syslog.conf File

Edit online

Purpose

Controls output of the syslogd daemon.

Description

Each line must consist of two parts:

A selector to determine the message priorities to which the line applies.
An action. Each line can contain an optional part.
Rotation.

The fields must be separated by one or more tabs or spaces.

Format

msg_src_list destination [rotate [size sizek|m] [files files] [time timeh|d|w|m|y] [compress] [archive archive]]

where msg_src_list is a semicolon separated list of facility.priority where:

facility: all (except mark); mark - time marks kern,user,mail,daemon, auth,....
priority: is one of (from high to low):; emerg/panic,alert,crit,err(or),warn(ing),notice,info,debug (meaning all messages of this priority or higher)
destination: is:; /filename - log to this file username [,username2...] - write to user(s); @hostname - send to syslogd on this machine; * - send to all logged in users; centralizedlog LogSpaceName/LogStreamName - send to the specified PowerHA® pureScale® logstream

[rotate [size sizek|m] [files files] [time timeh|d|w|m|y] [compress] [archive archive]] is:

If destination is a regular file and the word rotate is specified, then the destination is limited by either size or time, or both. The size value causes the destination to be limited to size, with files files kept in the rotation. The backup filenames are created by appending a period and a number to destination, starting with .0. The time value causes the destination to be rotated after time. If both time and size are specified, then logfiles will be rotated once the logfile size exceeds size or the after time, whichever is earlier.

If the compress option is specified then the logfile names will be generated with a .Z extension. The files keyword will be applicable to the logfiles which are currently under rotation. For example, if we specify the compress option, then only file with .Z extension will be under rotation and the number of such files will be limited byfiles files. Any logfiles with an extension other than .Z will not be under the rotation scheme and thus will not be under the restriction of files files. Similarly if the compress option is removed then the files which have been generated with .Z extension will no longer be the part of rotation scheme and will not be limited by the files files.

The minimum size that can be specified is 10k. The minimum number of files that can be specified is 2. The default size is 1MB and the default for files is unlimited. Therefore, if only rotate is specified, the log will be rotated with size = 1m. The compress option means that rotated log files that are not in use will be compressed. The archive option will save rotated log files that are not in use to archive.

The default is not to rotate log files.

[perm [mode]] is:

If destination is a regular file, and the word perm is specified it means that rotated files is having the permission specified by mode.

[Filter [filename]] is:

If the destination is a regular file, and word filter is specified it means that the messages coming from the remote machine is logged on to the file specified with this keyword. The default is not to filter the remote messages and not to set the permissions on rotate log files.

Requirement: The letter indicating the unit must immediately follow the number in the syntax. For example, to specify the log rotation of every two days, the phrase time 2d is correct, but time 2 d is not.

Note: To use a PowerHA pureScale logstream destination, the PowerHA pureScale client fileset must be installed on the system and bindings information for the service named "CentralizedLogService" must be setup. The log space and log stream objects specified as the PowerHA pureScale logstream destination must exist.

Note: It is recommended not to use same destination file in multiple entries when using file rotation. The following example shows bad configuration, which should be avoided.

user.debug 			 /var/log/syslog.out         rotate size 100k files 4 
user.notice 		 /var/log/syslog.out         rotate size 200k files 16

The proper configuration for the above case follows:

user.debug  		/var/log/syslog.debug.out 		rotate size 100k files 4 
user.notice 		/var/log/syslog.notice.out 	rotate size 200k files 16

Example

"mail messages, at debug or higher, go to Log file. File must exist."
"all facilities, at debug and higher, go to console"
"all facilities, at crit or higher, go to all users"
"user messages, at warning or higher, go to logstream"
mail.debug           /usr/spool/mqueue/syslog
*.info              /dev/console
*.crit                     *
user.warn            centralizedlog       CentralizedRAS/SyslogUserWarning

-or otherwise can have something like:

*.debug              /var/log/syslog.debug100k.out rotate size 100k files 4
*.crit               /var/log/syslog.dailycrit.out rotate time 1d

Files

Item	Description
/etc/syslog.conf	Controls the output of syslogd.