SYSLOG.CONF(5)						      BSD File Formats Manual						    SYSLOG.CONF(5)

NAME

     syslog.conf -- configuration file for syslogd(8)

DESCRIPTION

     The syslog.conf file is the configuration file for the syslogd(8) program.  It consists of lines with two fields: the selector field which
     specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a
     message syslogd receives matches the selection criteria.  The selector field is separated from the action field by one or more tab or space
     characters. A rule can be splitted in several lines if all lines except the last are terminated with a backslash (``'').

     The Selectors function are encoded as a facility, a period (``.''), and a level, with no intervening white-space.	Both the facility and the
     level are case insensitive.

     The facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, cron, daemon,
     kern, lpr, mail, mark, news, syslog, user, uucp and local0 through local7.  These keywords (with the exception of mark) correspond to the
     similar ``LOG_'' values specified to the openlog(3) and syslog(3) library routines.

     The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err,
     warning, notice and debug.  These keywords correspond to the similar (LOG_) values specified to the syslog library routine.

     See syslog(3) for a further descriptions of both the facility and level keywords and their significance.

     If a received message matches the specified facility and is of the specified level (or a higher level), the action specified in the action
     field will be taken.

     Multiple selectors may be specified for a single action by separating them with semicolon (``;'') characters.  It is important to note, how-
     ever, that each selector can modify the ones preceding it.

     Multiple facilities may be specified for a single level by separating them with comma (``,'') characters.

     An asterisk (``*'') can be used to specify all facilities or all levels.

     By default, a level applies to all messages with the same or higher level.  The equal (``='') character can be prepended to a level to
     restrict this line of the configuration file to messages with the very same level.

     An exclamation mark (``!'') prepended to a level or the asterisk means that this line of the configuration file does not apply to the speci-
     fied level (and higher ones). In conjunction with the equal sign, you can exclude single levels as well.

     The special facility ``mark'' receives a message at priority ``info'' every 20 minutes (see syslogd(8)).  This is not enabled by a facility
     field containing an asterisk.

     The special level ``none'' disables a particular facility.

     The action field of each line specifies the action to be taken when the selector field selects a message.	There are five forms:

     o	 A pathname (beginning with a leading slash).  Selected messages are appended to the file.

	 You may prepend a minus (``-'') to the path to omit syncing the file after each message log. This can cause data loss at system crashes,
	 but increases performance for programs which use logging extensively.

     o	 A named pipe (fifo), beginning with a vertical bar (``|'') followed by a pathname. The pipe must be created with mkfifo(8) before syslogd
	 reads its configuration file.	This feature is especially useful fo debugging.

     o	 A hostname (preceded by an at (``@'') sign).  Selected messages are forwarded to the syslogd program on the named host.

     o	 A comma separated list of users.  Selected messages are written to those users if they are logged in.

     o	 An asterisk.  Selected messages are written to all logged-in users.

     Blank lines and lines whose first non-blank character is a hash (``#'') character are ignored.

EXAMPLES

     A configuration file might appear as follows:

     # Log all kernel messages, authentication messages of
     # level notice or higher and anything of level err or
     # higher to the console.
     # Don't log private authentication messages!
     *.err;kern.*;auth.notice;authpriv.none  /dev/console

     # Log anything (except mail) of level info or higher.
     # Don't log private authentication messages!
     *.info;mail.none;authpriv.none	     /var/log/messages

     # The authpriv file has restricted access.
     authpriv.* 					     /var/log/secure

     # Log all the mail messages in one place.
     mail.*						     /var/log/maillog

     # Everybody gets emergency messages, plus log them on another
     # machine.
     *.emerg						     *
     *.emerg						     @arpa.berkeley.edu

     # Root and Eric get alert and higher messages.
     *.alert						     root,eric

     # Save mail and news errors of level err and higher in a
     # special file.
     uucp,news.crit					     /var/log/spoolerr

FILES

     /etc/syslog.conf  The syslogd(8) configuration file.

BUGS

     The effects of multiple selectors are sometimes not intuitive.  For example ``mail.crit,*.err'' will select ``mail'' facility messages at the
     level of ``err'' or higher, not at the level of ``crit'' or higher.

SEE ALSO

     syslog(3), syslogd(8)

4.4BSD								   June 9, 1993 							    4.4BSD