*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> syslogd (8)              
Title
Content
Arch
Section
 

syslogd(8)

Contents


NAME    [Toc]    [Back]

       syslogd - Logs system messages

SYNOPSIS    [Toc]    [Back]

       /usr/sbin/syslogd  [-b  rcv-buf-size]  [-d]  [-e] [-E] [-f
       cfg-file] [-m mk-interval] [-p path] [-r] [-R] [-s]

OPTIONS    [Toc]    [Back]

       Specifies the size in Kbytes of the socket receive buffer.
       The default and maximum is 128 Kb. If you attempt to specify
 a larger size buffer it is  automatically  reduced  to
       128  Kb.  Setting the buffer to a small value could result
       in messages being lost  during  periods  of  high  logging
       activity.  Turns on the debugging feature.  Specifies that
       events are to be posted to the Event Manager, EVM. This is
       the   default  behavior  and  the  syslogd  daemon  always
       restarts in event forwarding mode unless you  specify  the
       -E option.  Turns off the default posting of events to the
       Event Manager, EVM.  Specifies an alternate  configuration
       file.   Specifies  the mark interval.  Specifies the pathname
 of the UNIX domain socket to be used in  making  connections
  to the syslogd daemon.  The default is /dev/log.
       You should not change this  default  in  normal  operation
       because  the client functions syslog and openlog. See syslog(3) and openlog(3) reference pages.  Allows the syslogd
       daemon  to create an inet port for remote access.  This is
       the default behavior.  Use the -R option  to  prevent  the
       syslogd daemon from creating an inet port.    If you specify
 the -r and -R options together, the last one specified
       takes precedence.  Prevents the syslogd daemon from creating
 an inet port.  Using the -R option prevents all remote
       access.  Remote  systems cannot send messages to be logged
       locally, and the local daemon cannot send messages  to  be
       logged  remotely.   If  you  specify the -r and -R options
       together, the last one specified takes  precedence.   Disables
 the posting of events to the console.

DESCRIPTION    [Toc]    [Back]

       The  syslogd  daemon  reads  and logs messages to a set of
       files  described  in  the  /etc/syslog.conf  configuration
       file.

       Each  message  logged  consists of one line. A message can
       contain a priority code,  marked  by  a  number  in  angle
       braces  at  the  beginning  of  the  line.  Priorities are
       defined in the  /usr/include/sys/syslog_pri.h  file.   The
       syslogd daemon reads from the domain socket /dev/log, from
       an Internet domain socket specified in /etc/services,  and
       from the special device /dev/klog, which reads kernel messages.
 The syslogd daemon configures when it starts up and
       when it receives a hangup (SIGHUP) signal.  To reconfigure
       the daemon, use the ps command to  identify  the  daemon's
       process  identifier  (PID) and then use the following command:
 # kill -HUP pid

       (The PID of the daemon is also recorded  in  /var/run/syslog.pid).
  This  command  causes  the  daemon  to read the
       revised configuration file.

       The /etc/syslog.conf file contains  entries  that  specify
       the  facility  (the  part of the system that generated the
       error), the error message severity level, and the destination
 to which the syslogd daemon sends the messages.  Each
       line of the /etc/syslog.conf file contains an entry.

       The following is an example of an /etc/syslog.conf file:

       # # syslogd config file # #  facilities:  kern  user  mail
       daemon  auth  syslog  lpr binary # priorities: emerg alert
       crit   err   warning   notice   info   debug    kern.debug
       /var/adm/syslog/kern.log                        user.debug
       /var/adm/syslog/user.log                      daemon.debug
       /var/adm/syslog/daemon.log                      auth.debug
       /var/adm/syslog/auth.log                      syslog.debug
       /var/adm/syslog/syslog.log                  mail,lpr.debug
       /var/adm/syslog/misc.log                        binary.err
       /var/adm/binary.errlog                          msgbuf.err
       /var/adm/crash/msgbuf.savecore                  kern.debug
       /var/adm/messages   kern.debug                /dev/console
       *.emerg                 *

       The facility and its severity level must be separated by a
       period  (.).   You can specify more than one facility on a
       line by separating them with commas.  You can specify more
       than one facility and severity level on a line by separating
 them with semicolons.

