HPE Community
Operating System - HP-UX
1831818 Members
2885 Online
110031 Solutions
New Discussion

local0-7 in /etc/syslog.conf : explanation?

 
Tom De Reuse_1
Occasional Contributor

‎09-29-2006 01:57 AM

‎09-29-2006 01:57 AM

local0-7 in /etc/syslog.conf : explanation?

Hello,
I would like to know what exactly the facilities local0 until 7 mean or what they stand for. I know for example that local5 is "used" for ftp messages.
This is not explained in the manual pages of syslog.conf.
Also, is the last line in the syslog.conf overriding the config of the lines before or visa versa?
0 Kudos
Reply
2 REPLIES 2
Jaime Bolanos Rojas.
Honored Contributor

‎09-29-2006 02:46 AM

‎09-29-2006 02:46 AM

Re: local0-7 in /etc/syslog.conf : explanation?

Hi Tom!

Think the local0 through 7 go like this:


local0 --- firewall logs
local1 --- routers/swtiches/....logs
local2 --- IDS logs
local3 --- Business Application1
local4 --- Business Application2
local5 --- Business Application3
local6 --- local systemjs admin tools
local7--- your one and only spare for testing

Usually you have sometype of flexibility on the locals, for example if you want to see
SyslogFacility and SftpSyslogFacility in the same log, then
you will want to change the SyslogFacility value to LOCAL1,

For examble again to enable sftp logging, edit the /etc/ssh2/sshd2_config file. Set the
following keyword to a valid syslog facility:

SftpSyslogFacility LOCAL1

Hope this helps a bit!

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-29-2006 05:27 AM

‎09-29-2006 05:27 AM

Re: local0-7 in /etc/syslog.conf : explanation?

local0 through local7 are defined by the sysadmin. There are some common usage rules but remember that the program which writes to syslog defines which facility to use. So the man page defines the facility name but not suggested uses. You can write a message to syslog using the daemon or user or mail facility -- just use the logger command:

logger -p daemon.warn "This is daemon.warn"

The man page: man 3c syslog
will show the names of the facilities. To see how all the messages were logged (ie, facility and level, restart syslogd with the -v option. Now you'll see a 2 digit code for the facility and level. For instance, ftp will be recorded as 6V wheich is LOCAL5 and INFO.

As far as syslog.conf entries go, every line is processed. Each line is processed for every syslog message. You can log LOCAL5 into two different files, one with INFO and higher and another with WARN and higher as an example. In the standard syslog.conf, you'll see any CRIT messages are sent to both the console as well as the root user (if logged in).


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.