Information Technology Reference
In-Depth Information
Introduction
This chapter covers the Solaris 9 syslog (system logging) facility. This mech-
anism provides the capability to log user and system messages in one or more
files on the local or a remote system.
The syslog Facility
The
syslogd(1M)
command accepts messages sent to it from system (kernel
and device driver) and user programs and handles them based on the entries
in the
/etc/syslog.conf
file. These messages can be reporting anything
from emergency situations to debugging details. Common uses include mon-
itoring logins and recording hacking attempts. Typically, the
syslogd
com-
mand writes these messages to the specified log file, but other processing
options are also supported. A syslog message is categorized by its source, a
source facility
, and a priority, or
severity level
.
Source Facilities
To provide better control over the handling of log messages, the facilities
generating the messages can be used to determine where the messages are
sent or stored. This allows separate log files for different types of messages
based on the source. Table 13.1 lists the keywords used in the
/etc/
syslog.conf
file to identify the source of messages and control handling.
Table 13.1
The syslog Source Facilities
Keyword
Description
auth
Login authentication
cron
The
at(1)
and
cron(1M)
commands
daemon
System daemons
kern
The kernel
lpr
The line printer spooling system
local0-7
As defined locally
mail
System mail
mark
Timestamp produced by
syslogd(1M)
news
The USENET network news system
user
User programs
uucp
The UUCP system
*
All facilities except
mark
