-.RI < syslog.h >,
-as follows:
-.IP LOG_ALERT \w'LOG_WARNING'u+2n
-this priority should essentially never
-be used. It applies only to messages that
-are so important that every user should be
-aware of them, e.g., a serious hardware failure.
-.IP LOG_SALERT
-messages of this priority should be
-issued only when immediate attention is needed
-by a qualified system person, e.g., when some
-valuable system resource dissappears. They get
-sent to a list of system people.
-.IP LOG_EMERG
-Emergency messages are not sent to users,
-but represent major conditions. An example
-might be hard disk failures. These could be
-logged in a separate file so that critical
-conditions could be easily scanned.
-.IP LOG_ERR
-these represent error conditions, such as soft
-disk failures, etc.
-.IP LOG_CRIT
-such messages contain critical information,
-but which can not be classed as errors, for example,
-`su' attempts.
-Messages of this priority and higher
-are typically logged on the system console.
-.IP LOG_WARNING
-issued when an abnormal condition has been
-detected, but recovery can take place.
-.IP LOG_NOTICE
-something that falls in the class of
-``important information''; this class is informational
-but important enough that you don't want to throw
-it away casually.
-Messages without any priority assigned to them
-are typically mapped into this priority.
-.IP LOG_INFO
-information level messages. These messages
-could be thrown away without problems, but should
-be included if you want to keep a close watch on
-your system.
-.IP LOG_DEBUG
-it may be useful to log certain debugging
-information. Normally this will be thrown away.
+.RI < sys/syslog.h >.
+.I Syslogd
+reads from the UNIX domain socket
+.IR /dev/log ,
+from an Internet domain socket specified in
+.IR /etc/services ,
+and from the special device
+.I /dev/klog
+(to read kernel messages).
+.PP
+.I Syslogd
+configures when it starts up
+and whenever it receives a hangup signal.
+Lines in the configuration file have a
+.I selector
+to determine the message priorities to which the line applies
+and an
+.IR action .
+The
+.I action
+field are separated from the selector by one or more tabs.
+.PP
+Selectors are semicolon separated lists of priority specifiers.
+Each priority has a
+.I facility
+describing the part of the system that generated the message,
+a dot,
+and a
+.I level
+indicating the severity of the message.
+Symbolic names may be used.
+An asterisk selects all facilities.
+All messages of the specified level or higher (greater severity)
+are selected.
+More than one facility may be selected using commas to separate them.
+For example:
+.PP
+.ti +5
+*.emerg;mail,daemon.crit
+.PP
+Selects all facilities at the
+.I emerg
+level and the
+.I mail
+and
+.I daemon
+facilities at the
+.I crit
+level.
+.PP
+Known facilities and levels
+recognized by
+.I syslogd
+are those listed in
+.IR syslog (3)
+without the leading ``LOG_''.
+The additional facility
+``mark'' has a message at priority LOG_INFO sent to it every
+20 minutes
+(this may be changed with the
+.B \-m
+flag).
+The ``mark'' facility is not enabled by a facility field containing an asterisk.
+The level ``none'' may be used to disable a particular facility.
+For example,
+.PP
+.ti +5
+*.debug;mail.none
+.PP
+Sends all messages
+.I except
+mail messages to the selected file.
+.PP
+The second part of each line describes where the message is to be logged
+if this line is selected.
+There are four forms:
+.IP \(bu 3n
+A filename (beginning with a leading slash).
+The file will be opened in append mode.
+.IP \(bu 3n
+A hostname preceeded by an at sign (``@'').
+Selected messages are forwarded to the
+.I syslogd
+on the named host.
+.IP \(bu 3n
+A comma separated list of users.
+Selected messages are written to those users
+if they are logged in.
+.IP \(bu 3n
+An asterisk.
+Selected messages are written to all logged-in users.