#ident "@(#)syslog.conf 1.3 93/12/09 SMI" /* SunOS 5.0 */ # # /etc/syslog.conf syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # # SunNote: Have to exclude user from most lines so that user.alert # and user.emerg are not included, because old sendmails # will generate them for debugging information. If you # have no 4.2BSD based systems doing network logging, you # can remove all the special cases for "user" logging # [We don't - I did. Sean]. # # History:<1> May.19'93 Sean Boran # removed old sendmail hacks. # No local logs:- send everything to 'loghost' # (loghost alias is in /etc/hosts). Log ALL messages. # <2> Oct.19'93 Sean # Using 'logger' & 'syslogd -d' debugged & corrected. # added comments. # # Facilities: kern Priorities: emerg # user (highest first) alert # mail crit # daemon err # auth warning # syslog notice # lpr info # mark (timestamps) debug # news # uucp # cron none # local0..7 [don't send any messages] # # Funnies: 0. 'mail.info' logs all mail messages of priority # 'info' OR HIGHER (i.e. not just priority 'info')! # 1. you can do *.priority but not facility.* !! # 2. Do "m4 syslog.conf" to check preprossing # 3. Must use tabs (not spaces) between selection and action # 4. "kern,mail.info" logs kern & mail messages of # at least priority info. The same for other combinations. # 5. Long lines don't work. # 6. You can have MAXIMUM 20 (non comment) lines in this file. # (The rest are silently ignored..) # # Debugging:. start syslogd with "-d" to enable debug output # . send a HUP to syslogd each time you change this file # . use /usr/ucb/logger to send test messages to # each facility.priority # *.err;kern.warning;auth.err;daemon.err /dev/console *.alert;kern.err;daemon.err operator *.alert root # display emergencies on all terminals (uses WALL) *.emerg * #print time on console every 20mins (not needed if you have contool) #mark.* /dev/console kern.info ifdef(`LOGHOST', /var/log/kernlog, @loghost) user.info ifdef(`LOGHOST', /var/log/userlog, @loghost) mail.info ifdef(`LOGHOST', /var/log/maillog, @loghost) daemon.info ifdef(`LOGHOST', /var/log/daemonlog, @loghost) auth.info ifdef(`LOGHOST', /var/log/authlog, @loghost) lpr.info ifdef(`LOGHOST', /var/log/lprlog, @loghost) news,uucp.info ifdef(`LOGHOST', /var/log/newslog, @loghost) cron.info ifdef(`LOGHOST', /var/log/cronlog, @loghost) ## other "local" messages not yet used local0,local1.info ifdef(`LOGHOST', /var/log/locallog, @loghost) local2,local3,local4.info ifdef(`LOGHOST', /var/log/locallog, @loghost) local5,local6,local7.info ifdef(`LOGHOST', /var/log/locallog, @loghost) # Put all alerts (& higher) into a seperate log: *.err ifdef(`LOGHOST', /var/log/alertlog, @loghost) # Example log levels (tried & tested): # ------------------------------------ # 'su root' failed for .. auth.err # ROOT LOGIN REFUSED ON ... auth.err # 'su root' succeeded for.. auth.notice #