Steer Syslog
Make syslog work harder, and spend less time looking through huge log files.
The default syslog installation on many distributions
doesn’t do a very good job of filtering classes of
information into separate files. If you see a jumble of messages from
Sendmail, sudo, BIND, and other system services in
/var/log/messages, then you should probably
review your /etc/syslog.conf.
There are a number of
facilities and
priorities that syslog can
filter on. These
facilities include
auth, auth-priv,
cron, daemon,
kern, lpr,
mail, news,
syslog, user,
uucp, and local0 through
local7. In
addition, each facility can have one of eight priorities:
debug, info,
notice, warning,
err, crit,
alert, and emerg.
Note that applications decide for themselves at what facility and
priority to log (and the best apps let you choose), so they may not
be logged as you expect. Here’s a sample
/etc/syslog.conf that attempts to shuffle around
what gets logged where:
auth.warning /var/log/auth mail.err /var/log/maillog kern.* /var/log/kernel cron.crit /var/log/cron *.err;mail.none /var/log/syslog *.info;auth.none;mail.none /var/log/messages #*.=debug /var/log/debug local0.info /var/log/cluster local1.err /var/log/spamerica
All of the lines in this example will log the specified priority (or
higher) to the respective file. The special priority
none tells syslog not to bother logging the
specified facility at all. The local0 through
local7 facilities are supplied for use with your own programs, however you ...