Unix Tip: Local message processing with syslog
The syslog deamon (syslogd) on Unix systems provides message logging for other services so that each service doesn't have to duplicate the same basic functionality to manage logging for itself. The messages issued and their severity level depends on the applications, but where these messages are logged and how they are filtered when using the services of syslogd depends on how syslog is configured. The basic format of a line in syslog's configuration file specifies a message type and how messages matching the type will be handled.
For example, a line such as the one below tells syslogd to send informational messages from the line printer to the lpr.log file:
lpr.info /var/log/lpr.log |
This line doesn't just influence informational (low severity) messages, however. It also determines how lpr messages with higher severity levels will be logged.
One important thing to understand about syslog message before we get any further is that there is a clearly defined "level" for each message, the lower the numerical severity value, the more critical the message. An emergency message, for example, is level 0. This is the most critical message category. Debugging messages, on the other hand, are level 7, the lowest message level. The table below shows all 8 severity levels.
Message Type Description Syslog Message Severity Level emergencies System unusable LOG_EMERG 0 alerts Immediate action needed LOG_ALERT 1 critical Critical conditions LOG_CRIT 2 errors Error conditions LOG_ERR 3 warnings Warning conditions LOG_WARNING 4 notifications Normal but significant LOG_NOTICE 5 informational Informational messagesonly LOG_INFO 6 debugging Debugging messages LOG_DEBUG 7 |
If you elect to have all information messages for lpr logged, therefore, you will also log notifications, warnings, errors, critical messages, alerts and emergencies. If you elect to log only emergencies, on the other hand, none of
the lower level messages will be logged.
Message types in the /etc/syslog.conf file are composed of two parts. The first part specifies the service or "facility" that is generating the messages and the second part is the level or severity of the message.
Facilities correspond to values specified in the openlog and syslog library routines, so you can't just make them up on the fly. However, besides the message types that correspond to familiar facilities -- such as mail, news, user, uucp, cron and so on, the local0 through local7 facilities are defined so that you can add custom message types for your own processing and configure syslogd to send them to whatever log file works best for you.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Unix
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
