Configuration file for syslogd
/etc/syslog.conf
The /etc/syslog.conf file is the configuration file for the syslogd daemon. It consists of lines with two fields:
The selectors are encoded as a facility, a dot (.), and a level, with no intervening whitespace. Both the facility and the level are case-insensitive.
The facility describes the part of the system generating the message, and is one of the following keywords:
These keywords (with the exception of mark) correspond to the similar "LOG_" values specified to the openlog() and syslog() routines.
The level describes the severity of the message, and is a keyword from the following ordered (higher to lower) list:
These keywords also correspond to the similar "LOG_" values specified to the syslog() routine.
For further descriptions of both the facility and level keywords and their significance, see syslog() in the QNX Neutrino C Library Reference.
If a received message matches the specified facility and is of the specified (or higher) level, then the action specified in the action field is taken.
You can specify multiple selectors for a single action by separating them with semicolon (;) characters.
You can specify multiple facilities for a single level by separating them with comma (,) characters.
You can use an asterisk (*) to specify all facilities or all levels.
The special facility mark receives a message at priority info every 20 minutes (see syslogd).
The special level none disables a particular facility.
The action field of each line specifies the action to be taken when the selector field selects a message. The action field can take these forms:
Blank lines and lines whose first nonblank character is a hash (#) character are ignored.
A configuration file might appear as follows:
# Log all kernel messages, authentication messages of # level notice or higher and anything of level err or # higher to the console. # Don't log private authentication messages! *.err;kern.*;auth.notice;authpriv.none /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Everybody gets emergency messages, plus log them on # another machine. *.emerg * *.emerg @arpa.berkeley.edu # Root and Eric get alert and higher messages. *.alert root,eric # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spoolerr
The effects of multiple selectors aren't always intuitive. For example, mail.crit,*.err selects mail facility messages at the level of err or higher, not at the level of crit or higher.
Logging messages to users isn't currently implemented.