Information Technology Reference
In-Depth Information
kern.crit
matches critical (and any higher severity:
alert
and
emerg
) error
messages from the kernel.
Three special cases exist. The first special case is when a facility keyword is
specified without being followed by a “.” and a severity keyword. This is used
to identify all levels of severity. For example, if the facility keyword
mail
is
specified by itself, all severity levels of mail messages are processed.
The second special case is when a facility keyword is followed by a “.” and
the
none
severity keyword. This implies that no messages from the specified
facility should be processed. For example,
mail.none
indicates that no mail
syslog messages should be processed.
The third special case is when the asterisk (
*
) facility is used. This implies
that all source facilities (except the
mark
facility) should be processed. For
example,
*.notice
indicates that all messages of the notice level sent to sys-
log (from all sources except mark) should be processed.
More than one facility/severity combination can be specified on an
/etc/
syslog.conf
entry by separating them with the semicolon (
;
) character.
Actions
Each entry has an action associated with it. Table 13.3 lists the four forms of
actions.
Table 13.3
The syslog Actions
Action
Description
/filename
The identified syslog messages will be appended to the specified file
(must begin with a slash [
/
] character).
@host
The identified syslog messages will be forwarded to the
syslogd
daemon on the specified remote host (must begin with the at [
@
]
character).
login account
The identified syslog messages are written to the standard out (typi-
cally the monitor) associated with the specified login account if the
account is currently logged onto the system. Multiple login accounts
can be specified (separated by commas).
*
The identified syslog messages are written to the standard out of all
login accounts currently logged onto the system.
Optional Entries Controlled by m4 Macros
Optional entries can be defined in the
/etc/syslog.conf
file using the
m4
macro:
ifdef
(condition, define_if_true, define_if_false)
specified in
the facility/keyword column or in the action column.