syslog.conf – putting stuff where you want it
The default /etc/syslog.conf displays many messages directly on the
console. That may not be what you want. Here’s how to change that.
syslogd
syslog is the function used by many programs to write a message to the system
message logger (syslogd). The syslogd daemon reads and logs
messages to the system console, log files, other machines and/or users as specified by its
configuration file (/etc/syslog.conf).
syslog.conf
The first thing you need to know about syslog.conf is that it needs tabs, not spaces.
So if you modify your file and suddenly start getting errors
like this, then you probably added spaces not tabs. Note that ee add
spaces even if you press tab whereas vi does not. If in doubt, check it
out.
Here is the default syslog.conf as it comes with FreeBSD 3.1:
# $Id: syslogconf.php,v 1.22 2007/08/27 16:34:48 dan Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/cron/log *.err root *.notice;news.err root *.alert root *.emerg * # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log
Here is the syslog.conf file I created for a friend (the first line is split
for readablity):
*.*;mail.none;cron.none;kern.none;local0.none;ftp.none;auth.none; authpriv.none /var/log/messages mail.* /var/log/maillog cron.* /var/cron/log kern.* /var/log/kernel.log auth.*;authpriv.* /var/log/auth.log # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice local0.* /var/log/tcpd.log local0.info;local0.debug /var/log/firewall.log local0.err /var/log/firewall.err ftp.* /var/log/ftp.log !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log !popper *.* /var/log/popper.log
NOTE: the above examples contain spaces. Remember to change them to tabs if you
do a copy/paste from here.
man syslog.conf
What you really need to read up on is man
syslog.conf.
What’s changed
The first thing you should notice is that I’ve removed /dev/console from
the file. The site did not want any messages appearing on the console. Some
people are like that. You’ll also see that various other messages are diverted to
other places. That’s what they wanted. You will have to decide if that’s for
you or not.
After making changes
After you make changes to /etc/syslog.conf, remember to tell syslogd
about them! The following command will make syslogd read its configuration
file.
killall -HUP syslogd