Syslog is a standard for computer message logging and
integrates log data from many different types of systems into a central
repository.
Authorization
Root user authority is required
on UNIX operating systems.
Description
The program of the syslog is syslogd,
that is, syslog daemon. The configuration file
/etc/syslog.conf is
used to control the output of syslogd. The user has to configure the
log configuration file
(/etc/syslog.conf) and
each line in the configuration file must consist of the first two
parts below:
- A selector to determine the log message priorities which is the facility.priority pair.
- A log destination (file path) for the above selector.
- Rotation (optional)
The
facility must be one of the values from
the following list:
- kern - kernel messages
- user - random user-level messages (recommended for the db2audit
extract command)
- mail - mail system messages
- daemon - system daemons
- auth - security/authorization messages (recommended for the db2audit
extract command)
- syslog - messages generated internally by syslogd
- lpr - line printer subsystem
- news - news subsystem
- uucp - uucp subsystem
- cron - clock daemon
- caa - Cluster aware AIX® subsystem
- local0 ~ local7 - reserved for local use (recommended for the db2audit
extract command)
- * - (all facilities- used only in the configuration file and not
in the commands or API)
The
priority must be one of the values from
the following list (from high to low) :
- emerg or panic - system is unusable
- alert - action must be taken immediately
- crit - critical conditions
- err or error - error conditions
- warn or warning - warning conditions
- notice - normal but significant condition
- info - informational
- debug - debug-level messages
Syslog messages are logged usually in the format:
date
time hostname facility:priority username: message_body.
All
items before the
message_body are metadata, for
example:
Oct 10 12:05:23 hotel37 mail:err newton: The user newton
just got a mail error.
Examples
The
following example shows the
facility.priority sample
configuration lines in the
/etc/syslog.conf file:
user.info /var/log/db2/user_messages.log
User
messages at
info or higher priority go to the
/var/log/db2/user_messages.log.
mail.crit /dev/console
Mail
messages at
crit or higher priority go to the console.
*.debug /var/log/all_messages.log
All
facilities at debug or higher priority go to
/var/log/all_messages.log.
auth.warning @host123.torolab.ibm.com
Authorization
messages at
warning or higher priority are forwarded
by the local syslog daemon (syslogd) to the syslog daemon (syslogd)
on host123 machine.