emo/sysklogd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Convert man pages to mdoc format, remove sysklogd.8 man page

Browse Source 
- Major cleanup, simplifications, grammar corrections
- Remove inappropriate sections
- Update syntax and add tables for facility and priority

Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
This commit is contained in:
Joachim Nilsson
2019-10-30 15:56:30 +01:00
parent a1e5680aee
commit dfff48fb04
5 changed files with 1348 additions and 1317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

789
man/syslog.conf.5
View File

@@ -1,5 +1,6 @@
.\" syslog.conf - syslogd(8) configuration file -*- nroff -*-
.\" Copyright (c) 1995-2009 Martin Schulze <joey@infodrom.org>
.\" Copyright (c) 2018-2019 Joachim Nilsson <troglobit@gmail.com>
.\"
.\" This file is part of the sysklogd package, a kernel and system log daemon.
.\"
@@ -17,25 +18,28 @@
.\" along with this program; if not, write to the Free Software
.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
.\"
.TH SYSLOG.CONF 5 "12 October 2019" "Version 2.0" "Linux System Administration"
.SH NAME
syslog.conf \- syslogd(8) configuration file
.SH DESCRIPTION
.Dd Oct 30, 2019
.Dt syslog.conf 5
.Os "sysklogd (2.0)"
.Sh NAME
.Nm syslog.conf
.Nd configuration file for syslogd
.Sh DESCRIPTION
The
.I syslog.conf
.Nm
file is the main configuration file for
.BR syslogd (8)
which logs system messages on *nix systems. This file specifies rules
for logging. For special features see the
.BR sysklogd (8)
manpage.
.Xr syslogd 8
which logs system messages on UNIX like systems. This file specifies
rules for logging. For special features see the
.Xr syslogd 8
man page.
.Pp
Every rule consists of two fields, a
.I selector
.Em selector
field an
.I action
.Em action
and an optional
.I logrotate
.Em logrotate
field. The fields are separated by one or more spaces or tabs. The
selector field specifies a pattern of facilities and priorities
belonging to the specified action. The action details where or what to
@@ -44,209 +48,249 @@ files and details the max SIZE:COUNT a file can reach before it is
rotated, and later compressed. The log rotated feature is mostly
intended for embedded systems that do not want to have cron and a
separate log rotate daemon.
Lines starting with a hash mark (``#'') and empty lines are ignored.
.Pp
Lines starting with a hash mark ('#') and empty lines are ignored. If
an error occurs during parsing the whole line is ignored.
.Pp
This variant of
.B syslogd
.Nm syslogd
is able to understand a slightly extended syntax compared to the
original BSD syslogd.
One rule may be divided
into several lines if the leading line is terminated with an backslash
(``\\'').
.SH SELECTORS
original BSD
.Nm syslogd .
One rule may be divided into several lines if the leading line ends
with a single backslash ('\\') character.
.Sh SELECTORS
The selector field consists of two parts, a
.I facility
.Em facility
and a
.IR priority ,
separated by a period (``.'').
Both parts are case insensitive and can also be specified as decimal
numbers corresponding to the definitions in
.IR /usr/include/syslog.h .
It is safer to use symbolic names rather than decimal numbers.
Both facilities and priorities are described in
.BR syslog (3).
.Em priority ,
separated by a period ('.'). Both parts are case insensitive and can
also be specified as decimal numbers corresponding to the definitions in
.Pa /usr/include/syslog.h .
It is safer to use symbolic names rather than decimal numbers. Both
facilities and priorities are described in
.Xr syslog 3 .
The names mentioned below correspond to the similar
.BR LOG_ -values
in
.IR /usr/include/syslog.h .
.Ql LOG_FOO
values in
.Pa /usr/include/syslog.h .
