Syslog is configured in /etc/syslog.conf.
Basically, there are three things to configure:
- facilities are the subsystems which generate the messages. There are, for instance "auth", "cron", "mail", etc.. The messages they generate are classified in
- priorities. Priorities denote the "severity" of an event a message tells about. This starts with "emerg" for emergency conditions and goes over "crit", "err", etc. down to "debug". Every lower class contains all the messages from the higher class plus some of its own. Once such a message is generated it triggers an
- action. This can be a file name, then the message is stored there. It could also be a remote machine, which would then handle the message (store it, or some other action). It could also be a "list of users", which would then get a mail with the message as text or a terminal, which will display the messages then - even without anybody being logged on there.
Every line in syslog.conf describes a facility/priority-combination and an action to start in case such a message is encountered. Notice, that priorities are inclusive: if you configure an action for "somefacility.warning" the action will be started for messages of the type "somefacility.err", "somefacility.crit", "somefacility.alert" and "somefacility.emerg" too.
It is also possible to use placeholders to specifiy the same rule for every facility (or some of them) at once.
See the man page of
syslog.conf and probably
sysklogd.conf for details.
I hope this helps.
bakunin