syslogd
PURPOSE
Reads and logs messages.
SYNOPSIS
/etc/syslogd [-f configfile][-m markinterval][-d]
DESCRIPTION
The syslogd command reads and logs messages into a set of
files described by the configuration file
/etc/syslog.config. This daemon configures itself when
it starts up and whenever it receives a hangup signal.
Each message read by syslogd is one line. A message can
contain a priority code (marked by a number in "< >"
brackets at the beginning of the line) and message text.
Priorities are defined in sys/syslog.h. The syslogd
command reads from the AIX domain socket /dev/log or from
an Internet domain socket specified in /etc/services.
Each line in the syslogd configuration file must consist
of two parts:
o A selector to determine the message priorities to
which the line applies
o An action.
The two fields must be separated by one or more tabs.
Here is an example of the line in a configuration file:
mail.info;*.notice /usr/spool/adm/syslog
The first part, the selector, is semicolon-separated list
of priority specifiers. Each priority specifier consists
of a facility describing the part of the system that gen-
erated the message, a "." (period), and a level indi-
cating the severity of the message. Symbolic names may
be used and an "*" (asterisk) specifies all facilities.
All messages of the specified level or higher (greater
severity) are selected. In the previous example, syslogd
selects the "mail" facility at the "info" level (or
higher) and all facilities at the "notice" level (or
higher).
More than one facility may be selected using commas to
separate them. For example:
*.emerg;mail,daemon.crit
selects all facilities at the "emerg" level (or higher)
and the "mail" and "daemon" facilities at the "crit"
level (or higher).
Known facilities and levels recognized by syslogd are
those listed under syslog in the AIX Operating System
Technical Reference. When you specify the name of a
facility or level in a syslogd configuration file, omit
the LOG_ prefix used by syslog in the name. For
example, syslog lists LOG_DEBUG as the lowest level. To
specify this level in a syslogd configuration file,
specify "debug".
In addition to these facilities, there is a mark
facility. This facility has messages at priority info
sent to it every 20 minutes. You can change the mark
time interval with the -m flag. The mark facility is not
enabled by a facility field containing an asterisk; you
must explicitly enable it. For example:
kern,mark.debug
logs kernel messages and 20 minute marks of "debug" level
(or higher).
The level none may be used to disable a particular
facility. For example:
*.debug;mail.none
logs all messages except mail messages.
The second part of each line, the action, describes where
the message is to be logged if the line is selected.
There are four forms:
o A file name beginning with a leading "/" (Selected
messages are appended to this file)
o A host name preceded by a "@" (Selected messages are
forwarded to syslogd on the named host)
o A comma-separated list of users (Selected messages
are written to those users, if they are logged in)
o An "*" (Selected messages are written to all
logged-in users).
For example:
*.crit /usr/adm/critical
kern.err @nick
*.alert bobbi,kristi
*.emerg *
logs critical (or higher) messages into
"/usr/adm/critical", forwards kernel messages of error
severity (or higher) to syslogd on the host "nick",
informs the users "bobbi" and "kristi" of any alert (or
higher) messages, and informs all logged-in users of any
emergency messages.
Blank lines and lines beginning with "#" are ignored.
The syslogd command creates the file /etc/syslog.pid,
containing a single line with its process id. This file
can be used to kill or reconfigure syslogd. To bring
syslogd down, it should be sent a terminate signal. For
example:
kill 'cat /etc/syslog.pid'
FLAGS
-d Turns on debugging.
-f configfile Specifies an alternate configuration
file.
-m markinterval Specifies the number of minutes between
mark messages.
EXAMPLE
To start syslogd daemon and and change the mark
interval:
syslogd -m30
This command changes the mark interval to 30 minutes.
If the configuration file contains:
kern,mark.notice /usr/adm/notice
kern.err @scott
*.info;mail.none /usr/spool/adm/syslog
*.alert;auth.warning darlene
syslogd logs kernel messages and 30 minute marks at
"notice" level (or higher) in the file
"/usr/adm/notice", forwards kernel messages at "err"
level (or higher) to syslogd on the host "scott",
logs messages at "info" level (or higher) except mail
messages in the file "/usr/spool/adm/syslog", and
informs the user "darlene" of any warning message (or
higher) from the authorization system.
FILES
/etc/services Contains definition of the Internet
domain socket.
/etc/syslog.conf Contains the configuration file.
/etc/syslog.pid Contains the process id.
/dev/log Contains AIX domain datagram log
socket.
RELATED INFORMATION
The syslog system call in AIX Operating System Technical
Reference.