xref: /openbsd-src/usr.sbin/syslogd/syslog.conf.5 (revision db3296cf5c1dd9058ceecc3a29fe4aaa0bd26000) 
1.\" Copyright (c) 1990, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     from: @(#)syslog.conf.5	8.1 (Berkeley) 6/9/93
29.\"     $OpenBSD: syslog.conf.5,v 1.12 2003/06/26 18:28:00 jmc Exp $
30.\"	$NetBSD: syslog.conf.5,v 1.4 1996/01/02 17:41:46 perry Exp $
31.\"
32.Dd June 9, 1993
33.Dt SYSLOG.CONF 5
34.Os
35.Sh NAME
36.Nm syslog.conf
37.Nd
38.Xr syslogd 8
39configuration file
40.Sh DESCRIPTION
41The
42.Nm syslog.conf
43file is the configuration file for the
44.Xr syslogd 8
45program.
46It consists of blocks of lines separated by
47.Em program
48specifications, with each line containing two fields: the
49.Em selector
50field which specifies the types of messages and priorities to which the
51line applies, and an
52.Em action
53field which specifies the action to be taken if a message
54.Xr syslogd
55receives matches the selection criteria.
56The
57.Em selector
58field is separated from the
59.Em action
60field by one or more tab characters.
61.Pp
62The
63.Em selectors
64function
65is encoded as a
66.Em facility ,
67a period
68.Pq Ql \&. ,
69and a
70.Em level ,
71with no intervening whitespace.
72Both the
73.Em facility
74and the
75.Em level
76are case insensitive.
77.Pp
78The
79.Em facility
80describes the part of the system generating the message, and is one of
81the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail,
82mark, news, syslog, user, uucp and local0 through local7.
83These keywords (with the exception of mark) correspond to the
84similar
85.Dq Dv LOG_
86values specified to the
87.Xr openlog 3
88and
89.Xr syslog 3
90library routines.
91.Pp
92The
93.Em level
94describes the severity of the message, and is a keyword from the
95following ordered list (highest to lowest): emerg, alert, crit, err,
96warning, notice, info and debug.
97These keywords correspond to the
98similar
99.Pq Dv LOG_
100values specified to the
101.Xr syslog
102library routine.
103.Pp
104Each block of lines is separated from the previous block by a tag.
105The tag is a line beginning with
106.Em !prog
107and each block will be associated with calls to syslog from that specific
108program.
109.Pp
110See
111.Xr syslog 3
112for further descriptions of both the
113.Em facility
114and
115.Em level
116keywords and their significance.
117It's preferred that selections be made on
118.Em facility
119rather than
120.Em program ,
121since the latter can easily vary in a networked environment.
122In some cases, though, an appropriate
123.Em facility
124simply doesn't exist.
125.Pp
126If a received message matches the specified
127.Em facility
128and is of the specified
129.Em level
130.Pq Em or a higher level ,
131and the first word in the message after the date matches the
132.Em program ,
133the action specified in the
134.Em action
135field will be taken.
136.Pp
137Multiple
138.Em selectors
139may be specified for a single
140.Em action
141by separating them with semicolon
142.Pq Ql \&;
143characters.
144It is important to note, however, that each
145.Em selector
146can modify the ones preceding it.
147.Pp
148Multiple
149.Em facilities
150may be specified for a single
151.Em level
152by separating them with comma
153.Pq Ql \&,
154characters.
155.Pp
156An asterisk
157.Pq Ql *
158can be used to specify all
159.Em facilities ,
160all
161.Em levels
162or all
163.Em programs .
164.Pp
165The special
166.Em facility
167.Dq mark
168receives a message at priority
169.Dq info
170every 20 minutes (see
171.Xr syslogd 8 ) .
172This is not enabled by a
173.Em facility
174field containing an asterisk.
175.Pp
176The special
177.Em level
178.Dq none
179disables a particular
180.Em facility .
181.Pp
182The
183.Em action
184field of each line specifies the action to be taken when the
185.Em selector
186field selects a message.
187There are four forms:
188.Bl -bullet
189.It
190A pathname (beginning with a leading slash).
191Selected messages are appended to the file.
192.It
193A hostname (preceded by an at
194.Pq Ql @
195sign).
196Selected messages are forwarded to the
197.Xr syslogd
198program on the named host.
199.It
200A comma separated list of users.
201Selected messages are written to those users
202if they are logged in.
203.It
204An asterisk.
205Selected messages are written to all logged-in users.
206.El
207.Pp
208Blank lines and lines whose first non-blank character is a hash
209.Pq Ql #
210character are ignored.
211.Sh FILES
212.Bl -tag -width /etc/syslog.conf -compact
213.It Pa /etc/syslog.conf
214The
215.Xr syslogd 8
216configuration file.
217.El
218.Sh EXAMPLES
219A configuration file might appear as follows:
220.Bd -literal
221# Log all kernel messages, authentication messages of
222# level notice or higher and anything of level err or
223# higher to the console.
224# Don't log private authentication messages!
225*.err;kern.*;auth.notice;authpriv.none	/dev/console
226
227# Log anything (except mail) of level info or higher.
228# Don't log private authentication messages!
229*.info;mail.none;authpriv.none		/var/log/messages
230
231# The authpriv file has restricted access.
232authpriv.*						/var/log/secure
233
234# Log all the mail messages in one place.
235mail.*							/var/log/maillog
236
237# Everybody gets emergency messages, plus log them on another
238# machine.
239*.emerg							*
240*.emerg							@arpa.berkeley.edu
241
242# Root and Eric get alert and higher messages.
243*.alert							root,eric
244
245# Save mail and news errors of level err and higher in a
246# special file.
247mail,news.err						/var/log/spoolerr
248
249# Save ftpd transactions along with mail and news
250!ftpd
251*.*                                                     /var/log/spoolerr
252.Ed
253.Sh SEE ALSO
254.Xr syslog 3 ,
255.Xr syslogd 8
256.Sh HISTORY
257The
258.Nm
259file appeared in
260.Bx 4.3 ,
261along with
262.Xr syslogd 8 .
263.Sh BUGS
264The effects of multiple selectors are sometimes not intuitive.
265For example
266.Dq mail.crit;*.err
267will select
268.Dq mail
269facility messages at the level of
270.Dq err
271or higher, not at the level of
272.Dq crit
273or higher.
274