How do I configure syslog?
Description:
Product Version
3-DNS 1.0.3 through 4.6
BIG-IP 2.1.2 through 4.6
Updated: 02/10/04
How do I configure syslog?
Resolution:
BIG-IP and 3-DNS use the standard UNIX log utility called syslog, which reads messages from TCP, UDP, and UNIX sockets.
The UNIX socket is located in the /var/run/log= file, and messages from the kernel are located in the /dev/klog file. You can configure BIG-IP or 3-DNS to direct messages to files, a console, or to another syslog compliant server.
Facilities
The syslog utility can log to the following facilities:
Name Facility Description
auth User authentication system for non-sensitive
information.
authpriv User authentication system security sensitive
information.
cron The cron facility.
daemon System server processes.
ftp The ftp facility.
kern The Kernel.
lpr The printing subsystem.
mail The mail subsystem.
mark Timestamps produced at regular intervals.
news News server processes.
ntp The NTP time daemon.
syslog syslog facility internal messages.
user User processes.
lucp The UUCP facility.
Levels
The following 0-7 levels messages are provided for each facility:
Level Name Description
0 emerg System panic.
1 alert Serious error requiring immediate
attention.
2 crit Critical errors, such as hard drive
errors.
3 err Non-critical errors.
4 warning Warnings.
5 notice Non-critical messages.
6 info Informative messages.
7 debug Additional information for
troubleshooting problems.
Modifying the destination of syslogd log files
Specifying the location of log files for specific applications can be helpful for debugging purposes. To modify the destination of the syslogd log files, edit the /etc/syslog.conf file using one of the following examples:
<facility>.<level><path to file>
or
<facility>.<level>,<facility>.<level> <path to file>
Examples of syslog configuration options
To log all facilities and all levels to /var/log/messages, configure the syslog.conf file as follows: *.* /var/log/messages
To log all kernel messages to /var/log/kernel, configure the syslog.conf file as follows:
kern.* /var/log/kernel
To log all critical kernel messages to /var/log/kernel, configure the syslog.conf file as follows: kern.crit /var/log/kernel
To log a combination of critical and debug kernel messages to /var/log/kernel.debug, configure the syslog.conf file as follows:
Important: Put only a comma between the multiple facilities entries, no spaces.
kern.crit,kern.debug /var/log/kernel
To log all critical and debug kernel messages to a serial console, configure the syslog.conf file as follows:
Note: This is the equivalent of logging to com1 in DOS.
kern.crit,kern.debug /dev/tty00
If you have an application in /usr/bin/filter.pl to filter messages, configure the syslog.conf file as follows:
*.* |/usr/bin/filter.pl
To log messages to another syslog server, configure the syslog.conf file as follows:
*.* @
To log all sshd2 messages to the /var/log/ssh.log file, configure syslog.conf as follows:
!sshd2
*.* /var/log/ssh.log。