From f6ac0be8db9be6653602c34bb0795965f1e405e8 Mon Sep 17 00:00:00 2001 From: Dru Lavigne Date: Mon, 24 Mar 2014 14:36:59 +0000 Subject: [PATCH] Editorial review of Local Logging section. Sponsored by: iXsystems --- .../books/handbook/config/chapter.xml | 123 +++++++++--------- 1 file changed, 61 insertions(+), 62 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/config/chapter.xml b/en_US.ISO8859-1/books/handbook/config/chapter.xml index d1c380a591..294d6ffc95 100644 --- a/en_US.ISO8859-1/books/handbook/config/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/config/chapter.xml @@ -1225,28 +1225,24 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255" &man.syslogd.8; - System logging is an important aspect of system - administration. It is used to detect hardware and software - issues and errors in the system. It plays an important role - in security auditing and incident response. System daemons - without a controlling terminal usually log information to a - system logging facility or other log file. + Generating and reading system logs is an important aspect of system + administration. The information in system logs can be used to detect hardware and software + issues as well as application and system configuration errors. This information also plays an important role + in security auditing and incident response. Most system daemons + and applications will generate log entries. - In the default &os; configuration, &man.syslogd.8; is - started at boot. This is controlled by the variable + &os; provides a system logger, + syslogd, to manage logging. By + default, syslogd is + started when the system boots. This is controlled by the variable syslogd_enable in /etc/rc.conf. There are numerous - application arguments that affect the behavior of - &man.syslogd.8;. To change them, use + application arguments that can be set using syslogd_flags in /etc/rc.conf. Refer to &man.syslogd.8; - for more information on the arguments, and &man.rc.conf.5;, - and - for more information about - /etc/rc.conf and the &man.rc.8; - subsystem. + for more information on the available arguments. - This section describes how to configure and the &os; + This section describes how to configure the &os; system logger for both local and remote logging and how to perform log rotation and log management. @@ -1255,24 +1251,23 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255" syslog.conf - The configuration file, by default + The configuration file, /etc/syslog.conf, controls what - &man.syslogd.8; does with the log entries once they are + syslogd does with log entries as they are received. There are several parameters to control the - handling of incoming events, of which the most basic are - facility and - level. The facility describes + handling of incoming events. + The facility describes which subsystem generated the message, such as the kernel or a - daemon, and the level describes the severity of the event that - occurred. This makes it possible to log the message to - different log files, or discard it, depending on the facility + daemon, and the level describes the severity of the event that + occurred. This makes it possible to configure if and where a log message is + logged, depending on the facility and level. It is also possible to take action depending on the application that sent the message, and in the case of remote logging, the hostname of the machine generating the logging event. - The configuration file for &man.syslogd.8; contains one - line per action, and the syntax for each line is a selector + This configuration file contains one + line per action, where the syntax for each line is a selector field followed by an action field. The syntax of the selector field is facility.level which will match log messages from facility @@ -1293,15 +1288,16 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255" # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. -*.err;kern.warning;auth.notice;mail.crit /dev/console +*.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log -mail.info /var/log/maillog +mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron -*.=debug /var/log/debug.log +!-devd +*.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log @@ -1314,54 +1310,58 @@ cron.* /var/log/cron # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice -!ppp +# Uncomment this if you wish to see messages produced by devd +# !devd +# *.>=info +!ppp *.* /var/log/ppp.log !* - - - Match all messages with a level of + In this example: + + + + Line 8 matches all messages with a level of err or higher, as well as kern.warning, auth.notice and - mail.crit, and send these log messages + mail.crit, and sends these log messages to the console (/dev/console). - + - - Match all messages from the mail - facility at level info or above, and - log the messages to + + Line 12 matches all messages from the mail + facility at level info or above and + logs the messages to /var/log/maillog. - + - - This line uses a comparison flag, = - to only match messages at level debug, - and log them in + + Line 17 uses a comparison flag (=) + to only match messages at level debug + and logs them to /var/log/debug.log. - + - - Here is an example usage of a program + + Line 33 is an example usage of a program specification. This makes the rules - following it only valid for the program in the program - specification. In this case, this and the following - lines log all messages from &man.ppp.8;, but no other - programs, to + following it only valid for the specified program. + In this case, only the + messages generated by ppp are + logged to /var/log/ppp.log. - - + + - This example shows that there are plenty of levels and - subsystems. The levels are, in order from most to least - critical: emerg, alert, + The available levels, in order from most to least + critical are emerg, alert, crit, err, warning, notice, info, and debug. - The facilities are, in no particular order: + The facilities, in no particular order, are auth, authpriv, console, cron, daemon, ftp, @@ -1373,11 +1373,10 @@ cron.* /var/log/cron local7. Be aware that other operating systems might have different facilities. - With this knowledge, it is easy to add a new line to - /etc/syslog.conf to log everything from - the different daemons on level notice and - higher to /var/log/daemon.log. Just add - the following: + To log everything + of level notice and + higher to /var/log/daemon.log, add + the following entry: daemon.notice /var/log/daemon.log