UNIX TUTORIALS - Unix - System Logging
Unix - System Logging
ADVERTISEMENTS
| Term | Description |
|---|---|
| Facility | The identifier used to describe the application or process that submitted the log message. Examples are mail, kernel, and ftp. |
| Priority | An indicator of the importance of the message. Levels are defined within syslog as guidelines, from debugging information to critical events. |
| Selector | A combination of one or more facilities and levels. When an incoming event matches a selector, an action is performed. |
| Action | What happens to an incoming message that matches a selector. Actions can write the message to a log file, echo the message to a console or other device, write the message to a logged in user, or send the message along to another syslog server. |
ADVERTISEMENTS
Syslog Facilities:
| Facility | Description |
|---|---|
| auth | Activity related to requesting name and password (getty, su, login) |
| authpriv | Same as auth but logged to a file that can only be read by selected users |
| console | Used to capture messages that would generally be directed to the system console |
| cron | Messages from the cron system scheduler |
| daemon | System daemon catch-all |
| ftp | Messages relating to the ftp daemon |
| kern | Kernel messages |
| local0.local7 | Local facilities defined per site |
| lpr | Messages from the line printing system |
| Messages relating to the mail system | |
| mark | Pseudo event used to generate timestamps in log files |
| news | Messages relating to network news protocol (nntp) |
| ntp | Messages relating to network time protocol |
| user | Regular user processes |
| uucp | UUCP subsystem |
ADVERTISEMENTS
Syslog Priorities:
| Priority | Description |
|---|---|
| emerg | Emergency condition, such as an imminent system crash, usually broadcast to all users |
| alert | Condition that should be corrected immediately, such as a corrupted system database |
| crit | Critical condition, such as a hardware error |
| err | Ordinary error |
| warning | Warning |
| notice | Condition that is not an error, but possibly should be handled in a special way |
| info | Informational message |
| debug | Messages that are used when debugging programs |
| none | Pseudo level used to specify not to log messages. |
The logger Command:
| Option | Description |
|---|---|
| -f filename | Use the contents of file filename as the message to log. |
| -i | Log the process ID of the logger process with each line. |
| -p priority | Enter the message with the specified priority (specified selector entry); the message priority can be specified numerically, or as a facility.priority pair. The default priority is user.notice. |
| -t tag | Mark each line added to the log with the specified tag. |
| message | The string arguments whose contents are concatenated together in the specified order, separated by the space |
Important Log Locations
| Application | Directory |
|---|---|
| httpd | /var/log/httpd |
| samba | /var/log/samba |
| cron | /var/log/ |
| /var/log/ | |
| mysql | /var/log/ |
The /etc/syslog.conf file:
*.err;kern.debug;auth.notice /dev/console daemon,auth.notice /var/log/messages lpr.info /var/log/lpr.log mail.* /var/log/mail.log ftp.* /var/log/ftp.log auth.* @prep.ai.mit.edu auth.* root,amrood netinfo.err /var/log/netinfo.log install.* /var/log/install.log *.emerg * *.alert |program_name mark.* /dev/consoleThe logger Command:
logger [-i] [-f file] [-p priority] [-t tag] [message]...