Editorial review of Local Logging section.
Sponsored by: iXsystems
This commit is contained in:
Dru Lavigne
parent
32d981fc70
commit
f6ac0be8db
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=44342
1 changed files with 61 additions and 62 deletions
|
|
@ -1225,28 +1225,24 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
|
|||
<primary>&man.syslogd.8;</primary>
|
||||
</indexterm>
|
||||
|
||||
<para>System logging is an important aspect of system
|
||||
administration. It is used to detect hardware and software
|
||||
issues and errors in the system. It plays an important role
|
||||
in security auditing and incident response. System daemons
|
||||
without a controlling terminal usually log information to a
|
||||
system logging facility or other log file.</para>
|
||||
<para>Generating and reading system logs is an important aspect of system
|
||||
administration. The information in system logs can be used to detect hardware and software
|
||||
issues as well as application and system configuration errors. This information also plays an important role
|
||||
in security auditing and incident response. Most system daemons
|
||||
and applications will generate log entries.</para>
|
||||
|
||||
<para>In the default &os; configuration, &man.syslogd.8; is
|
||||
started at boot. This is controlled by the variable
|
||||
<para>&os; provides a system logger,
|
||||
<application>syslogd</application>, to manage logging. By
|
||||
default, <application>syslogd</application> is
|
||||
started when the system boots. This is controlled by the variable
|
||||
<literal>syslogd_enable</literal> in
|
||||
<filename>/etc/rc.conf</filename>. There are numerous
|
||||
application arguments that affect the behavior of
|
||||
&man.syslogd.8;. To change them, use
|
||||
application arguments that can be set using
|
||||
<literal>syslogd_flags</literal> in
|
||||
<filename>/etc/rc.conf</filename>. Refer to &man.syslogd.8;
|
||||
for more information on the arguments, and &man.rc.conf.5;,
|
||||
<xref linkend="configtuning-core-configuration"/> and
|
||||
<xref linkend="configtuning-rcd"/> for more information about
|
||||
<filename>/etc/rc.conf</filename> and the &man.rc.8;
|
||||
subsystem.</para>
|
||||
for more information on the available arguments.</para>
|
||||
|
||||
<para>This section describes how to configure and the &os;
|
||||
<para>This section describes how to configure the &os;
|
||||
system logger for both local and remote logging and how to perform log rotation
|
||||
and log management.</para>
|
||||
|
||||
|
|
@ -1255,24 +1251,23 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
|
|||
|
||||
<indexterm><primary>syslog.conf</primary></indexterm>
|
||||
|
||||
<para>The configuration file, by default
|
||||
<para>The configuration file,
|
||||
<filename>/etc/syslog.conf</filename>, controls what
|
||||
&man.syslogd.8; does with the log entries once they are
|
||||
<application>syslogd</application> does with log entries as they are
|
||||
received. There are several parameters to control the
|
||||
handling of incoming events, of which the most basic are
|
||||
<firstterm>facility</firstterm> and
|
||||
<firstterm>level</firstterm>. The facility describes
|
||||
handling of incoming events.
|
||||
The <firstterm>facility</firstterm> describes
|
||||
which subsystem generated the message, such as the kernel or a
|
||||
daemon, and the level describes the severity of the event that
|
||||
occurred. This makes it possible to log the message to
|
||||
different log files, or discard it, depending on the facility
|
||||
daemon, and the <firstterm>level</firstterm> describes the severity of the event that
