Editorial review of Local Logging section.

Sponsored by:	iXsystems

en_US.ISO8859-1/books/handbook/config/chapter.xml

@@ -1225,28 +1225,24 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
       <primary>&man.syslogd.8;</primary>
     </indexterm>
 
-    <para>System logging is an important aspect of system
+    <para>Generating and reading system logs is an important aspect of system
-      administration.  It is used to detect hardware and software
+      administration.  The information in system logs can be used to detect hardware and software
-      issues and errors in the system.  It plays an important role
+      issues as well as application and system configuration errors.  This information also plays an important role
-      in security auditing and incident response.  System daemons
+      in security auditing and incident response.  Most system daemons
-      without a controlling terminal usually log information to a
+      and applications will generate log entries.</para>
-      system logging facility or other log file.</para>
 
-      <para>In the default &os; configuration, &man.syslogd.8; is
+    <para>&os; provides a system logger,
-	started at boot.  This is controlled by the variable
+      <application>syslogd</application>, to manage logging.  By
+      default, <application>syslogd</application> is
+	started when the system boots.  This is controlled by the variable
 	<literal>syslogd_enable</literal> in
 	<filename>/etc/rc.conf</filename>.  There are numerous
-	application arguments that affect the behavior of
+	application arguments that can be set using
-	&man.syslogd.8;.  To change them, use
 	<literal>syslogd_flags</literal> in
 	<filename>/etc/rc.conf</filename>.  Refer to &man.syslogd.8;
-	for more information on the arguments, and &man.rc.conf.5;,
+	for more information on the available arguments.</para>
-	<xref linkend="configtuning-core-configuration"/> and
-	<xref linkend="configtuning-rcd"/> for more information about
-	<filename>/etc/rc.conf</filename> and the &man.rc.8;
-	subsystem.</para>
 
-    <para>This section describes how to configure and the &os;
+    <para>This section describes how to configure the &os;
       system logger for both local and remote logging and how to perform log rotation
       and log management.</para>
 
@@ -1255,24 +1251,23 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
 
       <indexterm><primary>syslog.conf</primary></indexterm>
 
-      <para>The configuration file, by default
+      <para>The configuration file,
 	<filename>/etc/syslog.conf</filename>, controls what
-	&man.syslogd.8; does with the log entries once they are
+	<application>syslogd</application> does with log entries as they are
 	received.  There are several parameters to control the
-	handling of incoming events, of which the most basic are
+	handling of incoming events.
-	<firstterm>facility</firstterm> and
+	The <firstterm>facility</firstterm> describes
-	<firstterm>level</firstterm>.  The facility describes
 	which subsystem generated the message, such as the kernel or a
-	daemon, and the level describes the severity of the event that
+	daemon, and the <firstterm>level</firstterm> describes the severity of the event that
-	occurred.  This makes it possible to log the message to
+	occurred.  This makes it possible to configure if and where a log message is
-	different log files, or discard it, depending on the facility
+	logged, depending on the facility
 	and level.  It is also possible to take action depending on
 	the application that sent the message, and in the case of
 	remote logging, the hostname of the machine generating
 	the logging event.</para>
 
-      <para>The configuration file for &man.syslogd.8; contains one
+      <para>This configuration file contains one
-	line per action, and the syntax for each line is a selector
+	line per action, where the syntax for each line is a selector
 	field followed by an action field.  The syntax of the selector
 	field is <replaceable>facility.level</replaceable> which will
 	match log messages from <replaceable>facility</replaceable>
@@ -1293,15 +1288,16 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
 #       separators. If you are sharing this file between systems, you
 #       may want to use only tabs as field separators here.
 #       Consult the syslog.conf(5) manpage.
-*.err;kern.warning;auth.notice;mail.crit                /dev/console <co xml:id="co-syslog-many-match"/>
+*.err;kern.warning;auth.notice;mail.crit                /dev/console
 *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
 security.*                                      /var/log/security
 auth.info;authpriv.info                         /var/log/auth.log
-mail.info                                       /var/log/maillog <co xml:id="co-syslog-one-match"/>
+mail.info                                       /var/log/maillog 
 lpr.info                                        /var/log/lpd-errs
 ftp.info                                        /var/log/xferlog
 cron.*                                          /var/log/cron
-*.=debug                                        /var/log/debug.log <co xml:id="co-syslog-comparison"/>
+!-devd
+*.=debug                                        /var/log/debug.log
 *.emerg                                         *
 # uncomment this to log all writes to /dev/console to /var/log/console.log
 #console.info                                   /var/log/console.log
@@ -1314,54 +1310,58 @@ cron.*                                          /var/log/cron
 # news.crit                                     /var/log/news/news.crit
 # news.err                                      /var/log/news/news.err
 # news.notice                                   /var/log/news/news.notice
-!ppp <co xml:id="co-syslog-prog-spec"/>
+# Uncomment this if you wish to see messages produced by devd
+# !devd
+# *.>=info  
+!ppp
 *.*                                             /var/log/ppp.log
 !*</programlisting>
 
