- 论坛徽章:
- 0
|
NAME
syslog.conf - syslogd(8) configuration file
DESCRIPTION
The syslog.conf file is the main configuration file for the sys-
logd(8) which logs system messages on *nix systems. This file
specifies rules for logging. For special features see the
sysklogd(8) manpage.
syslog.conf文件是对syslogd程序的主要配置文件,syslogd程序是unix记录系统登录信息的程序。这个文件为登录配置规则,更多特征请查看syslogd程序的manpage。
Every rule consists of two fields, a selector field and an
action field. These two fields are separated by one or more
spaces or tabs. The selector field specifies a pattern of
facilities and priorities belonging to the specified action.
每个规则包含两个条目,一个选择条目,一个动作条目。这两个条目被一个或者更多的空格和tabs键隔断。选择条目规定了指定的服务样式和特殊动作的优先权。
Lines starting with a hash mark (‘‘#’’) and empty lines are
ignored.
忽略空行和以#开头的行。
This release of syslogd is able to understand an extended syn-
tax. One rule can be divided into several lines if the leading
line is terminated with an backslash (‘‘\’’).
这个版本的syslogd能够理解扩展语句。如果首行以\结束,一个规则能被分成多个行,
SELECTORS
The selector field itself again consists of two parts, a facil-
ity and a priority, separated by a period (‘‘.’’). Both parts
are case insensitive and can also be specified as decimal num-
bers, but don’t do that, you have been warned. Both facilities
and priorities are described in syslog(3). The names mentioned
below correspond to the similar LOG_-values in /usr/include/sys-
log.h.
选择条目又分成两个部分,服务和优先权,服务和优先权被句点(‘‘.’’)隔开。这两部分都有不够友好的实例也能被十进制数字定义,但是不建议你那么做,你已接到警告。在syslog里描述了服务和优先权。这些被提及的名字在相当于类似在/usr/include/sys-log.h里的LOG_-values。
The facility is one of the following keywords: auth, authpriv,
cron, daemon, kern, lpr, mail, mark, news, security (same as
auth), syslog, user, uucp and local0 through local7. The key-
word security should not be used anymore and mark is only for
internal use and therefore should not be used in applications.
Anyway, you may want to specify and redirect these messages
here. The facility specifies the subsystem that produced the
message, i.e. all mail programs log with the mail facility
(LOG_MAIL) if they log using syslog.
服务是下列关键字的一种:auth, authpriv,cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp 和 从local0 到local7.关键字应该还没被使用 ,只在内部做标记使用。因此,应该没被在任何程序里使用。不管怎样,你应该在这里指定或者改变这些信息。服务定义了产生messages的子系统。举个例子,如果mail程序登录使用syslog,所有的mail登录信息都在LOG_MAIL里。
The priority is one of the following keywords, in ascending
order: debug, info, notice, warning, warn (same as warning),
err, error (same as err), crit, alert, emerg, panic (same as
emerg). The keywords error, warn and panic are deprecated and
should not be used anymore. The priority defines the severity
of the message
优先权是下列关键字之一,按照从不重要到重要的顺序排列是:debug, info, notice, warning, warn (和warning一样。),err, error (和err一样。), crit, alert, emerg, panic (和emerg一样。). 不提倡使用关键字error, warn 和 panic,在任何情况下都不提倡。优先权表示了message的严重程度。
The behavior of the original BSD syslogd is that all messages of
the specified priority and higher are logged according to the
given action. This syslogd(8) behaves the same, but has some
extensions.
原始的BSD syslogd行为是根据给定的动作,记录所有的优先权及更高优先权的信息。syslogd具有相同机制,但是还有些扩展。
In addition to the above mentioned names the syslogd(8) under-
stands the following extensions: An asterisk (‘‘*’’) stands for
all facilities or all priorities, depending on where it is used
(before or after the period). The keyword none stands for no
priority of the given facility.
除了以上提及的在syslogd中的名字,syslogd还有下面一些扩展:星号*表示所有的服务或优先权。依赖*在句点的前面或后面而定。关键字none表示不记录给定服务的优先权。
You can specify multiple facilities with the same priority pat-
tern in one statement using the comma (‘‘,’’) operator. You may
specify as much facilities as you want. Remember that only the
facility part from such a statement is taken, a priority part
would be skipped.
