LOG_EMERG A panic condition. This is normally broadcast to all users. LOG_ALERT A condition that should be corrected immediately, such as a corrupted system database. LOG_CRIT Critical conditions, e.g., hard device errors. LOG_ERR Errors. LOG_WARNING Warning messages. LOG_NOTICE Conditions that are not error conditions, but should possibly be handled specially. LOG_INFO Informational messages. LOG_DEBUG Messages that contain information normally of use only when debugging a program.
LOG_KERN Messages generated by the kernel. These cannot be generated by any user processes. LOG_USER Messages generated by random user processes. This is the default facility identifier if none is specified. LOG_MAIL The mail system. LOG_DAEMON System daemons, such as routed(1M), ftpd(1M), rshd(1M), etc. LOG_AUTH The authorization system: login(1), su(1M), getty(1M), etc. ftpd(1M), and rshd(1M) also use LOG_AUTH. LOG_LPR The line printer spooling system: lpr(1), lpd(1M), etc. LOG_LOCAL0 Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7.
Syslog uses notation of
/ A filename (beginning with a leading slash). The file will be opened in append mode. @ A hostname preceded by an at sign (``@''). Selected messages are forwarded to the syslogd on the named host. Letter A comma-separated list of users. Selected messages are written to those users if they are logged in. * An asterisk. Selected messages are written to all logged-in users. | A |, followed immediately by a program name, which is taken to be all chars after the | up to the next tab; at least one action must follow the tab. The filter is expected to read stdin, and write the filtered response to stdout. If the filter exits with a non-zero value, the original message is logged, as well as a message that the filter failed. The filter has a limited time (currently 8 seconds) to process the message. If the filter exits with status 0 without writing any data, no message is logged. The data to be read by the filter is not terminated with a newline, nor should the data written have a newline appended.
A sample file might look like this:
# SGI distributed syslog.conf file # # Formats: selectorThe level
action # selector filter action kern.debug |/usr/adm/klogpp /usr/adm/SYSLOG #kern.err;user.info;auth.info;lpr.notice;mail.debug @loghost *.debug @loghost *.debug;user.none;auth.none;local1.none;local2.none;lpr.notice;mail.debug /usr/adm/SYSLOG local2.debug /usr/adm/aguslog kern.none /usr/adm/SYSLOG
Feb 27 01:01:04 umbc9 syslogd: restart Feb 27 01:01:14 umbc9 telnetd: connect from annex3.umbc.edu Feb 27 01:02:15 umbc9 rlogind: connect from annex1.umbc.edu Feb 27 01:02:44 umbc9 lpd: /usr/adm/acsps-errs: No such file or directory Feb 27 01:07:08 umbc9 telnetd: connect from annex1.umbc.edu Feb 27 01:08:06 umbc9 rlogind: connect from annex1.umbc.edu Feb 27 01:10:28 umbc9 rshd: connect from email@example.com Feb 27 01:10:30 umbc9 rlogind: connect from firstname.lastname@example.org Feb 27 01:13:01 umbc9 sendmail: BAA02041: email@example.com, delay=00:00:02, mailer=nullclient, relay=mailhub1.gl.umbc.edu. (126.96.36.199), stat=Sent (BAA04370 Message accepted for delivery) Feb 27 02:10:33 umbc9 in.fingerd: connect from firstname.lastname@example.org Feb 27 02:10:58 umbc9 in.fingerd: connect from email@example.com Feb 27 02:12:30 umbc9 in.fingerd: connect from firstname.lastname@example.org Feb 27 02:27:28 umbc9 telnetd: connect from email@example.com Feb 27 02:39:31 umbc9 in.fingerd: connect from mcl.mcl.ucsb.edu Feb 27 05:00:49 umbc9 fsr: %frag after %free after npass fs Feb 27 05:00:49 umbc9 fsr: 1.16 1.02 0.16 0.05 7 /dev/root Feb 27 05:00:49 umbc9 fsr: NaN NaN 0.00 0.00 7 /dev/dsk/ dks1d1s6 Feb 27 05:00:49 umbc9 fsr: 0.72 0.24 0.01 0.01 7 /dev/dsk/ dks1d1s1 Feb 27 05:00:49 umbc9 fsr: 1.78 1.77 0.03 0.02 7 /dev/usr Feb 27 05:00:49 umbc9 fsr: 1.48 1.48 0.02 0.02 8 /dev/dsk/ dks1d2s7 Feb 27 15:18:14 umbc9 ypxfr: Can't get master of mail.aliases. Reason: no such map in server's domain.The format of messages is as follows:
Date Time hostname application message
The first message always logged is by the syslog deamon itself places
a time stamp on when the deamon was started. The connect messages that are
logged after than are generated by a public domain package we have
SU 03/07 17:00 - ttyq18 nicholas-shollo1 SU 03/07 17:22 + ttyq35 jack-root
(Wed Nov 16 18:03:44 1994) /usr/lib/lpd: cp1ln03: cannot open /dev/tty53 (Socket is already connected) (Mon Jan 9 15:00:47 1995) /usr/lib/lpd: cp1ln03: cannot open /dev/tty53 (Socket is already connected)
Mar 7 04:05:12 ds1.gl.umbc.edu sendmail: EAA20177: to=
, ctladdr= (29074/32), delay=00:00:57, mailer=smtp, relay=merle.acns.nwu.edu. , stat=Deferred: Name server: merle.acns.nwu.edu .: host name lookup failure