syslogd(ADM)


syslogd -- log system messages

Syntax

/etc/syslogd [ -fconfigfile ] [ -mmarkinterval ] [ -d ] [ -r ]

Description

bcheckrc(ADM) calls syslogd at system startup to start the logging of local and remote system error messages:

syslogd reads and logs messages to a set of files described by the configuration file /etc/syslog.conf. syslogd writes each line of an input message as one line of output. A message can contain a priority represented by the symbolic pair facility.level, or as a number calculated as (facility*8)+level (see the section ``Format of /etc/syslog.conf''). The priority is placed in angle braces at the beginning of the message line. Symbolic and numeric values for both facilities and priority levels are defined in /usr/include/sys/syslog.h.

syslogd can read from:

If possible, syslogd creates the file /etc/syslog.pid which contains syslogd's process ID. This file can be used to kill or reconfigure syslogd.

syslogd rereads /etc/syslog.conf if it receives a hangup signal (SIGHUP; see kill(C)). It also attempts to open any input sources that are not currently open. If a log file is removed, syslogd stops logging any further messages there. The file must be re-created and syslogd restarted with a SIGHUP:

kill -HUP `cat /etc/syslog.pid`

The termination signal (SIGTERM) kills syslogd altogether:

kill -TERM `cat /etc/syslog.pid`

syslogd understands the following options:


-d
Turn on debugging.

-fconfigfile
Specify an alternate configuration file.

-mmarkinterval
Select the number of minutes between mark messages.

-r
service messages from remote systems (via syslog port).

Format of /etc/syslog.conf

Lines in the default configuration file, /etc/syslog.conf, have the following format:

selector[;selector...]  action

The selectors determine the message priorities to which the line applies. The selectors are separated by semicolons. The action field is separated from the selectors by one or more tabs.

Blank lines and lines beginning with ``#'' are ignored.

A selector is a list of facilities corresponding to the subsystems that generated the message, and a priority level at or above which the action is to be applied to messages from these subsystems:

facility[;facility...].priority

The facilities are separated by commas. The list of facilities and the priority level are separated by a single period (.).

If a facility is specified as an asterisk (*), this selects all facilities whose messages are at or above the specified priority level.

Facilities

Facilities recognized by syslogd are defined in the array facilitynames in /usr/include/sys/syslog.h:

auth
Messages generated by programs that authenticate users' primary and secondary authorizations.

authpriv
Messages generated by programs that authenticate users' system privileges.

cron
Messages from cron.

daemon
Messages from system daemons.

kern
Messages from the kernel.

local0 -- local7
Messages reserved for local use.

lpr
Messages from the line printer spooling system.

mail
Messages from the mail system.

mark
Timemarks generated internally by syslogd every 20 minutes at priority LOG_INFO. The interval may be changed using the -m option.

news
Messages from the network news system.

syslog
Messages generated internally by syslogd.

user
Messages generated by user processes. This is the default facility if none is specified in /etc/syslog.conf.

uucp
Messages generated by programs that deal with UUCP. .syslog(SLIB-osr5)

Priority levels

Priority levels recognized by syslogd are defined in the array prioritynames in /usr/include/sys/syslog.h. They are listed here in order of highest to lowest severity:

emerg
Highest severity: a panic condition indicating that the system is unusable. This is normally broadcast to all users.

alert
A condition that should be corrected immediately, such as a corrupted system database.

crit
Critical conditions, for example, hard device errors.

err
Error conditions.

warning
Warning conditions.

notice
Conditions that are not error conditions, but may require special handling.

info
Information only.

debug
Lowest severity: information normally of use only when debugging a program.

none
Disable messages from the associated facilities.

Actions

The action field describes where the message is to be logged if the line is selected. action can take one of the following forms:

pathname
Open the specified file or device file in append mode; the file must be specified by an absolute pathname beginning with a leading slash (/).

@hostname
Forward selected messages to syslogd on the host named by hostname.

user[,user]...
Write selected messages to the comma-separated list of users if they are logged in.

*
Write selected messages to all logged-in users.

Examples

Messages from several facilities at different priority levels may be selected. Semicolons are used to separate the facilities that are at different priority levels. This example selects messages from all facilities at the emerg level, and messages from the mail and daemon facilities at the crit level or higher:
   *.emerg;mail,daemon.crit	action
Send all messages except mail messages to the specified absolute pathname:
   *.debug;mail.none	pathname
Log all kernel messages and 20 minute timemarks to the system console:
   kern,mark.debug	/dev/console
Log all notice (or higher) level messages and all mail system messages except debug messages to /usr/adm/syslog:
   *.notice;mail.info	/usr/adm/syslog
Log all critical or higher priority messages to /usr/adm/critical:
   *.crit	/usr/adm/critical
Forward error or higher priority messages from the kernel to laidbak:
   kern.err	@laidbak
Inform all users of any emergency or higher priority messages:
   *.emerg	*
Inform the users wmv and stevea of any alert or higher priority messages:
   *.alert	wmv, stevea
Inform the user maf of any alert or higher priority message, or any warning message or higher priority from the authorization subsystem:
   *.alert;auth.warning	maf

Limitations

The maximum line length that can be read from the configuration file is 1023 characters.

The maximum message line length is 119 characters.

Files


/dev/error
character device used to read kernel error messages

/dev/logfifo
FIFO device used to read local logging requests

/etc/syslog.conf
configuration file

/etc/syslog.pid
syslogd process ID

/dev/syslog
special device to which syslogd binds UNIX domain sockets

/usr/adm/messages
log for error messages

/usr/adm/hwconfig
log for device initialization messages

/usr/adm/syslog
default log file

See also

bcheckrc(ADM), error(HW), logger(C), syslog(SLIB-osr5)
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005