系统日志文件说明syslog
发表于 : 2006-12-26 16:31
syslog系统日志说明
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
##############################################################
# First some standard logfiles. Log by facility(设备).
# * 除了“mark”之外的所有设备 mark 定期产生的时间戳
# auth 与安全和授权有关的命令
# authpriv 敏感/保密的授权消息
# cron 守护(服务)进程cron(按时间执行命令)
# daemon 系统守护(服务)进程
# kern 内核(kernel)
# lpr 行式打印机的假脱机系统
# mail sendmail以及其他与电子邮件相关的软件
# user 用户进程(如果没有指定,这将是默认值)
# uucp 为UUCP,并未使用
# syslog syslogd内部消息
# ftp ftp服务进程(守护进程)
# news Usernet新闻系统(守护进程)
##############################################################
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#################################################################
# syslog的严重级别(降序)
# emerg 恐慌状态 notice 需要调查的事项
# alert 紧急状态 info 提供信息的消息
# crit 临界状态 debug 仅供调试
# err 其他错误情况
# warning 警告消息
# ! 指除此优先级及其以上级别
# = 指仅此优先级
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
# mail.info 选择与邮件相关的、优先级为info或更高的消息
# mail.=info 只选择优先级为info的消息
# mail.info;mail.!err 只选择优先级为info、notice和warning的消息
# mail.debug;mail.!=warning 选择除warning之外的所有优先级
###########################################################
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some `catch-all' logfiles.
# *.=debug 所有debug消息 auth 与安全和授权相关,authpriv.none
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
# 把emerg 恐慌消息发给任何人
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
##############################################################
# First some standard logfiles. Log by facility(设备).
# * 除了“mark”之外的所有设备 mark 定期产生的时间戳
# auth 与安全和授权有关的命令
# authpriv 敏感/保密的授权消息
# cron 守护(服务)进程cron(按时间执行命令)
# daemon 系统守护(服务)进程
# kern 内核(kernel)
# lpr 行式打印机的假脱机系统
# mail sendmail以及其他与电子邮件相关的软件
# user 用户进程(如果没有指定,这将是默认值)
# uucp 为UUCP,并未使用
# syslog syslogd内部消息
# ftp ftp服务进程(守护进程)
# news Usernet新闻系统(守护进程)
##############################################################
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#################################################################
# syslog的严重级别(降序)
# emerg 恐慌状态 notice 需要调查的事项
# alert 紧急状态 info 提供信息的消息
# crit 临界状态 debug 仅供调试
# err 其他错误情况
# warning 警告消息
# ! 指除此优先级及其以上级别
# = 指仅此优先级
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
# mail.info 选择与邮件相关的、优先级为info或更高的消息
# mail.=info 只选择优先级为info的消息
# mail.info;mail.!err 只选择优先级为info、notice和warning的消息
# mail.debug;mail.!=warning 选择除warning之外的所有优先级
###########################################################
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some `catch-all' logfiles.
# *.=debug 所有debug消息 auth 与安全和授权相关,authpriv.none
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
# 把emerg 恐慌消息发给任何人
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole