Absolute Openbsd Unix For The Practical Paranoid [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Absolute Openbsd Unix For The Practical Paranoid [Electronic resources] - نسخه متنی

Michael W. Lucas

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید



/etc/syslog.conf

The UNIX logging system uses /etc/syslog.conf to sort log messages into their proper files. Each program that wants to log sends log entries to the logging system and marks each message with a facility and a level. The syslogd(8) program receives these messages and sorts them according to the matching entries in /etc/syslog.conf. Each entry has two sections: a message identifier consisting of a facility and a level, and an action for matching messages. You must separate the action from the facility/level statement with tabs, not spaces.


Facilities


A facility is a log-entry source, generally a program, that sends messages to syslogd. This is an arbitrary label, just a text string used to sort one program from another. In most cases, each program that needs a unique log needs a unique facility. Many programs have a facility dedicated to them, such as mail, ftp, and cron. Syslogd also has a variety of generic facilities that can be used by any program. Programs can use facilities that aren't meant for them, but you'll be able to track them down by finding their name within the message. The standard facilities are:












































auth


Publicly accessible information about user authorization, such as login and su attempts


authpriv


Private information about user authorization, accessible only to root


cron


Messages from the system scheduler, cron(8)


daemon


A catch-all for system daemons that lack their own facility


kern


Messages from the kernel


lpr


Messages from the printing system


mail


Messages from the mail system


mark


This puts an entry in a log every 20 minutes, useful for timing other logs


news


Messages from Internet News daemon


syslog


Internal logging system messages


user


The default message recipient


uucp


Logs from the UNIX-to-UNIX Copy Protocol


local0 through local7


Reserved for administrator use



Levels


A log message's level represents its relative importance. While programs send all their logging data to syslogd, most syslogd configurations only record the important stuff. Everyone has a different view of "important," however, and that's where levels come in. OpenBSD, like every standard-compliant UNIX, provides eight levels, which you can use to tell syslogd what to use and what to discard.
































emerg


System panic. Messages are flashed on every terminal. The system is down. Read crash(8).


alert


The system can continue to operate, but requires immediate attention.


crit


There are critical errors, but not as bad as the "alert" level. You may have a hard drive going bad, or serious software issues. You can continue running, if you're brave.


err


Errors that should be fixed, but will not endanger your system.


warning


Assorted errors that should be fixed in your copious free time, as someone will notice them, eventually.


notice


General information that probably doesn't require any action on your part.


info


Individual transaction and program activity information, such as individual messages sent or received on a mail server.


debug


Very detailed information, mostly of use when trying to debug problems. May contain information that violates user privacy.


none


Don't log anything from this facility here.



Actions


Syslogd(8) will take any of several actions upon matching a message. If you give an action of a full path to a file, messages are appended to the file. If you give the "@" symbol followed by the name of a host, messages will be forwarded to the syslogd(8) on that host. If you list users, separated by commas, the message will be sent to the terminal windows of any of those users who are logged in. Finally, if you put an asterisk, every user who is logged in will get the message on his terminal window.


Creating syslog.conf Entries


The first entry on each line describes the information to be logged, by facility and level. All messages sent that use that facility, and that level or higher will match the entry. The second tells the action to be taken when a log message matches the description. Syslogd compares each submission to the entries in /etc/ syslog.conf and, when it finds a matching entry, processes the log entry in the manner described. Take a look at this line from /etc/syslog.conf:

auth.info /var/log/authlog

This tells syslogd(8) to record messages that use the "auth" facility in /var/log/ authlog, if the message has a level of "info" or higher.

Wildcards


You can use wildcards in the message description. For example, to log all messages from the mail system you could use this entry.

mail.* /var/log/maillog

To log everything from everywhere, use two wildcards.

*.* /var/log/everything

Multiple Information Sources


You can send multiple information sources to a single action by separating them with semicolons.


*.notice;auth.debug root

Local Facilities


Many programs can choose which facility to use for their logging. Most add-on programs can be told which facility to use. The various "local" facilities are reserved for these programs. For example, you might tell a program to log to "local5". Exactly how you set these facilities varies from program to program. Once you have the program's facility set, however, logging these messages works exactly like logging any other messages.

local3.debug /var/log/programlog

Logging Hosts


If your network has a loghost where all systems send their logs, you can specify it as an action by using the at symbol (@). Here, we dump all the messages from the local host to the logging host.

*.* @loghost.AbsoluteOpenBSD.com

The /etc/syslog.conf on the log host determines the final destination for the messages it receives. Fortunately, each log message includes the host name.

Logging to User Sessions


You can send a message to a user, if he is logged in. List multiple users by separating them with commas. To send a message to all users, give an asterisk. For example, here I really annoy Chris, Phil, and Don, but notify all users of real emergencies.

*.debug chris,phil,don
*.emerg *


Logging by Program Name


If you're out of facilities, you can use the program's name to handle logging. An entry for a name requires at least two lines: the program name with a leading exclamation point and then a line with the logging information. For example, to log the output of (8), you would use this entry:

!chat
*.* /var/log/chatlog

/ 298