       The facility and its severity level must be separated from
       the destination by one or more tab characters or spaces.

       If  you  specify  an asterisk (*) for a facility, messages
       generated by all parts of the system are logged. All  messages
 of the specified level and of a greater severity are
       logged. Blank lines and lines  beginning  with  #  (number
       sign) are ignored.

       For example:

       *.emerg;mail,daemon.crit          /var/adm/syslog/misc.log

       This line logs all facilities  at  the  emerg  level  (and
       higher) and the mail and daemon facilities at the crit (or
       higher) level to the /var/adm/syslog/misc.log  destination
       file.

       Known facilities and levels recognized by the syslogd daemon
  are  those  listed  in  /usr/include/sys/syslog_pri.h
       without  the  leading  LOG_.  The additional facility mark
       has a message at priority LOG_INFO sent  to  it  every  20
       minutes  (this  may  be  changed with the -m option).  The
       mark facility is not enabled by a facility field  containing
 an * (asterisk). The level none may be used to disable
       a particular facility. For example:

       *.debug;mail.none              /var/adm/syslog/misc.log

       The previous entry sends all messages except mail messages
       to the /var/adm/syslog/misc.log file.

       There  are four possibilities for the message destination:
       A filename that begins with a leading / (slash). The  syslogd
 daemon will open the file in append mode.  A hostname
       preceded by an @ (at sign).  Selected  messages  are  forwarded
  to  the syslogd daemon on the named host.  A comma
       separated list of users.  Selected messages are written to
       those  users  if  they  are  logged  in.  An * (asterisk).
       Selected messages are written to all users who are  logged
       in.

       For example:

       kern,mark.debug     /dev/console
       *.notice;mail.info  /var/adm/syslog/mail
       *.crit    /var/adm/syslog/critical      kern.err  @ucbarpa
       *.emerg   *    *.alert   eric,kridle    *.alert;auth.warning
     ralph

       The preceding configuration file logs messages as follows:
       Logs all kernel messages and 20 minute marks onto the system
 console Logs all notice (or higher) level messages and
       all mail system messages except debug  messages  into  the
       file  /var/adm/syslog/mail Logs all critical messages into
       the /var/adm/syslog/critical file Forwards kernel messages
       of error severity or higher to ucbarpa.  Informs all users
       of any emergency messages, informs users eric  and  kridle
       of any alert messages, and informs user ralph of any alert
       message or any warning message (or higher) from the authorization
 system.

       Destinations  for  logged  messages  can be specified with
       full pathnames that begin with a leading /  (slash).   The
       syslogd  daemon then opens the specified file(s) in append
       mode. If the pathname to a syslogd daemon log file that is
       specified  in  the  syslog.conf  file  as  a /var/adm/syslog.dated/file,
 the syslogd daemon inserts a  date  directory,
  and  thus produces a day-by-day account of the messages
 received,  directly  above  file  in  the  directory
       structure.   Typically,  you  will want to divert messages
       separately, according to  facility,  into  files  such  as
       kern.log,  mail.log,  lpr.log,  and  debug.log.  The  file
       /var/adm/syslog.dated/current is a link to the most recent
       log file directory.

       If  some pathname other than /var/adm/syslog.dated/file is
       specified as the pathname to the logfile, the syslogd daemon
  does  not create the daily date directory.  For example,
 if you specify /var/adm/syslog/mail.log (without  the
       suffix  after syslog), the syslogd daemon simply logs messages
 to the mail.log file and allows this  file  to  grow
       indefinitely.

