Operating System - HP-UX
1820766 Members
3507 Online
109627 Solutions
New Discussion юеВ

Re: about local0-7 in syslog.conf

 
SOLVED
Go to solution
wang, lei
Occasional Contributor

about local0-7 in syslog.conf

hello:
I am a new guy, who first use this forum. my customer what to know what local0-local7 are in syslog.conf, and what services they represent.

I tried to find the answer in many manuals, but can not get them explicitly. I have no idea. It is too complicated to me.

Can you give me a clear explaination for them or provide me some documents about that?

Thanks very much!
5 REPLIES 5
Matti_Kurkela
Honored Contributor
Solution

Re: about local0-7 in syslog.conf

By default, the "local0-local7" syslog facilities are not used: as the name "local" implies, the sysadmin can use them however necessary to fulfill any needs specific to the local system setup.

Many syslog-using applications can be configured to use any syslog "facility" identifier, including any of the local0-local7 group. If an application uses syslog, the documentation of the application should explain how to do this.

If you need to get the syslog messages of one particular program into a separate logfile, you can configure that program to use one of the "local" facility identifiers, and then set up a separate logfile for that facility in /etc/syslog.conf file.

For example: you might have a program which normally logs using the "daemon" facility identifier. If that program has a problem, you wish to get all its syslog messages, including the "debug" level messages which you normally ignore. But if you specify "daemon.debug" in your syslog configuration, you'll get the debug information of _all_ programs using the "daemon" facility, which is not what you wanted. It will make your log files bigger than necessary and makes it more difficult to find whatever you're looking for in the logs.

Instead, you set this particular program to use one of the unused "local" facility identifiers (local0, if nothing else has been set up). Then you can specify "local0.debug" in your syslog configuration to direct the messages of this particular program (only!) to a separate logfile.

MK
MK
wang, lei
Occasional Contributor

Re: about local0-7 in syslog.conf

Thanks for your answer in details Matti!

yestoday my customer asked me help him seperate the ftp logs from syslog. I check some manuals, and find the solution: I added to entries in syslog.conf:
*.info;mail.none,local5.none /var/adm/syslog/syslog.log
local5.info;mail.none /var/adm/ftplog
then restart syslogd. it worked. all logs of FTP are written in /var/adm/ftplog, instead of in syslog.
In this example I use local5. I think it is obvious that local5 relate to FTP service in syslog.conf. So I think local0, local1, 2, 3, 4, 6, and 7 should also relate to some other services in /etc/syslog.conf. Do you think so? If not, why we must use local5 in syslog.conf when we want to redirect FTP log to other file rather than syslog?

Thanks for you great support. Waiting for your new reply.
OldSchool
Honored Contributor

Re: about local0-7 in syslog.conf

"In this example I use local5. I think it is obvious that local5 relate to FTP service in syslog.conf. So I think local0, local1, 2, 3, 4, 6, and 7 should also relate to some other services in /etc/syslog.conf."

what made you conclude the local5 was related to FTP service? I don't see the connection (nothing new there) but am willing to be enlightened.
Russ Docksteader
Occasional Advisor

Re: about local0-7 in syslog.conf

OldSchool: It is not obvious that ftp uses local5, however it is true that local5 is the facility that ftp uses for syslog messages.

For example, with wu-ftp on my system here is how it is defined:

config.h:

#define FACILITY LOG_LOCAL5

Otherwise the default log facility is:
FACILITY LOG_DAEMON

Bill Hassell
Honored Contributor

Re: about local0-7 in syslog.conf

All of the facilities and priorities are defined in the syslog man page. You can create a syslog message with any facility and priority using the logger command (man logger). ftpd indeed uses local5 and no, it is not documented. About the only way to track down what each program uses is to restart syslogd with the -v option. Now all your syslog entries will have the 2 hex digits that define how the message was presented to syslogd.

The attached script will decode the hex digits for you so you can see what each message used when it was received by syslogd. Note that your syslog file must have the digits stored first.


Bill Hassell, sysadmin