syslogd可以負責記錄系統運作中,kernel或套用程式產生的各種訊息。這些訊息被寫入到系統的紀錄檔中,讓管理人員,進行故障排除、追蹤嘗試非法入侵的使用者、進行使用者的分析等等。
運作方式,kernel,套用程式,運作方式設定,設定檔格式,
運作方式
kernel
kernel產生的訊息交由klogd處理,klogd再交由syslogd處理。
套用程式
套用程式產生的訊息,可以在套用程式的設定檔中,改變設定參數,以決定要將套用程式產生的訊息交由syslogd處理,或是由套用程式自行處理。
運作方式設定
有二個設定檔
/etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS ="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".
/etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
設定檔格式
(/etc/syslog.conf的設定檔格式)
套用程式類型.記錄等級 儲存位置
套用程式類型
auth
authpriv
cron
daemon
kern
lpr
mail
mark
news
security(即auth)
syslog
user
uucp
local0~local7(使用者自訂類型)
*(所有的類型)
記錄等級(緊急程度,往下遞增,愈往下,記錄的資訊愈少)
debug
info
notice
warning
warn(即warning)
err
error(即err)
crit
alert
emerg
panic(即emerg)
none(全不記錄)
儲存位置
