TITLE
    Mac OS X Server: The System Log
Article ID:
Created:
Modified:
60037
2/2/99
6/2/00

TOPIC

    The System Log is a background process that allows messages from different parts of the operating system to be recorded in several ways. These messages are often important in diagnosing problems with the system, but the messages contain other useful information. This document focuses on the syslog.conf file because understanding it is the key to understanding the system log and its functionality.


DISCUSSION

    The syslogd is the daemon (background process) that facilitates what is done with the message that the system has generated. The file /etc/syslog.conf is the configuration file that syslogd reads when it starts up.

    The syslogd is started when the /etc/rc script executes the /etc/startup/0900_SystemLog script. When the syslogd is started it creates a file called /var/run/syslog.pid. This file contains the process id of the syslogd so that it can be stopped. The syslogd can be stopped and restarted so that a new syslog.conf can be read by the syslogd without restarting the entire computer. The syslogd must be restarted for the changes in syslogd.conf to take effect.

    Restarting the syslogd can be done by executing the /etc/startup/0900_System Log script, or by typing syslogd at the command line. Note : this must be done as root.

    syslog.conf

    The syslog.conf file is the configuration file for the syslog. It has only a few operands, but it is highly configurable. The syslog.conf file is divided into two fields, the selector field and the action field. These are usually separated by two tabs.
    Selector Field
    Action Field
    facility.levels
    action

    The "*" symbol is a wildcard and denotes all facilities or levels.

    The Selector Field

    The selector field consists of the facility and the level, as shown in the table above. The facility is the part of the operating system reporting the messages, the level is the strength of message. If a message is at or above the level in the selector field, then the action is executed. Actions can do several things with the message and are discussed below.

    The possible facilities that can be used are: auth, authprive, cron, daemon, kern, lpr, mail, mark, new, syslog, user, uup, and local0 through local7.

    The possible levels are emerg, alert, crit, err, warning, notice, info, debug, and none. The levels are listed from highest to lowest, so a level of debug is the lowest level that can be set and it will report all messages.
    Facilities
    Levels
    auth
    alert
    authprive
    crit
    cron
    err
    daemon
    warning
    kern
    notice
    syslog
    info
    lpr
    debug
    mail
    mark
    user
    uup
    local0 through local7

    Each facility can be used with any level.

    Commas are used to separate multiple facilities from each other. Mulitple selector field on the same line can be separated by a semicolon. All selector fields on the same line have will have the action specified on that line.
    Selector Field
    Action Field
    facility,facility.level;facility.level,level;facility.level
    action

    All of the messages recorded by the system log would have the same action in this example.

    The Action Field

    The action field specifies what is done with the message. The following table lists the four possible actions, and what they do.
    Message Is
    Action
    appended to existing file
    /var/log/syslog
    sent to a host
    @[hostname]
    sent to a user
    user name (commas separate multiple users)
    sent to all users
    the "*" symbol

    Examples

    Anything after a "#" symbol on a line is a comment.
    kern,lpr.err root,jim_bob # sends kern and lpr level err and higher to the users root and jim_bob
    mail.*;cron.debug root #sends only to root
    mail.alert * #sends to all users
    syslog.err @records.foo.com #sends to the host records.foo.com

Document Information
Product Area: Mac OS System Software
Category: Mac OS X Server
Sub Category: General Topics
Keywords: kmosXserver

Copyright © 2000 Apple Computer, Inc. All rights reserved.