syslog.conf – putting stuff where you want itThe default /etc/syslog.conf displays many messages directly on the console. That may not be what you want. Here’s how to change that.
syslogdsyslog is the function used by many programs to write a message to the system message logger (syslogd). The syslogd daemon reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file (/etc/syslog.conf).
syslog.confThe first thing you need to know about syslog.conf is that it needs tabs, not spaces. So if you modify your file and suddenly start getting errors like this, then you probably added spaces not tabs. Note that ee add spaces even if you press tab whereas vi does not. If in doubt, check it out.
Here is the default syslog.conf as it comes with FreeBSD 3.1:
# $Id: syslogconf.php,v 1.22 2007/08/27 16:34:48 dan Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/cron/log *.err root *.notice;news.err root *.alert root *.emerg * # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log
Here is the syslog.conf file I created for a friend (the first line is split for readablity):
*.*;mail.none;cron.none;kern.none;local0.none;ftp.none;auth.none; authpriv.none /var/log/messages mail.* /var/log/maillog cron.* /var/cron/log kern.* /var/log/kernel.log auth.*;authpriv.* /var/log/auth.log # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice local0.* /var/log/tcpd.log local0.info;local0.debug /var/log/firewall.log local0.err /var/log/firewall.err ftp.* /var/log/ftp.log !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log !popper *.* /var/log/popper.log
NOTE: the above examples contain spaces. Remember to change them to tabs if you do a copy/paste from here.
man syslog.confWhat you really need to read up on is man syslog.conf.
What’s changedThe first thing you should notice is that I’ve removed /dev/console from the file. The site did not want any messages appearing on the console. Some people are like that. You’ll also see that various other messages are diverted to other places. That’s what they wanted. You will have to decide if that’s for you or not.
After making changesAfter you make changes to /etc/syslog.conf, remember to tell syslogd about them! The following command will make syslogd read its configuration file.
killall -HUP syslogd