On this page
Syslog Better Logging Tutorial
Syslog is an excellent tool for system monitoring and is almost always included in your distribution. However, the default setup is terrible. It will log all kinds of useless messages in weird places. I've included a really good configuration that should be great for most systems. I've commented out the debug lines because they will fill your logs to quickly. I advise you only uncomment them when you are troubleshooting.
Syslog rules have three parts. Facility.Priority /path/to/log. Facility can refer to anything in the left column below. Priority can refer to anything in the right column below. Priorities are listed in order of increasing severity.
auth Debug authpriv Info daemon Notice cron Warning ftp Error lpr Critical kern Alert mail Emergency news syslog user uucp local0-local7
If you are wondering where to put the below rules, generally the file is in /etc/syslog.conf. However, it can be in /etc/sysconfig/syslog as well. Refer to your distro documentation for the location if you need too.
Once you are done make changes, you must restart the syslog daemon. You can restart with
/etc/init.d/syslogd restart
on most systems, other ways include:
/etc/init.d/syslogd
/etc/init.d/sysklogd
I've included extra lines to demonstrate the use of the local0-local7 logging facilities. These are free for your use, except in some cases, local7 is used for boot logs.
############################################# # Easier logging ############################################# ### General Logging #*.info;*.notoice /log/all.info #*.warning /log/all.warning #*.debug /log/all.debug *.err;*.crit;*.emerg /log/all.err ### Email Logging #mail.info;mail.notice /log/maillog/maillog.info # Enabling this will make REALLY HUGE log files mail.warning /log/maillog/maillog.warning #mail.debug /log/maillog/maillog.debug mail.err;mail.crit;mail.emerg /log/maillog/maillog.err ### FTP Logging ftp.info;ftp.notice /log/ftplog/ftplog.info ftp.warning /log/ftplog/ftplog.warning #ftp.debug /log/ftplog/ftplog.debug ftp.err;ftp.crit;ftp.emerg /log/ftplog/ftplog.err ### Cron Logging cron.info;cron.notice /log/cron/cron.info cron.warning /log/cron/cron.warning #cron.debug /log/cron/cron.debug cron.err;cron.crit;cron.emerg /log/cron/cron.err ### Authpriv Logging authpriv.info;authpriv.notice /log/secure/secure.info authpriv.warning /log/secure/secure.warning #authpriv.debug /log/secure/secure.debug authpriv.err;authpriv.crit;authpriv.emerg /log/secure/secure.err ### Authentication Logging auth.info;auth.notice /log/auth/auth.info auth.warning /log/auth/auth.warning #auth.debug /log/auth/auth.debug auth.err;auth.crit;auth.emerg /log/auth/auth.err ### Kernel Logging kern.info;kern.notice /log/kernel/kernel.info kern.warning /log/kernel/kernel.warning #kern.debug /log/kernel/kernel.debug kern.err;kern.crit;kern.emerg /log/kernel/kernel.err ### Boot Logging local7.info;local7.notice /log/boot/boot.info local7.warning /log/boot/boot.warning #local7.debug /log/boot/boot.debug local7.err;local7.crit;local7.emerg /log/boot/boot.err ### User Logging user.info;user.notice /log/user/user.info user.warning /log/user/user.warning #user.debug /log/user/user.debug user.err;user.crit;user.emerg /log/user/user.err ### Daemon Logging daemon.info;daemon.notice /log/daemon/daemon.info daemon.warning /log/daemon/daemon.warning #daemon.debug /log/daemon/daemon.debug daemon.err;daemon.crit;daemon.emerg /log/daemon/daemon.err ### Apache logging using local0 #local0.info;local0.notice /log/httpd/httpd.info #local0.warning /log/httpd/httpd.warning #local0.debug /log/httpd/httpd.debug #local0.err;local0.crit;local0.emerg /log/httpd/httpd.err ### Clamav logging using local1 #local1.info;local1.notice /log/clamav/clamav.info #local1.warning /log/clamav/clamav.warning #local1.debug /log/clamav/clamav.debug #local1.err;local1.crit;local1.emerg /log/clamav/clamav.err
