A configuration entry is composed of two TAB-separated fields:
The selector field contains a semicolon-separated list of priority specifications of the form:
facility.level [ ; facility.level ]
where facility is a system facility, or comma-separated list of facilities, and level is an indication of the severity of the condition being logged. Recognized values for facility include:
Recognized values for level are (in descending order of severity):
will send all messages
mail messages to the selected file.
The action field indicates where to forward the message. Values for this field can have one of four forms:
A filename, beginning with a leading slash, which indicates that messages specified by the selector are to be written to the specified file. The file will be opened in append mode.
The name of a remote host, prefixed with an @, as with: @server, which indicates that messages specified by the selector are to be forwarded to the syslogd on the named host.
A comma-separated list of usernames, which indicates that messages specified by the selector are to be written to the named users if they are logged in.
An asterisk, which indicates that messages specified by the selector are to be written to all logged-in users.
Blank lines are ignored. Lines for which the first nonwhite character is a `#' are treated as comments.
With the following configuration file:
*.notice;mail.info /var/log/notice *.crit /var/log/critical kern,mark.debug /dev/console kern.err @server *.emerg * *.alert root,operator *.alert;auth.warning /var/log/auth
will log all mail system messages except
messages and all
(or higher) messages into a file named
It logs all critical messages into
and all kernel messages and 20-minute
marks onto the system console.
Kernel messages of err (error) severity or higher are forwarded to the machine named server. Emergency messages are forwarded to all users. The users \(lqroot\(rq and \(lqoperator\(rq are informed of any alert messages. All messages from the authorization system of warning level or higher are logged in the file /var/log/auth.