可以使用‘‘,’’操作符来为同一优先权的不同服务指定信息。你想定义多少服务就可以定义多少服务。注意只有指定的服务部分才被采用,优先权部分被跳过。
Multiple selectors may be specified for a single action using
the semicolon (‘‘;’’) separator. Remember that each selector in
the selector field is capable to overwrite the preceding ones.
Using this behavior you can exclude some priorities from the
pattern.
可以使用‘‘;’’操作符来为多重服务指定到一个动作里。注意多重服务里的每一个服务会覆盖先前定义的服务。使用这个行为你可以在样式里排除一些优先权。
This syslogd(8) has a syntax extension to the original BSD
source, that makes its use more intuitively. You may precede
every priority with an equation sign (‘‘=’’) to specify only
this single priority and not any of the above. You may also
(both is valid, too) precede the priority with an exclamation
mark (‘‘!’’) to ignore all that priorities, either exact this
one or this and any higher priority. If you use both extensions
than the exclamation mark must occur before the equation sign,
just use it intuitively.
对原始的BSD代码来说,syslogd(8)有一些语句的扩展,,这可以让syslogd(8)使用起来更直观。你可以使用‘‘=’’预先定义一些优先权。只要这个特定的优先权而不要其他的优先权。你也可以使用感叹号‘‘!’’来预先定义一些优先权,忽略所有的优先权,只要除了这一个的其他更高的优先权。如果你使用这两个扩展语句,感叹号语句必须在等号之前运行。使用起来非常直观。
ACTIONS 动作
The action field of a rule describes the abstract term ‘‘log-
file’’. A ‘‘logfile’’ need not to be a real file, btw. The
syslogd(8) provides the following actions.
一个规则的动作条目描述抽象词语‘‘log-file’’。一个‘‘logfile’’不需要是一个真实文件,顺便说一下,syslogd(8)给出了下面几种动作。
Regular File 规则文件
Typically messages are logged to real files. The file has to be
specified with full pathname, beginning with a slash ‘‘/’’.
典型信息被记录到真实文件中去,此文件必须有完整路径,开始与符号‘‘/’’。
You may prefix each entry with the minus ‘‘-’’ sign to omit
syncing the file after every logging. Note that you might lose
information if the system crashes right behind a write attempt.
Nevertheless this might give you back some performance, especially if you run programs that use logging in a very verbose
manner.
你可以在完整路径的前缀上加上减号‘‘-’’,用来在每次登录之后省略同步的文件。注意如果系统在企图写入后失败,你可能会丢失信息。然而,这可以给你返回一些执行信息,尤其是你运行了一个阬长的程序。
Named Pipes
This version of syslogd(8) has support for logging output to
named pipes (fifos). A fifo or named pipe can be used as a des-
tination for log messages by prepending a pipe symbol (‘‘|’’) to
the name of the file. This is handy for debugging. Note that
the fifo must be created with the mkfifo(1) command before sys-
logd(8) is started.
Terminal and Console
If the file you specified is a tty, special tty-handling is
done, same with /dev/console.
Remote Machine
This syslogd(8) provides full remote logging, i.e. is able to
send messages to a remote host running syslogd(8) and to receive
messages from remote hosts. The remote host won’t forward the
message again, it will just log them locally. To forward mes-
sages to another host, prepend the hostname with the at sign
(‘‘@’’).
Using this feature you’re able to control all syslog messages on
one host, if all other machines will log remotely to that. This
tears down administration needs.
List of Users
Usually critical messages are also directed to ‘‘root’’ on that
machine. You can specify a list of users that shall get the
message by simply writing the login. You may specify more than
one user by separating them with commas (‘‘,’’). If they’re
logged in they get the message. Don’t think a mail would be
sent, that might be too late.
Everyone logged on
Emergency messages often go to all users currently online to
notify them that something strange is happening with the system.
To specify this wall(1)-feature use an asterisk (‘‘*’’).
