UNIX TUTORIALS - Unix - System Logging
Unix - System Logging
ADVERTISEMENTS
Term | Description |
---|---|
Facility | The identifier used to describe the application or process that submitted the log message. Examples are mail, kernel, and ftp. |
Priority | An indicator of the importance of the message. Levels are defined within syslog as guidelines, from debugging information to critical events. |
Selector | A combination of one or more facilities and levels. When an incoming event matches a selector, an action is performed. |
Action | What happens to an incoming message that matches a selector. Actions can write the message to a log file, echo the message to a console or other device, write the message to a logged in user, or send the message along to another syslog server. |
ADVERTISEMENTS
Syslog Facilities:
Facility | Description |
---|---|
auth | Activity related to requesting name and password (getty, su, login) |
authpriv | Same as auth but logged to a file that can only be read by selected users |
console | Used to capture messages that would generally be directed to the system console |
cron | Messages from the cron system scheduler |
daemon | System daemon catch-all |
ftp | Messages relating to the ftp daemon |
kern | Kernel messages |
local0.local7 | Local facilities defined per site |
lpr | Messages from the line printing system |
Messages relating to the mail system | |
mark | Pseudo event used to generate timestamps in log files |
news | Messages relating to network news protocol (nntp) |
ntp | Messages relating to network time protocol |
user | Regular user processes |
uucp | UUCP subsystem |
ADVERTISEMENTS
Syslog Priorities:
Priority | Description |
---|---|
emerg | Emergency condition, such as an imminent system crash, usually broadcast to all users |
alert | Condition that should be corrected immediately, such as a corrupted system database |
crit | Critical condition, such as a hardware error |
err | Ordinary error |
warning | Warning |
notice | Condition that is not an error, but possibly should be handled in a special way |
info | Informational message |
debug | Messages that are used when debugging programs |
none | Pseudo level used to specify not to log messages. |
The logger Command:
Option | Description |
---|---|
-f filename | Use the contents of file filename as the message to log. |
-i | Log the process ID of the logger process with each line. |
-p priority | Enter the message with the specified priority (specified selector entry); the message priority can be specified numerically, or as a facility.priority pair. The default priority is user.notice. |
-t tag | Mark each line added to the log with the specified tag. |
message | The string arguments whose contents are concatenated together in the specified order, separated by the space |
Important Log Locations
Application | Directory |
---|---|
httpd | /var/log/httpd |
samba | /var/log/samba |
cron | /var/log/ |
/var/log/ | |
mysql | /var/log/ |
The /etc/syslog.conf file:
*.err;kern.debug;auth.notice /dev/console daemon,auth.notice /var/log/messages lpr.info /var/log/lpr.log mail.* /var/log/mail.log ftp.* /var/log/ftp.log auth.* @prep.ai.mit.edu auth.* root,amrood netinfo.err /var/log/netinfo.log install.* /var/log/install.log *.emerg * *.alert |program_name mark.* /dev/consoleThe logger Command:
logger [-i] [-f file] [-p priority] [-t tag] [message]...