Information Technology Reference
In-Depth Information
The
user
facility is the default and is used if the source does not specify a
facility keyword in the syslog message.
Priority (Severity) Levels
Along with the source facility, a syslog message can be identified by
priority
,
or
severity
. This provides a second mechanism (with finer granularity) for
handling messages based on importance. Table 13.2 lists the keywords used
in the
/etc/syslog.conf
file to identify the severity of messages and control
handling. These keywords are ordered on the basis of severity (from most
severe to least severe). When specified, messages associated with severity
level (or higher) are processed.
Table 13.2
The syslog Severity Levels
Keyword
Description
emerg
Panic conditions
alert
Conditions that need immediate attention
crit
Critical conditions
err
Other errors
warning
Warning messages
notice
Conditions that might require special handling
info
Non-urgent information
debug
Typically generated by debug messages in programs
none
Special keyword used to prevent logging of messages generated by
specified sources
Customizing System Message Handling
To control the handling of syslog messages, entries are added to the
/etc/
syslog.conf
file. These entries take the form of one or more facility/severity
keyword combinations followed by a tab character and an action. The facility
and severity identify a particular source facility and message severity, whereas
the action determines how the messages are handled. Facility/keywords and
actions can be optionally defined using a
m4(1)
macro, which can be used to
determine whether the current system is configured as a syslog host.
Facility/Severity Keywords Combinations
The facility and severity keywords are separated by a period (.) and identify
a particular source facility and the severity of messages. For example,
