Objective 3: Configure and Use System Log Files to Meet Administrative and Security Needs
Many events occur on your Linux system that should be logged for administrative purposes. Linux uses the syslogd system to display and record messages describing these events. This system allows finely controlled logging of messages from the kernel as well as processes running on your system and remote systems. Messages can be placed on the console display, in log files, and on the text screens of users logged in to the system.
Configuring syslogd
The behavior of syslogd is controlled by its configuration file, /etc/syslog .conf. This text file contains lines indicating what is to be logged and where. Each line contains directives in this form:
facility.level action
The directives are defined as follows:
-
facility This represents the creator of the message (that is, the kernel or a process) and is one of the following: auth (the facility security is equivalent to
auth, but its use is deprecated),authpriv, cron, daemon, kern, lpr, mail, mark(themarkfacility is meant for syslogd's internal use only),news, syslog, user, uucp, orlocal0throughlocal7. The use of these facility designators allows you to control the destination of messages based on their origin. Facilitieslocal0throughlocal7are for any use you may wish to assign to them in your own programs and scripts. It's possible that your distribution has assigned one or more of the local facilities already. Check your configuration ...
Get LPI Linux Certification in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
