The syslogd daemon logs system messages to various log files in /var/log.
Configuration
The configuration file for syslogd is:
/etc/syslog.conf
The syntax contains two columns, selectors (what to log) and actions (where to log) separated by spaces or tabs. The selectors consist of facilities and priorities of the form facility.priority. There can be multiple selectors on the same line.
If the log file name is preceded by a "-", then the system does not sync the file (flush all writes to disk) after every write. This improves performance, but may cause loss of the end of the file if the system crashes.
Messages can be sent to a tty, /dev/console, or a remote machine (requires configuration of the receiving syslog machine). Messages can be sent to a user or users by specifying their login name in the action field, or * for all users. Often, emerg level messages are sent to all users in case something bad is about to happen to the machine (like it is being shutdown).
Here are the valid priorities in ascending order:
- debug
- info
- notice
- warning (warn)
- err (error)
- crit
- alert
- emerg (panic)
The keywords error, warn, and panic are deprecated and should not be used. The system will log at the specified priority level AND HIGHER.
For example, this line sends all mail messages to /var/log/mail:
mail.* -/var/log/mail
Remote Logging
To forward messages to a remote host, use @hostname as the destination:
*.* @logger
To enable a remote log machine to accept network messages, start syslogd with the -r option. Messages are received on UDP port 514.
