IRIX Base Documentation 2001 May

home *** CD-ROM | disk | FTP | other *** search

/ IRIX Base Documentation 2001 May / SGI IRIX Base Documentation 2001 May.iso / usr / share / catman / a_man / cat1 / syslogd.z / syslogd

Wrap

Text File | 1998-10-20 | 10.6 KB | 265 lines

ssssyyyyssssllllooooggggdddd((((1111MMMM)))) ssssyyyyssssllllooooggggdddd((((1111MMMM)))) NNNNAAAAMMMMEEEE syslogd - log systems messages SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS ////uuuussssrrrr////eeeettttcccc////ssssyyyyssssllllooooggggdddd [ ----ffff_c_o_n_f_i_g_f_i_l_e ] [ ----mmmm_m_a_r_k_i_n_t_e_r_v_a_l ] [ ----pppp_l_o_g_p_i_p_e ] [ ----dddd ] DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN _s_y_s_l_o_g_d reads and logs messages into a set of files described by the configuration file /_e_t_c/_s_y_s_l_o_g._c_o_n_f. Each message is one line. A message can contain a priority code, marked by a number in angle braces at the beginning of the line. Priorities are defined in <_s_y_s/_s_y_s_l_o_g._h>. _s_y_s_l_o_g_d reads from the stream device /_d_e_v/_l_o_g, from an Internet domain socket specified in /_e_t_c/_s_e_r_v_i_c_e_s, and from the special device /_d_e_v/_k_l_o_g (to read kernel messages). _s_y_s_l_o_g_d reads its configuration when it starts up and whenever it receives a hangup signal. Lines in the configuration file have a selector to determine the message priorities to which the line applies and an _a_c_t_i_o_n. The _a_c_t_i_o_n fields are separated from the selector by one or more tabs. A maximum of 50 lines can be specified. It is recommended that no more than 49 be used, or the LLLLOOOOGGGG____LLLLFFFFMMMMTTTT facility may not work correctly; this facility is used by _l_o_g_i_n(1), among other programs. Selectors are semicolon separated lists of priority specifiers. Each priority has a _f_a_c_i_l_i_t_y describing the part of the system that generated the message, a dot, and a _l_e_v_e_l indicating the severity of the message. Symbolic names can be used. An asterisk (****) selects all facilities, while ddddeeeebbbbuuuugggg selects all levels. All messages of the specified level or higher (greater severity) are selected. More than one facility can be selected, using commas to separate them. For example: *.emerg;mail,daemon.crit selects all facilities at the _e_m_e_r_g level and the _m_a_i_l and _d_a_e_m_o_n facilities at the _c_r_i_t level. Known facilities and levels recognized by _s_y_s_l_o_g_d are those listed in _s_y_s_l_o_g(3C) without the leading LLLLOOOOGGGG____. The additional facility mmmmaaaarrrrkkkk logs messages at priority LOG_INFO every 20 minutes (this interval can be changed with the ----mmmm flag). The mmmmaaaarrrrkkkk facility is not enabled by a facility field containing an asterisk. The level nnnnoooonnnneeee can be used to disable a particular facility. For example: *.debug;mail.none sends all messages _e_x_c_e_p_t mail messages to the selected file. The second part of each line describes where the message is to be logged if this line is selected. There are five forms: PPPPaaaaggggeeee 1111 ssssyyyyssssllllooooggggdddd((((1111MMMM)))) ssssyyyyssssllllooooggggdddd((((1111MMMM)))) +o A filename (beginning with a leading slash). The file is opened in append mode. +o A hostname preceded by an at sign (@@@@). Selected messages are forwarded to the _s_y_s_l_o_g_d on the named host. +o A comma-separated list of users. Selected messages are written to those users if they are logged in. +o An asterisk. Selected messages are written to all logged-in users. +o A ||||, followed immediately by a program name, which is taken to be all chars after the |||| up to the next tab; at least one action must follow the tab. The filter is expected to read stdin and write the filtered response to stdout. The filter receives the source and message through stdin. A filter can also access the priority, facility, and hostname via environmental variables: PRIORITY, FACILITY, and FROM. The values are stored as strings defined in <_s_y_s/_s_y_s_l_o_g._h>. If the filter exits with a non-zero value, the original message is logged, as