• The syslog system displays and records messages describing system events.

  • The syslog program is made up of two processes: syslogd, which logs user-level events, and klogd, which logs kernel events.

  • Messages can be placed on the console, in logfiles, and on the text screens of users.

  • Syslog is configured by /etc/syslog.conf in the form facility.level action:


    The creator of the message, selected from among auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, or local0 through local7.


    Specifies a severity threshold beyond which messages are logged and is one of (from lowest to highest severity) debug, info, notice, warning, err, crit, alert, or emerg. The special level none disables a facility.


    The destination for messages that correspond to a given selector. It can be a filename, @hostname, a comma-separated list of users, or an asterisk (meaning all logged-in users).

  • Together, facility.levels comprise the message selector.

  • Most syslog messages go to /var/log/messages.

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.