.TH SYSLOG 8 .SH NAME syslog \- log systems messages .SH SYNOPSIS /etc/syslog [ .BI \-m N ] [ .BI \-f name ] .SH DESCRIPTION .I Syslog reads datagrams from an IPC port (currently port 2222, for no good reason) and logs each line it reads into a set of files described by the configuration file /etc/syslog.conf. .I Syslog configures when it starts up and whenever it receives a hangup signal. .PP Each message is one line. A message can contain a priority code, marked by a digit in angle braces at the beginning of the line. Priorities are defined in , as follows: .IP LOG_ALERT \w'LOG_WARNING'u+2n this priority should essentially never be used. It applies only to messages that are so important that every user should be aware of them, e.g., a serious hardware failure. .IP LOG_SALERT messages of this priority should be issued only when immediate attention is needed by a qualified system person, e.g., when some valuable system resource dissappears. They get sent to a list of system people. .IP LOG_EMERG Emergency messages are not sent to users, but represent major conditions. An example might be hard disk failures. These could be logged in a separate file so that critical conditions could be easily scanned. .IP LOG_ERR these represent error conditions, such as soft disk failures, etc. .IP LOG_CRIT such messages contain critical information, but which can not be classed as errors, for example, 'su' attempts. Messages of this priority and higher are typically logged on the system console. .IP LOG_WARNING issued when an abnormal condition has been detected, but recovery can take place. .IP LOG_NOTICE something that falls in the class of "important information"; this class is informational but important enough that you don't want to throw it away casually. Messages without any priority assigned to them are typically mapped into this priority. .IP LOG_INFO information level messages. These messages could be thrown away without problems, but should be included if you want to keep a close watch on your system. .IP LOG_DEBUG it may be useful to log certain debugging information. Normally this will be thrown away. .PP It is expected that the kernel will not log anything below LOG_ERR priority. (Note: kernel logging is not implemented at this time.) .PP The configuration file is in two sections seperated by a blank line. The first section defines files that .I syslog will log into. Each line contains a single digit which defines the lowest priority (highest numbered priority) that this file will receive, an optional asterisk which guarantees that something gets output at least every 20 minutes, and a pathname. The second part of the file contains a list of users that will be informed on SALERT level messages. For example, the configuration file: .nf 5*/dev/console 8/usr/spool/adm/syslog 3/usr/adm/critical eric kridle kalash .fi logs all messages of priority 5 or higher onto the system console, including timing marks every 20 minutes; all messages of priority 8 or higher into the file /usr/spool/adm/syslog; and all messages of priority 3 or higher into /usr/adm/critical. The users ``eric'', ``kridle'', and ``kalash'' will be informed on any subalert messages. .PP The flags are: .IP \-m 0.5i Set the mark interval to .I N (default 20 minutes). .IP \-f Specify an alternate configuration file. .IP \-d Turn on debugging (if compiled in). .PP To bring .I syslog down, it should be sent a terminate signal. It logs that it is going down and then waits approximately 30 seconds for any additional messages to come in. .PP There are some special messages that cause control functions. ``<*>N'' sets the default message priority to .I N. ``<$>'' causes .I syslog to reconfigure (equivalent to a hangup signal). This can be used in a shell file run automatically early in the morning to truncate the log. .SH FILES /etc/syslog.conf \- the configuration file .SH BUGS LOG_ALERT and LOG_SUBALERT messages should only be allowed to privileged programs. .PP Actually, .I syslog is not clever enough to deal with kernel error messages. .SH SEE\ ALSO syslog(3)