EXAMPLES
Here are some example, partially taken from a real existing site
and configuration. Hopefully they rub out all questions to the
configuration, if not, drop me (Joey) a line.
# Store critical stuff in critical
#
*.=crit;kern.none /var/adm/critical
This will store all messages with the priority crit in the file
/var/adm/critical, except for any kernel message.
# Kernel messages are first, stored in the kernel
# file, critical messages and higher ones also go
# to another host and to the console
#
kern.* /var/adm/kernel
kern.crit @finlandia
kern.crit /dev/console
kern.info;kern.!err /var/adm/kernel-info
The first rule direct any message that has the kernel facility
to the file /var/adm/kernel.
The second statement directs all kernel messages of the priority
crit and higher to the remote host finlandia. This is useful,
because if the host crashes and the disks get irreparable errors
you might not be able to read the stored messages. If they’re
on a remote host, too, you still can try to find out the reason
for the crash.
The third rule directs these messages to the actual console, so
the person who works on the machine will get them, too.
The fourth line tells the syslogd to save all kernel messages
that come with priorities from info up to warning in the file
/var/adm/kernel-info. Everything from err and higher is
excluded.
# The tcp wrapper loggs with mail.info, we display
# all the connections on tty12
#
mail.=info /dev/tty12
This directs all messages that uses mail.info (in source
LOG_MAIL | LOG_INFO) to /dev/tty12, the 12th console. For exam-
ple the tcpwrapper tcpd(8) uses this as it’s default.
# Store all mail concerning stuff in a file
#
mail.*;mail.!=info /var/adm/mail
This pattern matches all messages that come with the mail facil-
ity, except for the info priority. These will be stored in the
file /var/adm/mail.
# Log all mail.info and news.info messages to info
#
mail,news.=info /var/adm/info
This will extract all messages that come either with mail.info
or with news.info and store them in the file /var/adm/info.
# Log info and notice messages to messages file
#
*.=info;*.=notice;\
mail.none /var/log/messages
This lets the syslogd log all messages that come with either the
info or the notice facility into the file /var/log/messages,
except for all messages that use the mail facility.
# Log info messages to messages file
#
*.=info;\
mail,news.none /var/log/messages
This statement causes the syslogd to log all messages that come
with the info priority to the file /var/log/messages. But any
message coming either with the mail or the news facility will
not be stored.
# Emergency messages will be displayed using wall
#
*.=emerg *
This rule tells the syslogd to write all emergency messages to
all currently logged in users. This is the wall action.
# Messages of the priority alert will be directed
# to the operator
#
*.alert root,joey
This rule directs all messages with a priority of alert or
higher to the terminals of the operator, i.e. of the users
‘‘root’’ and ‘‘joey’’ if they’re logged in.
*.* @finlandia
This rule would redirect all messages to a remote host called
finlandia. This is useful especially in a cluster of machines
where all syslog messages will be stored on only one machine.
CONFIGURATION FILE SYNTAX DIFFERENCES
Syslogd uses a slightly different syntax for its configuration
file than the original BSD sources. Originally all messages of
a specific priority and above were forwarded to the log file.
The modifiers ‘‘=’’, ‘‘!’’ and ‘‘-’’ were added to make
the
syslogd more flexible and to use it in a more intuitive manner.
The original BSD syslogd doesn’t understand spaces as separators
between the selector and the action field.
FILES
/etc/syslog.conf
Configuration file for syslogd
BUGS
The effects of multiple selectors are sometimes not intuitive.
For example ‘‘mail.crit,*.err’’ will select ‘‘mail’’ facility
messages at the level of ‘‘err’’ or higher, not at the level of
‘‘crit’’ or higher.
SEE ALSO
sysklogd(8), klogd(8), logger(1), syslog(2), syslog(3)
AUTHORS
The syslogd is taken from BSD sources, Greg Wettstein
(greg@wind.enjellic.com) performed the port to Linux, Martin
Schulze (joey@linux.de) made some bugfixes and added some new
features.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/68904/showart_1841185.html |
|
免费注册
发表于 2009-02-24 15:15