       The  syslogd daemon can recover the messages in the kernel
       syslog buffer that were not logged to the files  specified
       in  the  /etc/syslog.conf  file  because  a  system  crash
       occurred. The savecore command copies the buffer recovered
       from  the  dump  to the file specified in the "msgbuf.err"
       entry in the /etc/syslog.conf file.  When the syslogd daemon
  starts  up, it looks for this file and, if it exists,
       processes and then deletes the file.

   Configuration    [Toc]    [Back]
       The syslogd daemon acts as a central routing facility  for
       messages whose formats are determined by the programs that
       produce them.

       The syslogd daemon creates the /var/run/syslog.pid file if
       possible. The file contains a single line with its process
       ID. This can be used to kill or  reconfigure  the  syslogd
       daemon.  For  example,  if you modify the syslog.conf file
       and you want to implement the changes, use  the  following
       command:

       # kill -HUP `cat /var/run/syslog.pid`


       If  a  syslog.conf  configuration file does not exist, the
       syslogd daemon uses the following defaults:

       *.ERR          /dev/console *.PANIC        *

       The defaults log all error messages to the console and all
       panic  messages  (from the kernel) to all logged-in users.
       No files are written.

       To turn off printing of syslog messages  to  the  console,
       please refer to the syslog(1) reference page.

   Remote Message Forwarding    [Toc]    [Back]
       The syslog has a remote message forwarding function.  As a
       security  feature,  this  capability  is  turned  off   by
       default. If you intend to configure other hosts to forward
       syslog messages to a local host, use  the  su  command  to
       become  superuser (root) and manually create the /etc/syslog.auth
 file using a text editor on the local host.

       The /etc/syslog.auth file specifies which remote hosts are
       allowed  to  forward  syslog  messages  to the local host.
       Unless the domain host name of a remote host is  given  in
       the  local  /etc/syslog.auth file, the local host will not
       log any messages from that remote host. Note  that  if  no
       /etc/syslog.auth  file  exists on the local host, then any
       remote hosts that can establish a network connection  will
       be  able to log messages. See the syslog.auth(4) reference
       page for information.

   Event Management    [Toc]    [Back]
       By default, the syslogd daemon  initializes  with  the  -e
       option,  and its events are forwarded to the Event Management
 utility (EVM).  If the syslogd daemon  is  restarted,
       event  fowarding  also  restarts by default. If you do not
       want event forwarding to restart  automatically,  you  can
       turn it off using the -E option.

       Messages  from  the  syslogd  daemon  are converted to EVM
       events and notified to  the  EVM  daemon.   Refer  to  the
       EVM(5)  reference  page and System Administration for more
       information on EVM.

FILES    [Toc]    [Back]

       Specifies the command path  Configuration  file.   Process
       ID.   Specifies  what remote hosts can forward messages to
       the local host.  Contains configuration  information  that
       specifies  what  syslogd messages will be forwarded to the
       Event Manager, EVM.  Enables and disables printing to  the
       console  device.   The  name  of  the  domain datagram log
       socket.  Kernel log device.  The directory where daily log
       subdirectories reside.  A link to the directory containing
       the most recent daily log files.

SEE ALSO    [Toc]    [Back]

      
      
       Commands: logger(1), syslog(1), savecore(8).

       Functions: syslog(3), openlog(3).

       Files: syslog.auth(4), syslog.conf(4), syslog_evm.conf(4).

       Other: EVM(5).

       Network      Administration:      Connections,     Network
       Administration: Services, and System Administration.



                                                       syslogd(8)
[ Back ]
 Similar pages
Name OS Title
logrotate Linux rotates, compresses, and mails system logs
writesrv Tru64 Lets users send messages to and receive messages from a remote system
filterlog Tru64 Logs and reports system Correctable Read Data (CRD) memory errors on specific systems.
msgtql HP-UX maximum number of System V IPC messages in the system at any time
syslogd HP-UX log system messages
perror IRIX get system error messages
sys_siglist OpenBSD system signal messages
psignal OpenBSD system signal messages
perror FreeBSD system error messages
psignal FreeBSD system signal messages
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service