Configuring syslogd

The behavior of syslogd is controlled by its configuration file, /etc/syslog.conf. This text file contains lines indicating what is to be logged and where. Each line contains directives in this form:

facility.level action

The directives are defined as follows:


This represents the creator of the message (that is, the kernel or a process) and is one of the following: auth (the facility security is equivalent to auth, but its use is deprecated), authpriv, cron, daemon, kern, lpr, mail, mark (the mark facility is meant for syslogd’s internal use only), news, syslog, user, uucp, or local0 through local7. The use of these facility designators allows you to control the destination of messages based on their origin. Facilities local0 through local7 are for any use you may wish to assign to them in your own programs and scripts. It’s possible that your distribution has assigned one or more of the local facilities already. Check your configuration before using a local facility.


Specifies a severity threshold beyond which messages are logged, and is one of the following (from lowest to highest severity): debug, info, notice, warning (or warn), err (or error), crit, alert, or emerg (or panic). (warn, error, and panic are all deprecated, but you might see them on older systems.) There is also a special level called none that will disable a facility. The level defines the amount of detail recorded in the logfile. A single period separates the facility from the level, ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.