syslog.conf – putting stuff where you want it

syslog.conf – putting stuff where you want it

The default /etc/syslog.conf displays many messages directly on the
console.   That may not be what you want.  Here’s how to change that.

syslogd

syslog is the function used by many programs to write a message to the system
message logger (syslogd).  The syslogd daemon reads and logs
messages to the system console, log files, other machines and/or users as specified by its
configuration file (/etc/syslog.conf).

syslog.conf

The first thing you need to know about syslog.conf is that it needs tabs, not spaces.
  So if you modify your file and suddenly start getting errors
like this
, then you probably added spaces not tabs.  Note that ee add
spaces even if you press tab whereas vi does not.  If in doubt, check it
out.

Here is the default syslog.conf as it comes with FreeBSD 3.1:

#       $Id: syslogconf.php,v 1.22 2007/08/27 16:34:48 dan Exp $
#
#       Spaces are NOT valid field separators in this file.
#       Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit          /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
cron.*                                          /var/cron/log
*.err                                           root
*.notice;news.err                               root
*.alert                                         root
*.emerg                                         *
# uncomment these if you're running inn
# news.crit                                  /var/log/news/news.crit
# news.err                                   /var/log/news/news.err
# news.notice                                /var/log/news/news.notice
!startslip
*.*                                          /var/log/slip.log
!ppp
*.*                                          /var/log/ppp.log

Here is the syslog.conf file I created for a friend (the first line is split
for readablity):

*.*;mail.none;cron.none;kern.none;local0.none;ftp.none;auth.none;
                                      authpriv.none  /var/log/messages
mail.*                                       /var/log/maillog
cron.*                                       /var/cron/log
kern.*                                       /var/log/kernel.log
auth.*;authpriv.*                            /var/log/auth.log

# uncomment these if you're running inn
# news.crit                                  /var/log/news/news.crit
# news.err                                   /var/log/news/news.err
# news.notice                                /var/log/news/news.notice

local0.*                                     /var/log/tcpd.log
local0.info;local0.debug                     /var/log/firewall.log
local0.err                                   /var/log/firewall.err

ftp.*                                        /var/log/ftp.log

!startslip
*.*                                          /var/log/slip.log

!ppp
*.*                                          /var/log/ppp.log

!popper
*.*                                          /var/log/popper.log

NOTE: the above examples contain spaces.  Remember to change them to tabs if you
do a copy/paste from here.

man syslog.conf

What you really need to read up on is man
syslog.conf
.

What’s changed

The first thing you should notice is that I’ve removed /dev/console from
the file.  The site did not want any messages appearing on the console.  Some
people are like that.  You’ll also see that various other messages are diverted to
other places.  That’s what they wanted.  You will have to decide if that’s for
you or not.

After making changes

After you make changes to /etc/syslog.conf, remember to tell syslogd
about them!  The following command will make syslogd read its configuration
file.

killall -HUP syslogd

Leave a Comment

Scroll to Top