syslogd -- log system messages


/etc/syslogd [ -fconfigfile ] [ -mmarkinterval ] [ -d ] [ -r ]


bcheckrc(ADM) calls syslogd at system startup to start the logging of local and remote system error messages:

syslogd reads and logs messages to a set of files described by the configuration file /etc/syslog.conf. syslogd writes each line of an input message as one line of output. A message can contain a priority represented by the symbolic pair facility.level, or as a number calculated as (facility*8)+level (see the section ``Format of /etc/syslog.conf''). The priority is placed in angle braces at the beginning of the message line. Symbolic and numeric values for both facilities and priority levels are defined in /usr/include/sys/syslog.h.

syslogd can read from:

If possible, syslogd creates the file /etc/ which contains syslogd's process ID. This file can be used to kill or reconfigure syslogd.

syslogd rereads /etc/syslog.conf if it receives a hangup signal (SIGHUP; see kill(C)). It also attempts to open any input sources that are not currently open. If a log file is removed, syslogd stops logging any further messages there. The file must be re-created and syslogd restarted with a SIGHUP:

kill -HUP `cat /etc/`

The termination signal (SIGTERM) kills syslogd altogether:

kill -TERM `cat /etc/`

syslogd understands the following options:

Turn on debugging.

Specify an alternate configuration file.

Select the number of minutes between mark messages.

service messages from remote systems (via syslog port).

Format of /etc/syslog.conf

Lines in the default configuration file, /etc/syslog.conf, have the following format:

selector[;selector...]  action

The selectors determine the message priorities to which the line applies. The selectors are separated by semicolons. The action field is separated from the selectors by one or more tabs.

Blank lines and lines beginning with ``#'' are ignored.

A selector is a list of facilities corresponding to the subsystems that generated the message, and a priority level at or above which the action is to be applied to messages from these subsystems:


The facilities are separated by commas. The list of facilities and the priority level are separated by a single period (.).

If a facility is specified as an asterisk (*), this selects all facilities whose messages are at or above the specified priority level.


Facilities recognized by syslogd are defined in the array facilitynames in /usr/include/sys/syslog.h:

Messages generated by programs that authenticate users' primary and secondary authorizations.

Messages generated by programs that authenticate users' system privileges.

Messages from cron.

Messages from system daemons.

Messages from the kernel.

local0 -- local7
Messages reserved for local use.

Messages from the line printer spooling system.

Messages from the mail system.

Timemarks generated internally by syslogd every 20 minutes at priority LOG_INFO. The interval may be changed using the -m option.

Messages from the network news system.

Messages generated internally by syslogd.

Messages generated by user processes. This is the default facility if none is specified in /etc/syslog.conf.

Messages generated by programs that deal with UUCP. .syslog(SLIB-osr5)

Priority levels

Priority levels recognized by syslogd are defined in the array prioritynames in /usr/include/sys/syslog.h. They are listed here in order of highest to lowest severity:

Highest severity: a panic condition indicating that the system is unusable. This is normally broadcast to all users.

A condition that should be corrected immediately, such as a corrupted system database.

Critical conditions, for example, hard device errors.

Error conditions.

Warning conditions.

Conditions that are not error conditions, but may require special handling.

Information only.

Lowest severity: information normally of use only when debugging a program.

Disable messages from the associated facilities.


The action field describes where the message is to be logged if the line is selected. action can take one of the following forms:

Open the specified file or device file in append mode; the file must be specified by an absolute pathname beginning with a leading slash (/).

Forward selected messages to syslogd on the host named by hostname.

Write selected messages to the comma-separated list of users if they are logged in.

Write selected messages to all logged-in users.


Messages from several facilities at different priority levels may be selected. Semicolons are used to separate the facilities that are at different priority levels. This example selects messages from all facilities at the emerg level, and messages from the mail and daemon facilities at the crit level or higher:
   *.emerg;mail,daemon.crit	action
Send all messages except mail messages to the specified absolute pathname:
   *.debug;mail.none	pathname
Log all kernel messages and 20 minute timemarks to the system console:
   kern,mark.debug	/dev/console
Log all notice (or higher) level messages and all mail system messages except debug messages to /usr/adm/syslog:
   *.notice;	/usr/adm/syslog
Log all critical or higher priority messages to /usr/adm/critical:
   *.crit	/usr/adm/critical
Forward error or higher priority messages from the kernel to laidbak:
   kern.err	@laidbak
Inform all users of any emergency or higher priority messages:
   *.emerg	*
Inform the users wmv and stevea of any alert or higher priority messages:
   *.alert	wmv, stevea
Inform the user maf of any alert or higher priority message, or any warning message or higher priority from the authorization subsystem:
   *.alert;auth.warning	maf


The maximum line length that can be read from the configuration file is 1023 characters.

The maximum message line length is 119 characters.


character device used to read kernel error messages

FIFO device used to read local logging requests

configuration file

syslogd process ID

special device to which syslogd binds UNIX domain sockets

log for error messages

log for device initialization messages

default log file

See also

bcheckrc(ADM), error(HW), logger(C), syslog(SLIB-osr5)
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005