Managing System Logs
The syslogd utility
logs various kinds of system activity, such as debugging output from
sendmail and warnings printed by the kernel.
syslogd runs as a daemon and is usually started in
one of the
rc files at boot time.
/etc/syslog.conf is used to control where
syslogd records information. Such a file might
look like the following (even though they tend to be much more
complicated on most systems):
*.info;*.notice /var/log/messages mail.debug /var/log/maillog *.warn /var/log/syslog kern.emerg /dev/console
The first field of each line lists the kinds of messages that should be logged, and the second field lists the location where they should be logged. The first field is of the format:
facility is the system application
or facility generating the message, and
level is the severity of the message.
facility can be
kern (for the kernel),
(for user programs), or
auth (for authentication
programs such as login or su).
An asterisk in this field specifies all facilities.
level can be (in increasing severity):
In the previous
/etc/syslog.conf, we see that
all messages of severity
notice are logged to
messages from the mail daemon are logged to
/var/log/maillog, and all
warn messages are logged to
/var/log/syslog. Also, any
emerg warnings from the kernel are sent to the console ...