In some cases, though, an appropriate
127.Em facility
128simply doesn't exist.
129.Pp
130If a received message matches the specified
131.Em facility
132and is of the specified
133.Em level
134.Em (or a higher level) ,
135and the first word in the message after the date matches the
136.Em program ,
137the action specified in the
138.Em action
139field will be taken.
140.Pp
141Multiple
142.Em selectors
143may be specified for a single
144.Em action
145by separating them with semicolon
146.Pq Ql \&;
147characters.
148It is important to note, however, that each
149.Em selector
150can modify the ones preceding it.
151.Pp
152Multiple
153.Em facilities
154may be specified for a single
155.Em level
156by separating them with comma
157.Pq Ql \&,
158characters.
159.Pp
160An asterisk
161.Pq Ql *
162can be used to specify all
163.Em facilities ,
164all
165.Em levels
166or all
167.Em programs .
168.Pp
169The special
170.Em facility
171.Dq mark
172receives a message at priority
173.Dq info
174every 20 minutes (see
175.Xr syslogd 8 ) .
176This is not enabled by a
177.Em facility
178field containing an asterisk.
179.Pp
180The special
181.Em level
182.Dq none
183disables a particular
184.Em facility .
185.Pp
186The
187.Em action
188field of each line specifies the action to be taken when the
189.Em selector
190field selects a message.
191There are four forms:
192.Bl -bullet
193.It
194A pathname (beginning with a leading slash).
195Selected messages are appended to the file.
196.It
197A hostname (preceded by an at
198.Pq Ql @
199sign).
200Selected messages are forwarded to the
201.Xr syslogd
202program on the named host.
203.It
204A comma separated list of users.
205Selected messages are written to those users
206if they are logged in.
207.It
208An asterisk.
209Selected messages are written to all logged-in users.
210.El
211.Pp
212Blank lines and lines whose first non-blank character is a hash
213.Pq Ql #
214character are ignored.
215.Sh EXAMPLES
216A configuration file might appear as follows:
217.Bd -literal
218# Log all kernel messages, authentication messages of
219# level notice or higher and anything of level err or
220# higher to the console.
221# Don't log private authentication messages!
222*.err;kern.*;auth.notice;authpriv.none	/dev/console
223
224# Log anything (except mail) of level info or higher.
225# Don't log private authentication messages!
226*.info;mail.none;authpriv.none		/var/log/messages
227
228# The authpriv file has restricted access.
229authpriv.*						/var/log/secure
230
231# Log all the mail messages in one place.
232mail.*							/var/log/maillog
233
234# Everybody gets emergency messages, plus log them on another
235# machine.
236*.emerg							*
237*.emerg							@arpa.berkeley.edu
238
239# Root and Eric get alert and higher messages.
240*.alert							root,eric
241
242# Save mail and news errors of level err and higher in a
243# special file.
244uucp,news.crit						/var/log/spoolerr
245
246# Save ftpd transactions along with mail and news
247!ftpd
248*.*                                                     /var/log/spoolerr
249.Ed
250.Sh FILES
251.Bl -tag -width /etc/syslog.conf -compact
252.It Pa /etc/syslog.conf
253The
254.Xr syslogd 8
255configuration file.
256.El
257.Sh BUGS
258The effects of multiple selectors are sometimes not intuitive.
259For example
260.Dq mail.crit,*.err
261will select
262.Dq mail
263facility messages at the level of
264.Dq err
265or higher, not at the level of
266.Dq crit
267or higher.
268.Sh SEE ALSO
269.Xr syslog 3 ,
270.Xr syslogd 8
271.Sh HISTORY
272The
273.Nm
274file appeared in
275.Bx 4.3 ,
276along with
277.Xr syslogd 8 .
278