.Pp
The
.I facility
.Em facility
is one of the following keywords:
.BR auth ", " authpriv ", " cron ", " daemon ", " ftp ", " kern ", " lpr ", "
.BR mail ", " mark ", " news ", " security " (same as " auth "), "
.BR syslog ", " user ", " uucp " and " local0 " through " local7 .
The keyword
.B security
is deprecated and
.B mark
is only for internal use and therefore should not be used in
.Bl -column "Code" "Facility" "Description" -offset indent
.It Sy "Code" Ta Sy "Facility" Ta Sy "Description"
.It 0 Ta kern Ta Kernel log messages
.It 1 Ta user Ta User-level messages
.It 2 Ta mail Ta Mail system
.It 3 Ta daemon Ta General system daemons
.It 4 Ta auth Ta Security/authorization messages
.It 5 Ta syslog Ta Messages generated by syslogd
.It 6 Ta lpr Ta Line printer subystem
.It 7 Ta news Ta Network news subsystem
.It 8 Ta uucp Ta UNIX-to-UNIX copy
.It 9 Ta cron Ta Clock/cron daemon (BSD, Linux)
.It 10 Ta authpriv Ta Security/authorization messages (private)
.It 11 Ta ftp Ta FTP daemon
.It 12 Ta ntp Ta NTP subsystem
.It 13 Ta security Ta Log audit
.It 14 Ta console Ta Log alert
.It 15 Ta unused Ta Clock/cron daemon (Solaris)
.It 16 Ta local0 Ta Reserved for local/system use
.It 17 Ta local1 Ta Reserved for local/system use
.It 18 Ta local2 Ta Reserved for local/system use
.It 19 Ta local3 Ta Reserved for local/system use
.It 20 Ta local4 Ta Reserved for local/system use
.It 21 Ta local5 Ta Reserved for local/system use
.It 22 Ta local6 Ta Reserved for local/system use
.It 23 Ta local7 Ta Reserved for local/system use
.El
.Pp
Notice, several of the above listed facilities are not supported
by the standard C library (GLIBC, musl libc, or uClibc) on Linux.
The
.Lb libsyslog
shipped with
.Nm sysklogd ,
however, supports all the above facilities in full. Also, the keyword
.Ql mark
is only for internal use and should therefore not be used in
applications. The
.I facility
.Em facility
specifies the subsystem that produced the message, e.g. all mail
programs log with the mail facility
.RB ( LOG_MAIL )
programs log with the mail facility,
.Ql LOG_MAIL ,
if they log using syslog.
.Pp
In most cases anyone can log to any facility, so we rely on convention
for the correct facility to be chosen. However, generally only the
kernel can log to the "kern" facility. This is because the implementation
of openlog() and syslog() in glibc does not allow logging to the "kern"
facility. Klogd circumvents this restriction when logging to syslogd
by reimplementing those functions itself.
kernel can log to the
.Ql kern
facility. This because the implementation of
.Xr openlog 3
and
.Xr syslog 3
in GLIBC does not allow logging to the
.Ql kern
facility.
.Xr klogd 8
circumvents this restriction when logging to
.Xr syslogd 8
by using the
.Lb libsyslog
.Pp
The
.I priority
is one of the following keywords, in ascending order:
.BR debug ", " info ", " notice ", " warning ", " warn " (same as "
.BR warning "), " err ", " error " (same as " err "), " crit ", "
.BR alert ", " emerg ", " panic " (same as " emerg ).
The keywords
.BR warn ", " error " and " panic
are deprecated and should not be used anymore. The
.I priority
defines the severity of the message
The behavior of the original BSD syslogd is that all messages of the
specified priority and higher are logged according to the given
action. This
.BR syslogd (8)
behaves the same, but has some extensions.
