Configuration file for syslogd




The /etc/syslog.conf file is the configuration file for the syslogd daemon. It consists of lines with two fields:

Selector field
The types of messages and priorities to which the line applies.
Action field
The action to take if a message received by syslogd matches the selection criteria.
Note: Use one or more tab characters to separate the selector and action fields.

The selectors are encoded as a facility, a dot (.), and a level, with no intervening whitespace. Both the facility and the level are case-insensitive.

The facility describes the part of the system generating the message, and is one of the following keywords:

These keywords (with the exception of mark) correspond to the similar "LOG_" values specified to the openlog() and syslog() routines.

The level describes the severity of the message, and is a keyword from the following ordered (higher to lower) list:

These keywords also correspond to the similar "LOG_" values specified to the syslog() routine. For further descriptions of both the facility and level keywords and their significance, see syslog() in the QNX Neutrino C Library Reference.

If a received message matches the specified facility and is of the specified (or higher) level, then the action specified in the action field is taken. You can specify multiple selectors for a single action by separating them with semicolon (;) characters.

Note: Note that each selector can modify the ones preceding it.

You can specify multiple facilities for a single level by separating them with comma (,) characters. You can use an asterisk (*) to specify all facilities or all levels.

The special facility mark receives a message at priority info every 20 minutes (see syslogd). The special level none disables a particular facility.

The action field of each line specifies the action to be taken when the selector field selects a message:

A first character of: Indicates: The selected messages are:
/ A pathname Appended to the file
@ A hostname Forwarded to the syslogd program on the named host
  • If you specify a pathname for an action, the file must exist when syslogd reads its configuration file. Otherwise the action is ignored.
  • If you're using slogger, and you want to redirect syslogd output to it, send the log messages to /dev/console (which slogger monitors) by doing one of the following:
    • Specify an action that sends the logs to /dev/console, such as:
      *.*    /dev/console

      and then start syslogd.

    • Specify the LOG_CONS flag when you call openlog()

Blank lines and lines whose first nonblank character is a hash (#) character are ignored.


A configuration file might appear as follows:

# Log all kernel messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
*.err;kern.*;auth.notice;authpriv.none /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none         /var/log/messages

# The authpriv file has restricted access.
authpriv.*                             /var/log/secure

# Log all the mail messages in one place.
mail.*                                 /var/log/maillog


The effects of multiple selectors aren't always intuitive. For example, mail.crit,*.err selects mail facility messages at the level of err or higher, not at the level of crit or higher.

Logging messages to users isn't currently implemented.