# # /etc/syslog.conf # # *** syslog configuration file FOR MAJOR SERVERS & LOGHOSTS **** # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # # History: <1> May.19'93 Sean # removed old sendmail hacks. # No local logs:- send everything to 'loghost' # (loghost alias is in /etc/hosts). Log ALL messages. # # <2> Oct.19'93 Sean # Using 'logger' & 'syslogd -d' debugged & corrected. # added comments. # <3> May.19'2000 Sean Boran # Quieten console, adapt after Yassp discussions # # Facilities: kern Priorities: emerg # user (highest first) alert # mail crit # daemon err # auth warning # syslog notice # lpr info # mark (timestamps) debug # news # uucp # cron none # local0..7 [don't send any messages] # # Funnies: 0. 'mail.info' logs all mail messages of priority # 'info' OR HIGHER (i.e. not just priority 'info')! # 1. you can do *.priority but not facility.* !! # 2. do "m4 syslog.conf" to check preprossing # 3. Must use tabs (not spaces) between selection and action # 4. "kern,mail.info" logs kern & mail messages of # at least priority info. The same for other combinations. # 5. Long lines don't work. # 6. You can have MAXIMUM 20 (non comment) lines in this file. # (The rest are silently ignored..) # # Debugging: . start syslogd with "-d" to enable debug output # . send a HUP to syslogd each time you change this file # . use /usr/ucb/logger to send test messages to # each facility.priority, for axample: # /usr/ucb/logger -p mail.warn "test from sean" # ##### Workstation notes: ##### For normal workstations and small servers I recommend ##### the following simple configuration: #*.info @loghost #*.debug /var/adm/messages #### # For lots of messages on the console uncomment this: #*.err;kern.warning;auth.err;daemon.err /dev/console # For minimal console messages, such as "SU": auth.err /dev/console # To alert logged on root or operator user to import events: #*.alert;kern.err;daemon.err operator #*.alert root # display emergencies on all terminals (uses WALL) *.emerg * #print time on console every 20mins (not needed if you have contool) #mark.* /dev/console kern.info ifdef(`LOGHOST', /var/log/kernlog, @loghost) user.info ifdef(`LOGHOST', /var/log/userlog, @loghost) mail.info ifdef(`LOGHOST', /var/log/maillog, @loghost) daemon.info ifdef(`LOGHOST', /var/log/daemonlog, @loghost) auth.info ifdef(`LOGHOST', /var/log/authlog, @loghost) lpr.info ifdef(`LOGHOST', /var/log/lprlog, @loghost) news,uucp.info ifdef(`LOGHOST', /var/log/newslog, @loghost) cron.info ifdef(`LOGHOST', /var/log/cronlog, @loghost) ## other "local" messages not yet used local0,local1.info ifdef(`LOGHOST', /var/log/local0log, @loghost) local2,local3,local4.info ifdef(`LOGHOST', /var/log/local2log, @loghost) local5,local6,local7.info ifdef(`LOGHOST', /var/log/local5log, @loghost) # Put all alerts (& higher) into a seperate log: *.err ifdef(`LOGHOST', /var/log/alertlog, @loghost) # Example log levels (tried & tested): # ------------------------------------ # 'su root' failed for .. auth.err # ROOT LOGIN REFUSED ON ... auth.err # 'su root' succeeded for.. auth.notice # ## eof