9.27. Directing System Messages to Log Files (syslog)
You want to configure the system logger to use an organized collection of log files.
Set up /etc/syslog.conf for local logging:
/etc/syslog.conf: # Messages of priority info or higher, that are not logged elsewhere *.info;\ mail,authpriv,cron.none;\ local0,local1,local2,local3,local4,local5,local6,local7.none \ /var/log/messages # Messages of priority debug, that are not logged elsewhere *.=debug;\ mail,authpriv,cron.none;\ local0,local1,local2,local3,local4,local5,local6,local7.none \ -/var/log/debug # Facilities with log files that require restricted access permissions mail.* /var/log/maillog authpriv.* /var/log/secure cron.* /var/log/cron # Separate log files for local use local0.* /var/log/local0 local1.* /var/log/local1 local2.* /var/log/local2 local3.* /var/log/local3 local4.* /var/log/local4 local5.* /var/log/local5 local6.* /var/log/local6 # Red Hat usurps the local7 facility for boot messages from init scripts local7.* /var/log/boot.log
After you modify /etc/syslog.conf, you must send a signal to force syslogd to reread it and apply your changes. Any of these will do:
# kill -HUP `pidof syslogd`
# kill -HUP `cat /var/run/syslogd.pid`
# /etc/init.d/syslog reload
# service syslog reload Red Hat
When your kernel needs to tell you something important, will you notice? If you are investigating a potential break-in last night, will you have all of the information you need? Staying informed requires ...