In addition to the above mentioned names the
.BR syslogd (8)
understands the following extensions: An asterisk (``*'') stands for
all facilities or all priorities, depending on where it is used
(before or after the period). The keyword
.B none
is one of the following keywords, in ascending order:
.Bl -column "Code" "Facility" "Description" -offset indent
.It Sy "Value" Ta Sy "Severity" Ta Sy "Description"
.It 0 Ta emergency Ta System is unusable
.It 1 Ta alert Ta Action must be taken immediately
.It 2 Ta critical Ta Critical condtions
.It 3 Ta error Ta Error conditions
.It 4 Ta warning Ta Warning conditions
.It 5 Ta notice Ta Normal but significal conditions
.It 6 Ta info Ta Informational messages
.It 7 Ta debug Ta Debug-level messages
.El
.Pp
The default log level of most applications is
.Ql notice ,
meaning only
.Ql notice
and above are forwarded to
.Nm syslogd .
See
.Xr setlogmask 3
for more information on how to change the default log level of your
application.
.Pp
In addition to the above mentioned facility and priority names,
.Xr syslogd 8
understands the following extensions:
.Pp
.Bl -tag -compact -width "'none'"
.It *
An asterisk ('*') matches all facilities or all priorities, depending on
where it is used (before or after the period).
.It none
The keyword
.Ql none
stands for no priority of the given facility.
.It ,
Multiple facilities may be specified for a single priority pattern in
one statement using the comma (``,'') operator to separate the
facilities. You may specify as many facilities as you want.
Please note that only the facility part from
such a statement is taken, a priority part would be ignored.
one statement using the comma (',') operator to separate the facilities.
You may specify as many facilities as you want. Please note that only
the facility part from such a statement is taken, a priority part would
be ignored.
.It ;
Multiple selectors may be specified for a single
.I action
using the semicolon (``;'') separator. Selectors are processed from
left to right, with each selector being able to overwrite preceding ones.
Using this behavior you are able to exclude some priorities from the pattern.
This
.BR syslogd (8)
.Em action
using the semicolon (';') separator. Selectors are processed from left
to right, with each selector being able to overwrite preceding ones.
Using this behavior you are able to exclude some priorities from the
pattern.
.It =
This version of
.Xr syslogd 8
has a syntax extension to the original BSD source, which makes its use
more intuitive. You may precede every priority with an equation sign
(``='') to specify that
.B syslogd
should only refer to this single priority and not this priority and
all higher priorities.
You may also precide the priority with an exclamation mark (``!'') if
you want
.B syslogd
to ignore this priority and all higher priorities.
You may even use both, the exclamation mark and the equation sign if
you want
.B syslogd
to ignore only this single priority. If you use both extensions
than the exclamation mark must occur before the equation sign, just
use it intuitively.
.SH ACTIONS
The action field of a rule describes the abstract term
``logfile''. A ``logfile'' need not to be a real file, btw. The
.BR syslogd (8)
provides the following actions.
.SS Regular File
Typically messages are logged to real files.
The filename is specified with an absolute pathname.
You may prefix each entry with a minus sign (``-'') to avoid syncing
the file after each log message. Note that you might lose information if
the system crashes right after a write attempt. Nevertheless this
might give you back some performance, especially if you run programs
that use logging in a very verbose manner.
.SS Named Pipes
('=') to specify that only this single priority should be matched,
instead of the default: this priority and all higher priorities.
.It !
You may also precide the priority with an exclamation mark ('!') if you
want to ignore this priority and all higher priorities. You may even
use both the exclamation mark and the equation sign if you want to
ignore a single priority. If both extensions are used, the exclamation
mark must occur before the equation sign.
.El
.Sh ACTIONS
The action field of a rule is the destination or target for a match. It
can be a file, a UNIX named pipe, the console, or a remote machine.
.Ss Regular File
Typically messages are logged to real files. The filename is specified
with an absolute pathname.
.Pp
You may prefix each entry with a minus sign ('-') to avoid syncing the
file after each log message. Note that you might lose information if
the system crashes right after a write attempt. Nevertheless this might
give you back some performance, especially if you run programs that use
logging in a very verbose manner.