|
||||
occurred. This makes it possible to configure if and where a log message is
|
||||
logged, depending on the facility
|
||||
and level. It is also possible to take action depending on
|
||||
the application that sent the message, and in the case of
|
||||
remote logging, the hostname of the machine generating
|
||||
the logging event.</para>
|
||||
|
||||
<para>The configuration file for &man.syslogd.8; contains one
|
||||
line per action, and the syntax for each line is a selector
|
||||
<para>This configuration file contains one
|
||||
line per action, where the syntax for each line is a selector
|
||||
field followed by an action field. The syntax of the selector
|
||||
field is <replaceable>facility.level</replaceable> which will
|
||||
match log messages from <replaceable>facility</replaceable>
|
||||
|
|
@ -1293,15 +1288,16 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
|
|||
# separators. If you are sharing this file between systems, you
|
||||
# may want to use only tabs as field separators here.
|
||||
# Consult the syslog.conf(5) manpage.
|
||||
*.err;kern.warning;auth.notice;mail.crit /dev/console <co xml:id="co-syslog-many-match"/>
|
||||
*.err;kern.warning;auth.notice;mail.crit /dev/console
|
||||
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
|
||||
security.* /var/log/security
|
||||
auth.info;authpriv.info /var/log/auth.log
|
||||
mail.info /var/log/maillog <co xml:id="co-syslog-one-match"/>
|
||||
mail.info /var/log/maillog
|
||||
lpr.info /var/log/lpd-errs
|
||||
ftp.info /var/log/xferlog
|
||||
cron.* /var/log/cron
|
||||
*.=debug /var/log/debug.log <co xml:id="co-syslog-comparison"/>
|
||||
!-devd
|
||||
*.=debug /var/log/debug.log
|
||||
*.emerg *
|
||||
# uncomment this to log all writes to /dev/console to /var/log/console.log
|
||||
#console.info /var/log/console.log
|
||||
|
|
@ -1314,54 +1310,58 @@ cron.* /var/log/cron
|
|||
# news.crit /var/log/news/news.crit
|
||||
# news.err /var/log/news/news.err
|
||||
# news.notice /var/log/news/news.notice
|
||||
!ppp <co xml:id="co-syslog-prog-spec"/>
|
||||
# Uncomment this if you wish to see messages produced by devd
|
||||
# !devd
|
||||
# *.>=info
|
||||
!ppp
|
||||
*.* /var/log/ppp.log
|
||||
!*</programlisting>
|
||||
|
||||
<calloutlist>
|
||||
<callout arearefs="co-syslog-many-match">
|
||||
<para>Match all messages with a level of
|
||||
<para>In this example:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Line 8 matches all messages with a level of
|
||||
<literal>err</literal> or higher, as well as
|
||||
<literal>kern.warning</literal>,
|
||||
<literal>auth.notice</literal> and
|
||||
<literal>mail.crit</literal>, and send these log messages
|
||||
<literal>mail.crit</literal>, and sends these log messages
|
||||
to the console
|
||||
(<filename>/dev/console</filename>).</para>
|
||||
</callout>
|
||||
</listitem>
|
||||
|
||||
<callout arearefs="co-syslog-one-match">
|
||||
<para>Match all messages from the <literal>mail</literal>
|
||||
facility at level <literal>info</literal> or above, and
|
||||
log the messages to
|
||||
<listitem>
|
||||
<para>Line 12 matches all messages from the <literal>mail</literal>
|
||||
facility at level <literal>info</literal> or above and
|
||||
logs the messages to
|
||||
<filename>/var/log/maillog</filename>.</para>
|
||||
</callout>
|
||||
</listitem>
|
||||
|
||||
<callout arearefs="co-syslog-comparison">
|
||||
<para>This line uses a comparison flag, <literal>=</literal>
|
||||
to only match messages at level <literal>debug</literal>,
|
||||
and log them in
|
||||
<listitem>
|
||||
<para>Line 17 uses a comparison flag (<literal>=</literal>)
|
||||
to only match messages at level <literal>debug</literal>
|
||||
and logs them to
|
||||
<filename>/var/log/debug.log</filename>.</para>
|
||||
</callout>
|
||||
</listitem>
|
||||
|
||||
<callout arearefs="co-syslog-prog-spec">
|
||||
<para>Here is an example usage of a <emphasis>program
|
||||
<listitem>
|
||||
<para>Line 33 is an example usage of a <emphasis>program
|
||||
specification</emphasis>. This makes the rules
|
||||
following it only valid for the program in the program
|
||||
specification. In this case, this and the following
|
||||
lines log all messages from &man.ppp.8;, but no other
|
||||
programs, to
|
||||
following it only valid for the specified program.
|
||||
In this case, only the
|
||||
messages generated by <application>ppp</application> are
|
||||
logged to
|
||||
<filename>/var/log/ppp.log</filename>.</para>
|
||||
</callout>
|
||||
</calloutlist>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>This example shows that there are plenty of levels and
|
||||
subsystems. The levels are, in order from most to least
|
||||
critical: <literal>emerg</literal>, <literal>alert</literal>,
|
||||
<para>The available levels, in order from most to least
|
||||
critical are <literal>emerg</literal>, <literal>alert</literal>,
|
||||
<literal>crit</literal>, <literal>err</literal>,
|
||||
<literal>warning</literal>, <literal>notice</literal>,
|
||||
<literal>info</literal>, and <literal>debug</literal>.</para>
|
||||
|
||||
<para>The facilities are, in no particular order:
|
||||
<para>The facilities, in no particular order, are
|
||||
<literal>auth</literal>, <literal>authpriv</literal>,
|
||||
<literal>console</literal>, <literal>cron</literal>,
|
||||
<literal>daemon</literal>, <literal>ftp</literal>,
|
||||
|
|
@ -1373,11 +1373,10 @@ cron.* /var/log/cron
|
|||
<literal>local7</literal>. Be aware that other operating
|
||||
systems might have different facilities.</para>
|
||||
|
||||
<para>With this knowledge, it is easy to add a new line to
|
||||
<filename>/etc/syslog.conf</filename> to log everything from
|
||||
the different daemons on level <literal>notice</literal> and
|
||||
higher to <filename>/var/log/daemon.log</filename>. Just add
|
||||
the following:</para>
|
||||
<para>To log everything
|
||||
of level <literal>notice</literal> and
|
||||
higher to <filename>/var/log/daemon.log</filename>, add
|
||||
the following entry:</para>
|
||||
|
||||
<programlisting>daemon.notice /var/log/daemon.log</programlisting>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue