1 Introduction:
Most of the Linux systems use Syslog tools, it is quite flexible to make the system different activities according to different log input items. The SYSLOG tool consists of a daemon. It accepts log information of the access system and processes this information according to instructions in the /etc/syslog.conf configuration file. Programs, daemons and kernels provide log information for accessing the system. Therefore, any programs that wish to generate log information can generate this information to the SYSLOG interface. Typically, syslog accepts information from the various functions of the system, each information including important levels. The /etc/syslog.conf file notifies Syslogd how to report information based on the importance of equipment and information.
2, / etc / syslog.conf
The /etc/syslog.conf file uses the following form:
Facility.Level Action
Facility specifies the syslog function, mainly including these:
Auth is reported by the PAM_PWDB.
Authpriv includes certification activities such as user names
CRON is related to CRON and AT.
DAEMON related to the inetd daemon.
KERN kernel information first passed through Klogd.
LPR related to the print service.
Mail related information related to email
Mark Syslog internal features for generating timestamps
News from news server information
Syslog is generated by syslog
User generated by the user program
UUCP information generated by UUCP
Local0 ---- Local7 uses custom programs, for example using local5 as SSH features
* Wildcard represents all functions other than MARK
The SYSLOG level is as follows:
Emerg or Panic is not available
Alert needs to be modified immediately
CRIT Blocks Error Conditions for Some Tools or Subsystem Functions
ERR blocking tool or some sub-system partial function implementation error condition
WARNING warning information
NOTICE is an important condition
INFO information message
Debug does not contain other information for function conditions or issues
None has no important level, usually used in troubleshooting
* All levels, in addition to NONE
The priority corresponding to each function is arranged in a certain order, and EMERG is the highest level, followed by Alert, and push it according to the time.
The activities represented by the Action field have many flexibility, in particular, the role of the name pipe can be used to generate the SyslogD to process information.
Syslog mainly supports the following activities
File specifies the absolute path of the file
TERMINAL or PRINT complete serial or parallel equipment flag
@Host Remote Log Server
UserName Send Information to the specified user using Write
Named Pipe Specifies the absolute path to the FIFO file that uses the mkfifo command to create.
3, syslogd daemon
The syslog daemon is called by the /etc/rc.d/init.d/syslog script, and the default is not used by default. But there are two options -R and -H useful.
If you want to use a log server, you must call syslogd -r. By default, Syslog does not accept information from the remote system. When the -r option is specified, syslogd will listen to the UDP package from the 514 port.