.Ss Named Pipes
This version of
.BR syslogd (8)
has support for logging output to
named pipes (fifos). A fifo or named pipe can be used as
a destination for log messages by prepending a pipe symbol (``|'') to
the name of the file. This is handy for debugging. Note that the fifo
must be created with the
.BR mkfifo (1)
command before
.BR syslogd (8)
.Xr syslogd 8
supports logging to named pipes (FIFOs). A FIFO, or named pipe, can be
used as a destination for log messages by prepending a pipe symbol ('|')
to the name of the file. This can be very handy for debugging. Note
that the FIFO must be created with the
.Xr mkfifo 1
command before
.Nm syslogd
is started.
.SS Terminal and Console
.Ss Terminal and Console
If the file you specified is a tty, special tty-handling is done, same
with
.IR /dev/console .
.SS Remote Machine
This
.BR syslogd (8)
provides full remote logging, i.e. is able to send messages to a
remote host running
.BR syslogd (8)
and to receive messages from remote hosts. The remote
host won't forward the message again, it will just log them
locally. To forward messages to another host, prepend the hostname
with the at sign (``@'').
Using this feature you are able to collect all syslog messages on a
central host, if all other machines log remotely to that one. This
reduces administration needs.
Using a named pipe log method, messages from remote hosts can be sent
to a log program. By reading log messages line by line such a program
is able to sort log messages by host name or program name on the
central log host. This way it is possible to split the log into
separate files.
By default messages to remote remote hosts are formatted in the original
BSD style. To enable new RFC5424 style formatting, append ``;RFC5424``
after the hostname.
.SS List of Users
Usually critical messages are also directed to ``root'' on that
machine. You can specify a list of users that ought to receive the
log message on the terminal by writing their usernames.
You may specify more than one user by
separating the usernames with commas (``,''). If they're logged in they
will receive the log messages.
.SS Everyone logged on
Emergency messages often go to all users currently online to notify
them that something strange is happening with the system. To specify
this
.IR wall (1)-feature
use an asterisk (``*'').
.SH EXAMPLES
Here are some examples, partially taken from a real existing site and
configuration. Hopefully they answer all questions about
configuring this
.BR syslogd (8) .
If not, don't hesitate to contact the mailing list.
.IP
.nf
.Pa /dev/console .
.Ss Remote Machine
Full remote logging support is available in
.Nm syslogd ,
i.e. to send messages to a remote syslog server, and and to receive
messages from remote hosts. To forward messages to another host,
prepend the hostname with the at sign ('@').
.Pp
This feature makes it possible to collect all syslog messages in a
network on a central host. This reduces administration needs and
can be really helpful when debugging distributed systems.
.Pp
Using a named pipe log method, messages from remote hosts can be sent to
a log program. By reading log messages line by line such a program is
able to sort log messages by host name or program name on the central
log host. This way it is possible to split the log into separate files.
.Pp
By default messages to remote remote hosts were formatted in the original
BSD style, without timestamp or hostname. As of
.Nm syslogd
v2.0 the default includes timstamp and hostname. It is also possible to
enable the new RFC5424 style formatting, append ';RFC5424' after the
hostname.
.Ss List of Users
Usually critical messages are also directed to
.Ql root
on that machine. You can specify a list of users that ought to receive
the log message on their terminal by writing their usernames. You may
specify more than one user by separating the usernames with commas
(','). Only logged in users will receive the log messages.
.Ss Everyone logged on
Emergency messages often go to all users currently online to notify them
that something strange is happening with the system. To specify this
.Xr wall 1
feature use an asterisk ('*').
.Sh EXAMPLES
This section lists some examples, partially from actual site setups.
.Ss Critical
This stores all messages of priority
.Ql crit
in the file
.Pa /var/adm/critical ,
with the exception of any kernel messages.
