UNIX - Syslog - Quick Guide
Here's a quick overview of Syslog, there's much more to it and you can find tons more information in the links at the bottom of the page.
Syslog stands for the System Log protocol. It allows for the sending and receiving of event messages and alerts across an IP network. Operating on either UDP or TCP on port 514, logs/events are sent to the syslog server/daemon, from the syslog client.
In order to configure the Syslog server you will need to configure the /etc/syslog.conf in order to tell the daemon what to do with the logs, i.e display it to the terminal, write it to a file etc etc.
With in the file there are 2 columns, the first being the log message received and the second being the action to take. Keeping in mind that you need to tab the space in between otherwise "she just wont work captain"
# /etc/syslog.conf Configuration file for syslogd.
# For more information see syslog.conf(5)
# First some standard logfiles. Log by facility.
# Logs all but locals to /var/log/messages
# Emergencies are sent to everybody logged in.
This conf file allows be to have local4 and local2 go through to their own log files along with being copied to one log file.
There's also some combos you can use,
- news.* news facility, any priority
- news.debug news facility, debug or higher priority (same as *)
- user,cron.* all messages from cron or user
- mail.info all mail messages of informational or higher priority
- *.info all messages from any facility except debug messages
- *.=info any facility, info msgs only (and not higher)
- *.!warning any facility, that is equal to or less priority to warning
- *.!=debug any facility, any priority except debug
- *.warning;user,news.none all messages with a warning or higher priority except user & news
You can also run syslogd-listfiles -a, which will show you the system log files as defined in the /etc/syslog.conf.
Further information can be found at,