- Linux uses syslog standard for message logging.
- Uses facilities and priorities to categorize the messages.
Facility code Keyword Description
0 kern Kernel messages
1 user User-level messages
2 mail Mail system
3 daemon System daemons
4 auth Security/authentication messages
5 syslog Messages generated internally by syslogd
6 lpr Line printer subsystem
7 news Network news subsystem
8 uucp UUCP subsystem
9 cron Clock daemon
10 authpriv Security/authentication messages
11 ftp FTP daemon
12 ntp NTP subsystem
13 security Log audit
14 console Log alert
15 solaris-cron Scheduling daemon
16–23 local0 – local7 Locally used facilities
The priorities (in order of severity) are:
Code Keyword0 emerg (or panic)
1 alertdebug
2 crit
3 err (or error)
4 warning (or warn)
5 notice
6 info
7 debug
Syslog servers
syslogd
rsyslog
syslog-ng
rsyslog
/etc/rsyslog.conf:
include /etc/rsyslog.d/*.conf
Logging rules
Consist of two fields: selector field and action field
Example:
#Log anything 'warn' or higher.
#Exclude authpriv, cron, mail, and news. These are logged elsewhere.
#Don't log private authentication messages!
*.warn;\ authpriv.none;cron.none;mail.none;news.none -/var/log/syslog
#The authpriv file has restricted
access. authpriv.* /var/log/secure
#Log all the mail messages in one place. Use caching mode to improve I/O performance
#- before /var/log/maillog means use caching mode. you may loose some messages if system crash
mail.* -/var/log/maillog
#Log cron stuff
cron.* /var/log/cron
#Everybody gets emergency messages
*.emerg *
#Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
Logger command
logger - a shell command interface to the syslog(3) system log module
logger [options] message
Where important options are:
-p FACILITY.PRIORITY
-t tag
Valid facility names are:
auth
authpriv for security information of a sensitive nature
cron
daemon
ftp
kern cannot be generated from userspace process, automatically converted to user
lpr
mail
news
syslog
user
uucp
local0 to local7
security deprecated synonym for auth
Valid priority names are:
emerg
alert
crit
err
warning
notice
info
debug
panic deprecated synonym for emerg
error deprecated synonym for err
warn deprecated synonym for warning
Logger examples
logger System rebooted
logger -p local0.notice -t HOSTIDM -f /dev/idmc
logger -n loghost.example.com System rebooted
logger -p mail.info -t test-message "Test message here."
No comments:
Post a comment