System Log

The mail services log most errors using the syslogd program. The default is for syslogd to send messages to the loghost.

You can define a system called loghost in the /etc/hosts file to hold all logs for an entire NIS domain. The system log is supported by the syslogd program. You specify a loghost in /etc/hosts. If no loghost is specified, error messages from syslogd are not reported.

Example 34-1 shows the default /etc/syslog.conf file.

Example 34-1 Default /etc/syslog.conf File

#ident "@(#)syslog.conf   1.3        93/12/09 SMI"  /* SunOS 5.0 */  #
# Copyright (c) 1994 by Sun Microsystems, Inc. 
#
# syslog configuration file. 
# 
# This file is processed by m4 so be careful to quote (`') names 
# that match m4 reserved words. Also, within ifdef's, arguments 
# containing commas must be quoted. 
# 
# Note: Have to exclude user from most lines so that user.alert 
#       and user.emerg are not included, because old sendmails 
#       have no 4.2BSD based systems doing network logging, you 
#       can remove all the special cases for "user" logging.
# *.err;kern.debug;auth.notice;user.none	        /dev/console 
*.err;kern.debug;daemon,auth.notice;mail.crit;user.none /var/adm/messages 
*.alert;kern.err;daemon.err;user.none            operator 
*.alert;user.none	                               root 
*.emerg;user.none	                               * 
# if a non-loghost machine chooses to have authentication messages 
# sent to the loghost machine, un-comment out the following line:
#auth.notice         ifdef(`LOGHOST', /var/log/authlog, @loghost) 
mail.debug           ifdef(`LOGHOST', /var/log/syslog, @loghost) 
# 
# non-loghost machines will use the following lines to cause "user" 
# log messages to be logged locally. 
# 
ifdef(`LOGHOST', , 
user.err             /dev/console 
user.err             /var/adm/messages 
user.alert           `root, operator' 
user.emerg           * 
)

You can change the default configuration by editing the /etc/syslog.conf file. You must restart the syslog daemon for any changes to take effect. You can add these selections to the file to gather information about mail:

• mail.alert - Messages about conditions that should be fixed now

• mail.crit - Critical messages

• mail.warning - Warning messages

• mail.notice - Messages that are not errors, but might need attention

• mail.info - Informational messages

• mail.debug - Debugging messages

The following entry sends a copy of all critical, informational, and debug messages to /var/log/syslog.

mail.crit;mail.info;mail.debug			/var/log/syslog

Each line in the system log contains a timestamp, the name of the system that generated it, and a message. The syslog file can log a large amount of information.

The log is arranged as a succession of levels. At the lowest level, only unusual occurrences are logged. At the highest level, even the most mundane and uninteresting events are recorded. As a convention, log levels under 10 are considered "useful." Log levels higher than 10 are usually used for debugging. See the "mconnect" in System Administration Guide, Volume 2 for information about loghost and the syslogd program.