.TH SYSLOG 8 "14 November 1982"
.\" @(#)syslog.8 1.2 11/14/82
syslog \- log systems messages
reads a datagram socket and logs each line it reads into a set of files
described by the configuration file /etc/syslog.conf.
configures when it starts up and whenever it receives a hangup signal.
Each message is one line.
A message can contain a priority code, marked by a digit in angle braces
at the beginning of the line.
Priorities are defined in
.IP LOG_ALERT \w'LOG_WARNING'u+2n
this priority should essentially never be used. It applies only to
messages that are so important that every user should be
aware of them, e.g., a serious hardware failure.
messages of this priority should be issued only when immediate attention
is needed by a qualified system person, e.g., when some
valuable system resource dissappears. They get
sent to a list of system people.
Emergency messages are not sent to users,
but represent major conditions. An example
might be hard disk failures. These could be
logged in a separate file so that critical
conditions could be easily scanned.
these represent error conditions, such as soft disk failures, etc.
such messages contain critical information,
but which can not be classed as errors, for example, 'su' attempts.
Messages of this priority and higher are typically logged on the system console.
issued when an abnormal condition has been
detected, but recovery can take place.
something that falls in the class of
"important information"; this class is informational
but important enough that you don't want to throw it away casually.
Messages without any priority assigned to them
are typically mapped into this priority.
information level messages. These messages
could be thrown away without problems, but should
be included if you want to keep a close watch on your system.
it may be useful to log certain debugging
information. Normally this will be thrown away.
It is expected that the kernel will not log anything below
The configuration file is in two sections separated by a blank line.
The first section defines files that
Each line contains a single digit which defines the lowest priority
(highest numbered priority) that this file will receive, an optional asterisk
which guarantees that something gets output at least every 20 minutes,
The second part of the file contains a list of users that will be
informed on SALERT level messages.
For example, the configuration file:
logs all messages of priority 5 or higher onto the system console,
including timing marks every 20 minutes; all messages of priority 8 or higher
into the file /usr/spool/adm/syslog; and all messages of priority 3 or higher
The users ``eric'', ``kridle'', and ``kalash''
will be informed on any subalert messages.
Specify an alternate configuration file.
Turn on debugging (if compiled in).
down, it should be sent a terminate signal.
It logs that it is going down and then waits approximately 30 seconds
for any additional messages to come in.
There are some special messages that cause control functions.
``<*>N'' sets the default message priority to
to reconfigure (equivalent to a hangup signal).
This can be used in a shell file run automatically
early in the morning to truncate the log.
creates the file /etc/syslog.pid if possible containing a single line
with its process id. This can be used to kill or reconfigure
can also be compiled to use
files instead of datagrams if you are running V7.
In this case it creates and reads the file /dev/log.
/etc/syslog.conf \- the configuration file
/etc/syslog.pid \- the process id
/dev/log \- under V7, the mpx file
LOG_ALERT and LOG_SUBALERT messages
should only be allowed to privileged programs.
is not clever enough to deal with kernel error messages
in the current implementation.