Date: Sun, 3 Jun 2012 05:58:24 +0000 (UTC) From: Benjamin Kaduk <bjk@freebsd.org> To: Benedict Reuschling <bcr@freebsd.org> Cc: svn-doc-head@freebsd.org, zeising@daemonic.se, svn-doc-all@freebsd.org, doc-committers@freebsd.org Subject: Re: svn commit: r38967 - head/en_US.ISO8859-1/books/handbook/config Message-ID: <alpine.BSF.2.00.1206030537210.89554@freefall.freebsd.org> In-Reply-To: <201206022143.q52LhBiJ015607@svn.freebsd.org> References: <201206022143.q52LhBiJ015607@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2 Jun 2012, Benedict Reuschling wrote: > Author: bcr > Date: Sat Jun 2 21:43:10 2012 > New Revision: 38967 > URL: http://svn.freebsd.org/changeset/doc/38967 > > Log: > This change adds much more information about syslogd and newsyslog > than we had before in the configuration chapter. It describes how > the system logger can be configured, the rationale behind it and > the most important field that the user should edit. > > PR: docs/168305 > Submitted by: Niclas Zeising (zeising daemonic se) > Reviewed by: wblock@, myself > > Modified: > head/en_US.ISO8859-1/books/handbook/config/chapter.sgml > > Modified: head/en_US.ISO8859-1/books/handbook/config/chapter.sgml > ============================================================================== > --- head/en_US.ISO8859-1/books/handbook/config/chapter.sgml Sat Jun 2 19:28:33 2012 (r38966) > +++ head/en_US.ISO8859-1/books/handbook/config/chapter.sgml Sat Jun 2 21:43:10 2012 (r38967) > @@ -1415,6 +1415,303 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 n [...] > + > + <title>Configuring the system logger > + <application>syslogd</application></title> > + > + <indexterm><primary>system logging</primary></indexterm> > + <indexterm><primary>syslog</primary></indexterm> > + <indexterm><primary>syslogd</primary></indexterm> > + > + <para>System logging is an important aspect of system > + administration. It is used both to detect hardware and software > + issues and errors in the system, as well as playing a very > + important role in security auditing and incident response. The tense seems to change in the middle of this sentence (that is, "playing" does not really match up to anything. I would probably s/, as well as playing/; it also plays/ . > + System daemons without a controlling terminal also usually log > + information to a system logging facility or other log > + file.</para> > + [...] > + > + <para>Configuring &man.syslogd.8; is quite straight > + forward. The configuration file contains one line per action, > + and the syntax for each line is a selector field followed by > + an action field. The syntax of the selector field is > + <replaceable>facility.level</replaceable> and this will match Should the '.' be <replacable>? I think I would like s/ and this/, which/ . > + log messages from <replaceable>facility</replaceable> at level > + <replaceable>level</replaceable> or higher. It is also > + possible to add an optional comparison flag before the level > + to specify more precisely what is logged. Multiple > + selector fields can be used for the same action, and are > + separated with a semicolon (<literal>;</literal>). Using > + <literal>*</literal> will match everything. Hmm, okay, maybe the '.' should remain <replacable> if there is also the '*' form. > + The action field denotes where to send the log message, > + such as a file or a remote log host. As an example, here is > + the default <filename>syslog.conf</filename> from &os;:</para> > + > + <programlisting># $&os;$ > +# > +# Spaces ARE valid field separators in this file. However, > +# other *nix-like systems still insist on using tabs as field > +# separators. If you are sharing this file between systems, you > +# may want to use only tabs as field separators here. > +# Consult the &man.syslog.conf.5; manpage. > +*.err;kern.warning;auth.notice;mail.crit /dev/console <co id="co-syslog-many-match"> > +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > +security.* /var/log/security > +auth.info;authpriv.info /var/log/auth.log > +mail.info /var/log/maillog <co id="co-syslog-one-match"> > +lpr.info /var/log/lpd-errs > +ftp.info /var/log/xferlog > +cron.* /var/log/cron > +*.=debug /var/log/debug.log <co id="co-syslog-comparison"> > +*.emerg * > +# uncomment this to log all writes to /dev/console to /var/log/console.log > +#console.info /var/log/console.log > +# uncomment this to enable logging of all log messages to /var/log/all.log > +# touch /var/log/all.log and chmod it to mode 600 before it will work > +#*.* /var/log/all.log Or wait, does '*' not actually match everything and '*.*' is needed? > +# uncomment this to enable logging to a remote loghost named loghost > +#*.* @loghost > +# uncomment these if you're running inn > +# news.crit /var/log/news/news.crit > +# news.err /var/log/news/news.err > +# news.notice /var/log/news/news.notice > +!ppp <co id="co-syslog-prog-spec"> > +*.* /var/log/ppp.log > +!*</programlisting> > + > + <calloutlist> > + <callout arearefs="co-syslog-many-match"> > + <para>Match all messages with a level of > + <literal>err</literal> or higher, as well as > + <literal>kern.warning</literal>, > + <literal>auth.notice</literal> and > + <literal>mail.crit</literal>, and sends these log messages Another tense mismatch; 'Match'/'sends' do not agree; I would prefer to go with 'send'. > + to the console (<filename>/dev/console</filename>).</para> > + </callout> > + > + <callout arearefs="co-syslog-one-match"> > + <para>Match all messages from the <literal>mail</literal> > + facility at level <literal>info</literal> or above, and > + logs the messages to Likewise here, just "log" would be fine. > + <filename>/var/log/maillog</filename>.</para> > + </callout> > + > + <callout arearefs="co-syslog-comparison"> > + <para>This line uses a comparison flag, <literal>=</literal> > + to only match messages at level <literal>debug</literal>, > + and logs them in and here. > + <filename>/var/log/debug.log</filename>.</para> > + </callout> [...] > + > + <para>For more information about the different levels and > + facilities, refer to &man.syslog.3; and &man.syslogd.8;. > + For more information about <filename>syslog.conf</filename>, > + its syntax and more advanced usage examples, see Someone mentioned an Oxford comma? > + &man.syslog.conf.5; and <xref > + linkend="network-syslogd">.</para> > + </sect2> > + > + <sect2> > + <title>Log management and rotation with > + <application>newsyslog</application></title> > + > + <indexterm><primary>newsyslog</primary></indexterm> > + <indexterm><primary>newsyslog.conf</primary></indexterm> > + <indexterm><primary>log rotation</primary></indexterm> > + <indexterm><primary>log management</primary></indexterm> > + > + <para>Log files tend to grow quickly and accumulate steadily. > + This leads to the files being full of less immediately useful > + information, as well as filling up the hard drive. To > + mitigate this, log management comes into play. In &os;, > + &man.newsyslog.8; is the tool used to manage log files. This > + program is used to periodically rotate and compress log files, > + as well as optionally create missing log files and signal > + programs when log files are moved. The log files do not > + necessarily have to come from syslog, &man.newsyslog.8; works I think this might be better as a semicolon. -Ben > + with any logs written from any program. It is important to > + note that <command>newsyslog</command> is normally run from > + &man.cron.8; and is not a system daemon. In the default > + configuration it is run every hour.</para> > +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1206030537210.89554>