-      <calloutlist>
+      <para>In this example:</para>
-	<callout arearefs="co-syslog-many-match">
+
-	  <para>Match all messages with a level of
+	<itemizedlist>
+	  <listitem>
+	  <para>Line 8 matches all messages with a level of
 	    <literal>err</literal> or higher, as well as
 	    <literal>kern.warning</literal>,
 	    <literal>auth.notice</literal> and
-	    <literal>mail.crit</literal>, and send these log messages
+	    <literal>mail.crit</literal>, and sends these log messages
 	    to the console
 	    (<filename>/dev/console</filename>).</para>
-	</callout>
+	  </listitem>
 
-	<callout arearefs="co-syslog-one-match">
+	<listitem>
-	  <para>Match all messages from the <literal>mail</literal>
+	  <para>Line 12 matches all messages from the <literal>mail</literal>
-	    facility at level <literal>info</literal> or above, and
+	    facility at level <literal>info</literal> or above and
-	    log the messages to
+	    logs the messages to
 	    <filename>/var/log/maillog</filename>.</para>
-	</callout>
+	  </listitem>
 
-	<callout arearefs="co-syslog-comparison">
+	<listitem>
-	  <para>This line uses a comparison flag, <literal>=</literal>
+	  <para>Line 17 uses a comparison flag (<literal>=</literal>)
-	    to only match messages at level <literal>debug</literal>,
+	    to only match messages at level <literal>debug</literal>
-	    and log them in
+	    and logs them to
 	    <filename>/var/log/debug.log</filename>.</para>
-	</callout>
+	  </listitem>
 
-	<callout arearefs="co-syslog-prog-spec">
+	<listitem>
-	  <para>Here is an example usage of a <emphasis>program
+	  <para>Line 33 is an example usage of a <emphasis>program
 	      specification</emphasis>.  This makes the rules
-	    following it only valid for the program in the program
+	    following it only valid for the specified program.
-	    specification.  In this case, this and the following
+	    In this case, only the
-	    lines log all messages from &man.ppp.8;, but no other
+	    messages generated by <application>ppp</application> are
-	    programs, to
+	    logged to
 	    <filename>/var/log/ppp.log</filename>.</para>
-	</callout>
+	  </listitem>
-      </calloutlist>
+	</itemizedlist>
 
-      <para>This example shows that there are plenty of levels and
+      <para>The available levels, in order from most to least
-	subsystems.  The levels are, in order from most to least
+	critical are <literal>emerg</literal>, <literal>alert</literal>,
-	critical: <literal>emerg</literal>, <literal>alert</literal>,
 	<literal>crit</literal>, <literal>err</literal>,
 	<literal>warning</literal>, <literal>notice</literal>,
 	<literal>info</literal>, and <literal>debug</literal>.</para>
 
-      <para>The facilities are, in no particular order:
+      <para>The facilities, in no particular order, are
 	<literal>auth</literal>, <literal>authpriv</literal>,
 	<literal>console</literal>, <literal>cron</literal>,
 	<literal>daemon</literal>, <literal>ftp</literal>,
@@ -1373,11 +1373,10 @@ cron.*                                          /var/log/cron
 	<literal>local7</literal>.  Be aware that other operating
 	systems might have different facilities.</para>
 
-      <para>With this knowledge, it is easy to add a new line to
+      <para>To log everything
-	<filename>/etc/syslog.conf</filename> to log everything from
+	of level <literal>notice</literal> and
-	the different daemons on level <literal>notice</literal> and
+	higher to <filename>/var/log/daemon.log</filename>, add
-	higher to <filename>/var/log/daemon.log</filename>.  Just add
+	the following entry:</para>
-	the following:</para>
 
       <programlisting>daemon.notice                                        /var/log/daemon.log</programlisting>