svn commit: r38967 - head/en_US.ISO8859-1/books/handbook/config
Benjamin Kaduk
bjk at freebsd.org
Sun Jun 3 05:58:25 UTC 2012
On Sat, 2 Jun 2012, Benedict Reuschling wrote:
> Author: bcr
> Date: Sat Jun 2 21:43:10 2012
> New Revision: 38967
> URL: http://svn.freebsd.org/changeset/doc/38967
>
> Log:
> This change adds much more information about syslogd and newsyslog
> than we had before in the configuration chapter. It describes how
> the system logger can be configured, the rationale behind it and
> the most important field that the user should edit.
>
> PR: docs/168305
> Submitted by: Niclas Zeising (zeising daemonic se)
> Reviewed by: wblock@, myself
>
> Modified:
> head/en_US.ISO8859-1/books/handbook/config/chapter.sgml
>
> Modified: head/en_US.ISO8859-1/books/handbook/config/chapter.sgml
> ==============================================================================
> --- head/en_US.ISO8859-1/books/handbook/config/chapter.sgml Sat Jun 2 19:28:33 2012 (r38966)
> +++ head/en_US.ISO8859-1/books/handbook/config/chapter.sgml Sat Jun 2 21:43:10 2012 (r38967)
> @@ -1415,6 +1415,303 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 n
[...]
> +
> + <title>Configuring the system logger
> + <application>syslogd</application></title>
> +
> + <indexterm><primary>system logging</primary></indexterm>
> + <indexterm><primary>syslog</primary></indexterm>
> + <indexterm><primary>syslogd</primary></indexterm>
> +
> + <para>System logging is an important aspect of system
> + administration. It is used both to detect hardware and software
> + issues and errors in the system, as well as playing a very
> + important role in security auditing and incident response.
The tense seems to change in the middle of this sentence (that is,
"playing" does not really match up to anything. I would probably
s/, as well as playing/; it also plays/ .
> + System daemons without a controlling terminal also usually log
> + information to a system logging facility or other log
> + file.</para>
> +
[...]
> +
> + <para>Configuring &man.syslogd.8; is quite straight
> + forward. The configuration file contains one line per action,
> + and the syntax for each line is a selector field followed by
> + an action field. The syntax of the selector field is
> + <replaceable>facility.level</replaceable> and this will match
Should the '.' be <replacable>?
I think I would like s/ and this/, which/ .
> + log messages from <replaceable>facility</replaceable> at level
> + <replaceable>level</replaceable> or higher. It is also
> + possible to add an optional comparison flag before the level
> + to specify more precisely what is logged. Multiple
> + selector fields can be used for the same action, and are
> + separated with a semicolon (<literal>;</literal>). Using
> + <literal>*</literal> will match everything.
Hmm, okay, maybe the '.' should remain <replacable> if there is also the
'*' form.
> + The action field denotes where to send the log message,
> + such as a file or a remote log host. As an example, here is
> + the default <filename>syslog.conf</filename> from &os;:</para>
> +
> + <programlisting># $&os;$
> +#
> +# Spaces ARE valid field separators in this file. However,
> +# other *nix-like systems still insist on using tabs as field
> +# separators. If you are sharing this file between systems, you
> +# may want to use only tabs as field separators here.
> +# Consult the &man.syslog.conf.5; manpage.
> +*.err;kern.warning;auth.notice;mail.crit /dev/console <co id="co-syslog-many-match">
> +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> +security.* /var/log/security
> +auth.info;authpriv.info /var/log/auth.log
> +mail.info /var/log/maillog <co id="co-syslog-one-match">
> +lpr.info /var/log/lpd-errs
> +ftp.info /var/log/xferlog
> +cron.* /var/log/cron
> +*.=debug /var/log/debug.log <co id="co-syslog-comparison">
> +*.emerg *
> +# uncomment this to log all writes to /dev/console to /var/log/console.log
> +#console.info /var/log/console.log
> +# uncomment this to enable logging of all log messages to /var/log/all.log
> +# touch /var/log/all.log and chmod it to mode 600 before it will work
> +#*.* /var/log/all.log
Or wait, does '*' not actually match everything and '*.*' is needed?
> +# uncomment this to enable logging to a remote loghost named loghost
> +#*.* @loghost
> +# uncomment these if you're running inn
> +# news.crit /var/log/news/news.crit
> +# news.err /var/log/news/news.err
> +# news.notice /var/log/news/news.notice
> +!ppp <co id="co-syslog-prog-spec">
> +*.* /var/log/ppp.log
> +!*</programlisting>
> +
> + <calloutlist>
> + <callout arearefs="co-syslog-many-match">
> + <para>Match all messages with a level of
> + <literal>err</literal> or higher, as well as
> + <literal>kern.warning</literal>,
> + <literal>auth.notice</literal> and
> + <literal>mail.crit</literal>, and sends these log messages
Another tense mismatch; 'Match'/'sends' do not agree; I would prefer to go
with 'send'.
> + to the console (<filename>/dev/console</filename>).</para>
> + </callout>
> +
> + <callout arearefs="co-syslog-one-match">
> + <para>Match all messages from the <literal>mail</literal>
> + facility at level <literal>info</literal> or above, and
> + logs the messages to
Likewise here, just "log" would be fine.
> + <filename>/var/log/maillog</filename>.</para>
> + </callout>
> +
> + <callout arearefs="co-syslog-comparison">
> + <para>This line uses a comparison flag, <literal>=</literal>
> + to only match messages at level <literal>debug</literal>,
> + and logs them in
and here.
> + <filename>/var/log/debug.log</filename>.</para>
> + </callout>
[...]
> +
> + <para>For more information about the different levels and
> + facilities, refer to &man.syslog.3; and &man.syslogd.8;.
> + For more information about <filename>syslog.conf</filename>,
> + its syntax and more advanced usage examples, see
Someone mentioned an Oxford comma?
> + &man.syslog.conf.5; and <xref
> + linkend="network-syslogd">.</para>
> + </sect2>
> +
> + <sect2>
> + <title>Log management and rotation with
> + <application>newsyslog</application></title>
> +
> + <indexterm><primary>newsyslog</primary></indexterm>
> + <indexterm><primary>newsyslog.conf</primary></indexterm>
> + <indexterm><primary>log rotation</primary></indexterm>
> + <indexterm><primary>log management</primary></indexterm>
> +
> + <para>Log files tend to grow quickly and accumulate steadily.
> + This leads to the files being full of less immediately useful
> + information, as well as filling up the hard drive. To
> + mitigate this, log management comes into play. In &os;,
> + &man.newsyslog.8; is the tool used to manage log files. This
> + program is used to periodically rotate and compress log files,
> + as well as optionally create missing log files and signal
> + programs when log files are moved. The log files do not
> + necessarily have to come from syslog, &man.newsyslog.8; works
I think this might be better as a semicolon.
-Ben
> + with any logs written from any program. It is important to
> + note that <command>newsyslog</command> is normally run from
> + &man.cron.8; and is not a system daemon. In the default
> + configuration it is run every hour.</para>
> +
More information about the svn-doc-all
mailing list