TOPIC The System Log is a background process that allows messages from different parts of the operating system to be recorded in several ways. These messages are often important in diagnosing problems with the system, but the messages contain other useful information. This document focuses on the syslog.conf file because understanding it is the key to understanding the system log and its functionality. DISCUSSION The syslogd is the daemon (background process) that facilitates what is done with the message that the system has generated. The file /etc/syslog.conf is the configuration file that syslogd reads when it starts up. The syslogd is started when the /etc/rc script executes the /etc/startup/0900_SystemLog script. When the syslogd is started it creates a file called /var/run/syslog.pid. This file contains the process id of the syslogd so that it can be stopped. The syslogd can be stopped and restarted so that a new syslog.conf can be read by the syslogd without restarting the entire computer. The syslogd must be restarted for the changes in syslogd.conf to take effect. Restarting the syslogd can be done by executing the /etc/startup/0900_System Log script, or by typing syslogd at the command line. Note : this must be done as root. syslog.conf The syslog.conf file is the configuration file for the syslog. It has only a few operands, but it is highly configurable. The syslog.conf file is divided into two fields, the selector field and the action field. These are usually separated by two tabs.
The "*" symbol is a wildcard and denotes all facilities or levels. The Selector Field The selector field consists of the facility and the level, as shown in the table above. The facility is the part of the operating system reporting the messages, the level is the strength of message. If a message is at or above the level in the selector field, then the action is executed. Actions can do several things with the message and are discussed below. The possible facilities that can be used are: auth, authprive, cron, daemon, kern, lpr, mail, mark, new, syslog, user, uup, and local0 through local7. The possible levels are emerg, alert, crit, err, warning, notice, info, debug, and none. The levels are listed from highest to lowest, so a level of debug is the lowest level that can be set and it will report all messages.
Each facility can be used with any level. Commas are used to separate multiple facilities from each other. Mulitple selector field on the same line can be separated by a semicolon. All selector fields on the same line have will have the action specified on that line.
All of the messages recorded by the system log would have the same action in this example. The Action Field The action field specifies what is done with the message. The following table lists the four possible actions, and what they do.
Examples Anything after a "#" symbol on a line is a comment.
|
Document Information | |
Product Area: | Mac OS System Software |
Category: | Mac OS X Server |
Sub Category: | General Topics |
Keywords: | kmosXserver |
Copyright © 2000 Apple Computer, Inc. All rights reserved.