Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

syslog(3)

syslogd(8)  —  Maintenance

OSF  —  Environment_Note_Added

NAME

syslogd − Logs system messages

SYNOPSIS

syslogd [-f config_file] [-m mark_interval] [-d]

The syslogd daemon reads and logs messages into a set of files described by the configuration file /etc/syslog.conf. 

FLAGS

−dTurns on debugging. 

-f config_fileSpecifies an alternate configuration file. 

-m mark_interval
Selects the number of minutes between mark messages.

DESCRIPTION

Each message is one line.  A message can contain a priority code, marked by a number in angle braces at the beginning of the line.  Priorities are defined in <sys/syslog.h>.  syslogd reads from the domain socket /dev/log, from an Internet domain socket specified in /etc/services, and from the special device /dev/klog (to read kernel messages). 

syslogd configures when it starts up and whenever it receives a hangup signal.  Lines in the configuration file have a selector to determine the message priorities to which the line applies and an action.  The action field is separated from the selector by one or more tabs. 

Selectors are semicolon separated lists of priority specifiers.  Each priority has a facility describing the part of the system that generated the message, a dot, and a level indicating the severity of the message.  Symbolic names may be used.  An ∗ (asterisk) selects all facilities.  All messages of the specified level or higher (greater severity) are selected.  More than one facility may be selected using commas to separate them.  For example:

∗.emerg;mail,daemon.crit

This line selects all facilities at the emerg level and the mail and daemon facilities at the crit level. 

Known facilities and levels recognized by syslogd are those listed in syslog without the leading LOG_.  The additional facility mark has a message at priority LOG_INFO sent to it every 20 minutes (this may be changed with the -m flag).  The mark facility is not enabled by a facility field containing an ∗ (asterisk).  The level none may be used to disable a particular facility.  For example:

∗.debug;mail.none

sends all messages except mail messages to the selected file. 

The second part of each line describes where the message is to be logged if this line is selected.  There are four forms:

       •A filename (beginning with a leading / (slash)).  The file will be opened in append mode. 

       •A hostname preceeded by an @ (at sign).  Selected messages are forwarded to the syslogd on the named host. 

       •A comma separated list of users.  Selected messages are written to those users if they are logged in. 

       •An ∗ (asterisk).  Selected messages are written to all users who are logged in. 

Blank lines and lines beginning with # (number sign) are ignored. 

For example:

kern,mark.debug/dev/console
∗.notice;mail.info/var/adm/syslog/mail
∗.crit/var/adm/syslog/critical
kern.err@ucbarpa
∗.emerg∗
∗.alerteric,kridle
∗.alert;auth.warningralph

The preceding configuration file logs:

       •Logs all kernel messages and 20 minute marks onto the system console

       •Logs all notice (or higher) level messages and all mail system messages except debug messages into the file /var/adm/syslog/mail

       •Logs all critical messages into the /var/adm/syslog/critical file

       •Forwards kernel messages of error severity or higher to ucbarpa. 

       •Informs all users of any emergency messages, informs users eric and kridle of any alert messages, and informs user ralph of any alert message or any warning message (or higher) from the authorization system. 

Destinations for logged messages can be specified with full pathnames (beginning with a leading / [slash]).  The syslogd daemon then opens the specified file(s) in append mode.  If the pathname to a syslogd log file specified in syslog.conf is /var/adm/syslog.dated/file, syslogd inserts a date directory, and thus produces a day-by-day account of the messages received, directly above file in the directory structure.  Typically, you will want to divert messages separately, according to facility, into files such as kern.log, mail.log, lpr.log, and debug.log. 

If some pathname other than /var/adm/syslog.dated/file is specified as the pathname to the logfile, syslogd does not create the daily date directory.  For example, if you specify /var/adm/syslog/mail.log (without the .dated suffix after syslog), syslogd simply logs messages to the mail.log file and allows this file to grow indefinitely. 

Examining Error Logging Files

The syslogd daemon acts as a central routing facility for messages whose formats are determined by the programs that produce them.  In other words, the message format for error messages and status information is not

The syslogd daemon creates the file /etc/syslog.pid, if possible, containing a single line with its process ID.  This can be used to kill or reconfigure syslogd.

To bring syslogd down, it should be sent a terminate signal (for example: kill ‘cat /etc/syslog.pid`). 

If no syslog.conf configuration file is present, syslogd uses the following built-in defaults:

∗.ERR/dev/console
∗.PANIC∗

According to these defaults, all error messages are logged on the console and all panic messages (from the kernel) are sent to all logged-in users.  No files are written.  It is recommended, however, that administrators not use the built-in defaults, and create a syslog.conf file with the appropriate specifications. 

FILES

/usr/sbin/syslogd
Specifies the command path

/etc/syslog.conf
Configuration file.

/etc/syslog.pid
Process ID.

/dev/logThe name of the domain datagram log socket. 

/dev/klogKernel log device. 

ENVIRONMENT NOTES

This section describes system features that are not generic to OSF/1 but that are provided in this OSF/1 implementation. 

ULTRIX Compatibility

The syslogd daemon supports binary error logging and logs kernel hardware and kernel-related error packets.  The "binary.err" entry in the /etc/syslog.conf file specifies the file name and the location of the binary error log file.  The default entry is as follows:

binary.err              /var/adm/binary.errlog

If "binary.err" is not specifed, binary error packets are not saved.  The "binary.err" entry in the /etc/syslog.conf file must not have a non-Digital or ULTRIX system for an action (or forwarding destination) because the non-Digital or ULTRIX system syslogd will be unable to process the forwarded messages. 

The binary log file is not ASCII text so the uerf(8) command must be used to examine the file. 

RELATED INFORMATION

Functions:  syslog(3)

Guide to System Administration

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026