分类: AIX
2013-05-02 11:50:06
配置文件的格式:
selector域定义了facility和优先级.以逗号分离facility名,以点号分离facility和优先级,以分号分离相同selector域中多个条目,选择所有的facilities用星号.
action域确定了一个接收消息的目的地.如果发送到一个远程主机,远程系统会象在自己的配置文件中指出的一样处理该消息,要在一个用户终端上显示消息,destination域必须包含一个登录到系统中的可用用户名.
facilities,下面列出一些在/etc/syslog.conf文件中使用的facilities:
Facility Description
kern Kernel
userUser level
mail Mail subsystem
daemon System
daemons
auth Security or authorization
syslog syslogd daemon
lpr
Line-printer subsystem
news News subsystem
uucp uucp subsystem
* All
facilities
priority,下面列出在/etc/syslog.conf文件中使用的优先级,这些优先级可以在selector域中的消息优先级字段.指定优先级或高于该优先级的级别的消息直接发送.
Priority Level Description
emerg Specifies emergency messages
(LOG_EMERG). These messages are not distributed to all users. LOG_EMERG priority
messages can be logged into a separate file for reviewing.
alert Specifies
important messages (LOG_ALERT), such as a serious hardware error. These messages
are distributed to all users.
crit Specifies critical messages not
classified as errors (LOG_CRIT),such as improper login attempts. LOG_CRIT and
higher-priority messages are sent to the system console.
err Specifies
messages that represent error conditions (LOG_ERR), such as an unsuccessful disk
write.
warning Specifies messages for abnormal, but recoverable, conditions
(LOG_WARNING).
notice Specifies important informational messages
(LOG_NOTICE). Messages without a priority designation are mapped into this
priority. These are more important than informational messages, but not
warnings.
info Specifies informational messages (LOG_INFO). These messages
can be discarded but are useful in analyzing the system.
debug Specifies
debugging messages (LOG_DEBUG). These messages may be discarded.
none
Excludes the selected facility. This priority level is useful only if preceded
by an entry with an * (asterisk) in the same selector field.
destination,下面列出一些在/etc/syslog.conf文件中使用的destinations,可以在action域使用这些destinations
Destination Description
File Name Full path name of a file opened in
append mode.
@Host Host name, preceded by @ (at sign).
User[, User][...]
User names.
* All users.
修改syslog.conf文件后,需要重新启动syslogd后台.使用以下命令
1.查看syslogd后台进程ID是什么:ps -ef|grep syslogd
# ps -ef | grep
syslogd
root 5426 4168 0 Nov 01 - 0:00 /usr/sbin/syslogd
root
24938 25854 2 12:04:03 pts/6 0:00 grep syslog
2.使用stoprc命令停止syslogd后台:stopsrc -s syslogd
3.检查syslogd后台是否成功停止:ps -ef|grep syslogd
4.重启syslogd后台:startsrc
-s syslogd
对/etc/syslog.conf作一些修改:
1.向/tmp/mailsyslog日志中录入所有的mail facility的级别为debug或超过debug级别的消息:mail.debug
/tmp/mailsyslog.其中,mail是facility,debug是优先级,/tmp/mailsyslog是目的地.
2.送所有的系统信息[除了来自mail facility的]到一台名为rigil的主机:*.debug;mail.none
@rigil.其中*和mail是facility,debug和none是优先级,@rigil是目的地.
3.把所有的mail
facility消息送到所有用户终端显示上:mail.debug *