Configuration file for syslogd




The /etc/syslog.conf file is the configuration file for the syslogd daemon. It consists of lines with two fields:

Selector field
The types of messages and priorities to which the line applies.
Action field
The action to take if a message received by syslogd matches the selection criteria.

Note: Use one or more tab characters to separate the selector and action fields.

The selectors are encoded as a facility, a dot (.), and a level, with no intervening whitespace. Both the facility and the level are case-insensitive.

The facility describes the part of the system generating the message, and is one of the following keywords:

These keywords (with the exception of mark) correspond to the similar “LOG_” values specified to the openlog() and syslog() routines.

The level describes the severity of the message, and is a keyword from the following ordered (higher to lower) list:

These keywords also correspond to the similar “LOG_” values specified to the syslog() routine.

For further descriptions of both the facility and level keywords and their significance, see syslog() in the Library Reference.

If a received message matches the specified facility and is of the specified (or higher) level, then the action specified in the action field is taken.

You can specify multiple selectors for a single action by separating them with semicolon (;) characters.

Note: Note that each selector can modify the ones preceding it.

You can specify multiple facilities for a single level by separating them with comma (,) characters.

You can use an asterisk (*) to specify all facilities or all levels.

The special facility mark receives a message at priority info every 20 minutes (see syslogd).

The special level none disables a particular facility.

The action field of each line specifies the action to be taken when the selector field selects a message. The action field can take these forms:

Blank lines and lines whose first nonblank character is a hash (#) character are ignored.


A configuration file might appear as follows:

# Log all kernel messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
*.err;kern.*;auth.notice;authpriv.none /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none         /var/log/messages

# The authpriv file has restricted access.
authpriv.*                             /var/log/secure

# Log all the mail messages in one place.
mail.*                                 /var/log/maillog

# Everybody gets emergency messages, plus log them on
# another machine.
*.emerg                    *
*.emerg                    @arpa.berkeley.edu

# Root and Eric get alert and higher messages.
*.alert                    root,eric

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit             /var/log/spoolerr


The effects of multiple selectors aren't always intuitive. For example, mail.crit,*.err selects mail facility messages at the level of err or higher, not at the level of crit or higher.

Logging messages to users isn't currently implemented.

See also:


openlog(), syslog() in the Library Reference