.Bd -literal -offset indent
# Store critical stuff in critical
#
*.=crit;kern.none /var/adm/critical
.fi
.LP
This will store all messages of priority
.B crit
in the file
.IR /var/adm/critical ,
with the exception of any kernel messages.
.IP
.nf
.Ed
.Ss Kernel
This is an example of the 2nd selector overwriting part of the first
one. The first selector selects kernel messages of priority
.Ql info
and higher. The second selector filters out kernel messages of priority
.Ql error
and higher. This leaves just priorities
.Ql info ,
.Ql notice ,
and
.Ql warning
to get logged.
.Bd -literal -offset indent
# Kernel messages are stored in the kernel file,
# critical messages and higher ones also go
# to another host and to the console
@@ -255,214 +299,227 @@ kern.* /var/adm/kernel
kern.crit @finlandia;RFC5424
kern.crit /dev/console
kern.info;kern.!err /var/adm/kernel-info
.fi
.LP
.Ed
.Pp
The first rule directs any message that has the kernel facility to the
file
.IR /var/adm/kernel .
(But recall that only the kernel itself can log to this facility.)
.Pa /var/adm/kernel .
Recall that only the kernel itself can log to this facility.
.Pp
The second statement directs all kernel messages of priority
.B crit
and higher to the remote host finlandia in RFC5424 style formatting.
This is useful, because if the host crashes and the disks get
irreparable errors you might not be able to read the stored messages.
If they're on a remote host, too, you still can try to find out the
reason for the crash.
The third rule directs kernel messages of priority crit and higher to
the actual console, so the person who works on the machine will get
them, too.
The fourth line tells the syslogd to save all kernel messages that
come with priorities from
.BR info " up to " warning
.Ql crit
and higher to the remote host
.Ql finlandia
in RFC5424 style formatting. This is useful, because if the host
crashes and the disks get irreparable errors you might not be able to
read the stored messages. If they're on a remote host, too, you still
can try to find out the reason for the crash.
.Pp
The third rule directs kernel messages of priority
.Ql crit
and higher to the actual console, so the person who works on the machine
will get them, too.
.Pp
The fourth line tells
.Nm syslogd
to save all kernel messages that come with priorities from
.Ql info
up to
.Ql warning
in the file
.IR /var/adm/kernel-info .
This is an example of the 2nd selector overwriting part of the first
one. The first selector selects kernel messages of priority
.BR info
and higher. The second selector filters out kernel messages of
priority
.BR error
and higher. This leaves just priorities
.BR info ", " notice " and " warning
to get logged.
.IP
.nf
# The tcp wrapper logs with mail.info, we display
# all the connections on tty12
#
mail.=info /dev/tty12
.fi
.LP
.Pa /var/adm/kernel-info .
.Ss Redirecting to a TTY
This directs all messages that use
.BR mail.info " (in source " LOG_MAIL " | " LOG_INFO )
.Ql mail.info
(in source
.Ql LOG_MAIL | LOG_INFO )
to
.IR /dev/tty12 ,
the 12th console. For example the tcpwrapper
.BR tcpd (8)
uses this as its default.
.IP
.nf
.Bd -literal -offset indent
# The tcp wrapper logs with mail.info, we display
# all the connections on tty12
#
mail.=info /dev/tty12
.Ed
.Ss Redirecting to a file
This pattern matches all messages that come with the
.Ql mail
facility, except for the
.Ql info
priority. These will be stored in the file
.Pa /var/adm/mail .
.Bd -literal -offset indent
# Write all mail related logs to a file
#
mail.*;mail.!=info /var/adm/mail
.fi
.LP
This pattern matches all messages that come with the
.B mail
facility, except for the
.B info
priority. These will be stored in the file
.IR /var/adm/mail .
.IP
.nf
.Ed
.Ss Single Priority from Two Facilities
This will extract all messages that come either with
.Ql mail.info
or with
.Ql news.info
and store them in the file
.Pa /var/adm/info .
