Linux: rsyslog.conf 配置
refer to: https://www.debian.org/doc/manuals/debian-handbook/sect.syslog.en.html
日志子系统
Each log message is associated with an application subsystem (called “facility” in the documentation):
auth and authpriv: for authentication;
cron: comes from task scheduling services, cron and atd;
daemon: affects a daemon without any special classification (DNS, NTP, etc.);
ftp: concerns the FTP server;
kern: message coming from the kernel;
lpr: comes from the printing subsystem;
mail: comes from the e-mail subsystem;
news: Usenet subsystem message (especially from an NNTP — Network News Transfer Protocol — server that manages newsgroups);
syslog: messages from the syslogd server, itself;
user: user messages (generic);
uucp: messages from the UUCP server (Unix to Unix Copy Program, an old protocol notably used to distribute e-mail messages);
local0 to local7: reserved for local use.
日志级别
Each message is also associated with a priority level. Here is the list in decreasing order:
emerg: “Help!” There is an emergency, the system is probably unusable.
alert: hurry up, any delay can be dangerous, action must be taken immediately;
crit: conditions are critical;
err: error;
warn: warning (potential error);
notice: conditions are normal, but the message is important;
info: informative message;
debug: debugging message.
配置规则(selector + action)
The syntax of the /etc/rsyslog.conf file is detailed in the rsyslog.conf(5) manual page, but there is also HTML documentation available in the rsyslog-doc package (/usr/share/doc/rsyslog-doc/html/index.html). The overall principle is to write “selector” and “action” pairs. The selector defines all relevant messages, and the action describes how to deal with them.
Log anything (except mail) of level info or higher.
Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
除了 mail authpriv cron 这几个子系统,其他子系统的info及以上的日志都记录到/var/log/messages
The authpriv file has restricted access.
authpriv.* /var/log/secure
Log all the mail messages in one place.
mail.* -/var/log/maillog
Log cron stuff
cron.* /var/log/cron
Everybody gets emergency messages
.emerg :omusrmsg:
Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
Save boot messages also to boot.log
local7.* /var/log/boot.log
手机扫一扫
移动阅读更方便
你可能感兴趣的文章