The following sections sumarizes information from old
man-page (the syntax largely supported by the new
/etc/syslog.conf configuration file was replaced by package
/etc/rsyslog.conf configuration file since Fedora 8 and RHEL6 .
sysklogd has two log daemons:
klogdkernel log daemon service for kernel messages and events.
sysklogddaemon logs all other process activity.
Both are controlled by the
New package with
rsyslogd daemon replaces both
It is subject to configuration, but most of the messages logged through either
rsyslogd are written to files in the
For example, the two key log files in conventional configuration are:
Every rule consists of two fields separated by whitespaces:
Selector: Facility and Priority
Selector field itself again consists of two case insensitive parts separated by a period (
C program both values can be specified numerically according to
Facility argument is used to specify what type of program is logging the message. This lets the configuration file specify that messages from different facilities will be handled differently.
Priority defines the severity of the message (in ascending order according to
debug info notice warn err crit alert emerg
none logs all messages at all levels for the facility.
In most cases anyone can log to any facility (except
kern facility which is not allowed by software) - facility is just a convention.
Selector (combination of exact
Facility.Priority) in the selector field overwrites the preceding ones which allows overwriting specific case from previous pattern.
* stands for all facilities or all priorities.
You can specify multiple facilities with the same priority pattern in one statement using the comma (
Multiple selectors may be specified for a single action using the semicolon (
You may precede every priority with an equation sign (
=) to specify that syslogd should only refer to this single priority and not this priority and all higher priorities.
You may also precide the priority with an exclamation mark (
!) if you want syslogd to ignore this priority and all higher priorities.
You may even use both, the exclamation mark and the equation sign if you want syslogd to ignore only this single priority.
The action field of a rule describes the abstract term "logfile". A "log file" need not to be a real file.
The file has to be specified with full pathname, beginning with a slash
You may prefix each entry with the minus sign
- to omit syncing the file after every logging.
mail.* -/var/log/maillog cron.* /var/log/cron
To forward messages to another host, prepend the hostname with the at sign (
The remote host won't forward the message again, it will just log them locally.
rsyslogd service has more detailed configuration to forward logs on remote host.