well as a message that the filter failed. The filter has a limited time (currently eight seconds) to process the message. If the filter exits with status 0 without writing any data, no message is logged. The data to be read by the filter is not terminated with a newline, nor should the data written have a newline appended. See below for a sample filter. Blank lines and lines beginning with #### are ignored. For example, the configuration file: kern.debug |/usr/sbin/klogpp /var/adm/SYSLOG kern.debug |/usr/sbin/klogpp /dev/console user,mail,daemon,auth,syslog,lpr.debug /var/adm/SYSLOG kern.err @ginger *.emerg * *.alert eric,beth *.alert;auth.warning ralph filters all kernel messages through _k_l_o_g_p_p(1M) and writes them to the system console and into /_v_a_r/_a_d_m/_S_Y_S_L_O_G and logs debug (or higher) level messages into the file /_v_a_r/_a_d_m/_S_Y_S_L_O_G. Kernel messages of error severity or higher are forwarded to ggggiiiinnnnggggeeeerrrr. All users are informed of any emergency messages. The users eeeerrrriiiicccc and bbbbeeeetttthhhh are informed of any alert messages. The user rrrraaaallllpppphhhh is informed of any alert message or any warning message (or higher) from the authorization system. _s_y_s_l_o_g_d is started at system initialization from /_e_t_c/_i_n_i_t._d/_s_y_s_e_t_u_p. Optional site-specific flags belong in /_e_t_c/_c_o_n_f_i_g/_s_y_s_l_o_g_d._o_p_t_i_o_n_s. The flags are: PPPPaaaaggggeeee 2222 ssssyyyyssssllllooooggggdddd((((1111MMMM)))) ssssyyyyssssllllooooggggdddd((((1111MMMM)))) ----ffff_c_o_n_f_i_g_f_i_l_e Specify an alternate configuration file. ----mmmm_m_a_r_k_i_n_t_e_r_v_a_l Select the number of minutes between mark messages. ----dddd Turn on debugging. _s_y_s_l_o_g_d runs in the foreground and writes debugging information to stdout. ----pppp_l_o_g_p_i_p_e Use the given name for the device instead of /_d_e_v/_l_o_g. _s_y_s_l_o_g_d rereads its configuration file when it receives a hangup signal, SIGHUP. To bring _s_y_s_l_o_g_d down, send it a terminate signal (for example, kkkkiiiillllllllaaaallllllll ----TTTTEEEERRRRMMMM ssssyyyyssssllllooooggggdddd). SSSSEEEECCCCUUUURRRRIIIITTTTYYYY CCCCOOOONNNNSSSSIIIIDDDDEEEERRRRAAAATTTTIIIIOOOONNNNSSSS _s_y_s_l_o_g_d creates log files in mode 644 which allows general read access. If the log file already exists, its permissions are unchanged. The system administrator may wish to create separate log files with more restricted permissions for sensitive information such as LOG_AUTH messages. Scripts or _c_r_o_n(1M) jobs that roll (that is save and restart with a new file) these sensitive log files should ensure that the new log file has the desired permissions. FFFFIIIILLLLTTTTEEEERRRR EEEEXXXXAAAAMMMMPPPPLLLLEEEE This example shows how to use the filter mechanism. To have _f_t_p_d(1M) messages logged in a different file, add the following line to /_e_t_c/_s_y_s_l_o_g._c_o_n_f: daemon,auth.debug |/var/adm/ftpd.filt /var/adm/ftpd.log The /_v_a_r/_a_d_m/_f_t_p_d._f_i_l_t file is a shell script: #!/bin/sh # This filter only accepts ftpd messages read line set $line case "$1" { ftpd\[*) echo "$line\c" exit 0 ;; } exit 0 MMMMEEEESSSSSSSSAAAAGGGGEEEE EEEEXXXXAAAAMMMMPPPPLLLLEEEE The following is an example line from the /_v_a_r/_a_d_m/_S_Y_S_L_O_G file: Aug 10 10:32:53 6F:sgihost syslogd: restart Each line has several parts. The date and time of the message are listed first, followed by a priority and facility code. Priorities are listed as 0-7 and facilities are listed as A-T. Reference <_s_y_s/_s_y_s_l_o_g._h>. The PPPPaaaaggggeeee 3333 ssssyyyyssssllllooooggggdddd((((1111MMMM)))) ssssyyyyssssllllooooggggdddd((((1111MMMM)))) source is the name of the program that generated the message. Following the source is the message itself. FFFFIIIILLLLEEEESSSS /etc/syslog.conf default configuration file /dev/log device read by _s_y_s_l_o_g_d /dev/klog the kernel log device /usr/sbin/klogpp filter for kernel messages /etc/config/syslogd.options command-line flags used at system startup SSSSEEEEEEEE AAAALLLLSSSSOOOO logger(1), sysmon(1M), syslog(3C). PPPPaaaaggggeeee 4444