.Bd -literal -offset indent
# Log all mail.info and news.info messages to info
#
mail,news.=info /var/adm/info
.fi
.LP
This will extract all messages that come either with
.BR mail.info " or with " news.info
and store them in the file
.IR /var/adm/info .
.IP
.nf
.Ed
.Ss Advanced Filtering, part 1
This logs all messages that come with either the
.Ql info
or the
.Ql notice
priority into the file
.Pa /var/log/messages ,
except for all messages that use the
.Ql mail
facility.
.Bd -literal -offset indent
# Log info and notice messages to messages file
#
*.=info;*.=notice;\\
mail.none /var/log/messages
.fi
.LP
The following is almost the same but will also log rotate and compress
aged out messages. The size argument takes the same modifiers as the
command line '-b' option. Notice the leading '-' to ensure the file is
flushed to disk after each message.
.IP
.nf
# Log all messages, including kernel, to messages file
# rotated every 100 kB and keep up to 10 aged out and
# compressed files.
*.*;kern,kern.none -/log/messages 100k:10
.fi
.LP
This lets the
.B syslogd
log all messages that come with either the
.BR info " or the " notice
priority into the file
.IR /var/log/messages ,
except for all messages that use the
.B mail
facility.
.IP
.nf
mail.none /var/log/messages
.Ed
.Ss Advanced Filtering, part 2
This statement logs all messages that come with the
.Ql info
priority to the file
.Pa /var/log/messages .
But any message with either
.Ql mail
or the
.Ql news
facility are not logged.
.Bd -literal -offset indent
# Log info messages to messages file
#
*.=info;\\
mail,news.none /var/log/messages
.fi
.LP
This statement causes the
.B syslogd
to log all messages that come with the
.B info
priority to the file
.IR /var/log/messages .
But any message coming either with the
.BR mail " or the " news
facility will not be stored.
.IP
.nf
.Ed
.Ss Wall Messages
This rule tells
.Nm syslogd
to write all emergency messages to all currently logged in users. This
is the wall action.
.Bd -literal -offset indent
# Emergency messages will be displayed using wall
#
*.=emerg *
.fi
.LP
This rule tells the
.B syslogd
to write all emergency messages to all currently logged in users. This
is the wall action.
.IP
.nf
.Ed
.Ss Alerting Users
This rule directs all messages of priority
.Ql alert
or higher to the terminals of the operator, i.e. of the users 'root'
and 'joey', if they're logged in.
.Bd -literal -offset indent
# Messages of the priority alert will be directed
# to the operator
#
*.alert root,joey
.fi
.LP
This rule directs all messages of priority
.B alert
or higher to the terminals of the operator, i.e. of the users ``root''
and ``joey'' if they're logged in.
.IP
.nf
*.* @finlandia;RFC5424
.fi
.LP
This rule would redirect all messages to a remote host called finlandia
.Ed
.Ss Log Rotation
This logs all messages except kernel messages to the file
.Pa /log/messages
without syncing ('-') the file after each log message. When the file
reaches 100 kiB it is rotated. In total are only 10 rotated files,
including the main file itself and compressed files kept. The size
argument takes the same modifiers as the
.Xr syslogd 8
command line option,
.Fl R .
.Bd -literal -offset indent
# Log all messages, including kernel, to messages file
# rotated every 100 kB and keep up to 10 aged out and
# compressed files.
*.*;kern.none -/log/messages 100k:10
.Ed
.Ss Logging to Remote Syslog Server
This rule redirects all messages to a remote host called
.Ql finlandia
with RFC5424 style formatting. This is useful especially in a cluster
of machines where all syslog messages will be stored on only one
machine.
.SH CONFIGURATION FILE SYNTAX DIFFERENCES
.B Syslogd
uses a slightly different syntax for its configuration file than
the original BSD sources. Originally all messages of a specific priority
and above were forwarded to the log file. The modifiers ``='', ``!''
and ``-'' were added to make the
.B syslogd
more flexible and to use it in a more intuitive manner.
The original BSD syslogd doesn't understand spaces as separators between
the selector and the action field.
.SH FILES
.PD 0
.TP
.I /etc/syslog.conf
.Bd -literal -offset indent
*.* @finlandia;RFC5424
.Ed
.Sh SYNTAX DIFFERENCES
.Nm syslogd
allows for a slightly extended syntax for
.Nm
compared to the original BSD
.Nm syslogd .
The modifiers '=', '!', and '-' were added to make the syntax more
flexible and to use it in a more intuitive manner. Also, the original
BSD
.Nm syslogd
doesn't understand spaces as separators between the selector and the
action field.
.Sh FILES
.Bl -tag -compact -width /etc/syslog.conf
.It /etc/syslog.conf
Configuration file for
.B syslogd
.SH BUGS
.Xr syslogd 8
.El
.Sh BUGS
The effects of multiple selectors are sometimes not intuitive. For
example ``mail.crit,*.err'' will select ``mail'' facility messages at
the level of ``err'' or higher, not at the level of ``crit'' or
higher.
Also, if you specify a selector with an exclamation mark in it
which isn't preceded by a corresponding selector without an
exclamation mark, nothing will be logged. Intuitively, the
selector ``ftp.!alert'' on its own will select all ftp messages
with priorities less than alert. In fact it selects nothing.
Similarly ``ftp.!=alert'' might reasonably be expected to select
all ftp messages other than those with priority alert, but again
it selects nothing. It seems the selectors with exclamation
marks in them should only be used as `filters' following
selectors without exclamation marks.
Finally, using a backslash to divide a line into two doesn't
work if the backslash is used immediately after the end of the
selector, without intermediate whitespace.
.SH SEE ALSO
.BR sysklogd (8),
.BR klogd (8),
.BR logger (1),
.BR syslog (2),
.BR syslog (3).
.SH AUTHORS
The
.B syslogd
is taken from BSD sources, Greg Wettstein <greg@wind.enjellic.com>
performed the port to Linux, Martin Schulze <joey@infodrom.org>
example
.Ql mail.crit,*.err
will select
.Ql mail
facility messages at the level of
.Ql err
or higher, not at the level of
.Ql crit or higher.
.Pp
Also, if you specify a selector with an exclamation mark in it, which
isn't preceded by a corresponding selector without an exclamation mark,
nothing will be logged. Intuitively, the selector
.Ql ftp.!alert
on its own will select all
.Ql ftp
messages with priorities less than
.Ql alert .
In fact it selects nothing. Similarly,
.Ql ftp.!=alert
might reasonably be expected to select all
.Ql ftp
messages other than those with priority
.Ql alert ,
but again it selects nothing. It seems the selectors with exclamation
marks in them should only be used as "filters" following selectors
without exclamation marks.
.Pp
Finally, using a backslash to divide a line into two doesn't work if the
backslash is used immediately after the end of the selector, without
intermediate whitespace.
.Sh SEE ALSO
.Xr mkfifo 1 ,
.Xr sysklogd 8 ,
.Xr klogd 8 ,
.Xr logger 1 ,
.Xr syslog 2 ,
.Xr syslog 3 .
.Sh AUTHORS
The system log daemon
.Nm syslogd
is originally taken from BSD sources and later updated with new
funcitonality from
.Fx
and
.Nx .
.An -nosplit
.An Greg Wettstein Aq Mt greg@wind.enjellic.com
performed the initial port to Linux.
.An Martin Schulze Aq Mt joey@infodrom.org
fixed some bugs, added several new features and took over maintenance.
.An Joachim Nilsson Aq Mt troglobit@gmail.com
later picked up the aging
.Nm sysklogd
and gave it a home at GitHub with new features imported from
.Fx
and
.Nx .