Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/syslogd/syslog.conf.5
| Context not available. | |||||
| program. | program. | ||||
| It consists of | It consists of | ||||
| blocks of lines separated by | blocks of lines separated by | ||||
| .Em program | .Em program , | ||||
| and | |||||
| .Em hostname | .Em hostname | ||||
| or | |||||
| .Em property-based filter | |||||
| specifications (separations appear alone on their lines), | specifications (separations appear alone on their lines), | ||||
| with each line containing two fields: the | with each line containing two fields: the | ||||
| .Em selector | .Em selector | ||||
| Context not available. | |||||
| library routine. | library routine. | ||||
| .Pp | .Pp | ||||
| Each block of lines is separated from the previous block by a | Each block of lines is separated from the previous block by a | ||||
| .Em program | .Em program , | ||||
| or | |||||
| .Em hostname | .Em hostname | ||||
| or | |||||
| .Em property-based filter | |||||
| specification. | specification. | ||||
| A block will only log messages corresponding to the most recent | A block will only log messages corresponding to the most recent | ||||
| .Em program | .Em program , | ||||
| and | |||||
| .Em hostname | .Em hostname | ||||
| and | |||||
| .Em property-based filter | |||||
| specifications given. | specifications given. | ||||
| Thus, with a block which selects | Thus, with a block which selects | ||||
| .Ql ppp | .Ql ppp | ||||
| Context not available. | |||||
| values may be specified for hostname specifications. | values may be specified for hostname specifications. | ||||
| .Pp | .Pp | ||||
| A | A | ||||
| .Em program | .Em property-based filter | ||||
| specification is a line beginning with | |||||
| .Ql #: | |||||
| or | or | ||||
| .Ql \&: | |||||
| and the following blocks will be applied only when filter value | |||||
| matches given filter propertie's value. See | |||||
| .Sx PROPERTY-BASED FILTERS | |||||
| section for more details. | |||||
| .Pp | |||||
| A | |||||
| .Em program , | |||||
| .Em hostname | .Em hostname | ||||
| specification may be reset by giving the program or hostname as | or | ||||
| .Ql * . | .Em property-based filter | ||||
| specification may be reset by giving | |||||
| .Ql * | |||||
| as an argument. | |||||
| .Pp | .Pp | ||||
| See | See | ||||
| .Xr syslog 3 | .Xr syslog 3 | ||||
| Context not available. | |||||
| is removed and | is removed and | ||||
| .Ql # | .Ql # | ||||
| is treated as an ordinary character. | is treated as an ordinary character. | ||||
| .Sh PROPERTY-BASED FILTERS | |||||
| .Em program , | |||||
| .Em hostname | |||||
| specifications performs exact match filtering against explicit field only. | |||||
| .Em Property-based filters | |||||
| feature substring and regular expressions (see | |||||
| .Xr re_format 7 ) | |||||
| matching against various message attributes. | |||||
| Filter specification starts with | |||||
| .Ql #: | |||||
| or | |||||
| .Ql \&: | |||||
| followed by three comma-separated fields | |||||
| .Em property , operator , \&"value\&" . | |||||
| Value must be double-quoted. A double quote and backslash must be escaped by | |||||
| a blackslash. | |||||
| .Pp | |||||
| Following | |||||
| .Em properties | |||||
| are supported as test value: | |||||
| .Pp | |||||
| .Bl -bullet -compact | |||||
| .It | |||||
| .Ql msg | |||||
| - body of the message received. | |||||
| .It | |||||
| .Ql programname | |||||
| - program name sent the message | |||||
| .It | |||||
| .Ql hostname | |||||
| - hostname of message's originator | |||||
| .It | |||||
| .Ql source | |||||
| - an alias for hostname | |||||
| .El | |||||
| .Pp | |||||
| Operator specifies a comparison function between | |||||
| .Em propertie's | |||||
| value against filter's value. | |||||
| Possible operators: | |||||
| .Pp | |||||
| .Bl -bullet -compact | |||||
| .It | |||||
| .Ql contains | |||||
| - true if filter value is found as a substring of | |||||
| .Em property | |||||
| .It | |||||
| .Ql isequal | |||||
| - true if filter value is equal to | |||||
| .Em property | |||||
| .It | |||||
| .Ql startswith | |||||
| - true if property starts with filter value | |||||
| .It | |||||
| .Ql regex | |||||
| - true if property matches basic regular expression defined in filter value | |||||
| .It | |||||
| .Ql ereregex | |||||
| - true if property matches extended regular expression defined in filter value | |||||
| .El | |||||
| .Pp | |||||
| Operator may be prefixed by | |||||
| .Pp | |||||
| .Bl -bullet -compact | |||||
| .It | |||||
| .Ql \&! | |||||
| - to invert compare logic | |||||
| .It | |||||
| .Ql icase_ | |||||
| - to make comparison function case insensitive | |||||
| .El | |||||
| .Pp | |||||
| .Sh IMPLEMENTATION NOTES | .Sh IMPLEMENTATION NOTES | ||||
| The | The | ||||
| .Dq kern | .Dq kern | ||||
| Context not available. | |||||
| # Log ipfw messages without syncing after every message. | # Log ipfw messages without syncing after every message. | ||||
| !ipfw | !ipfw | ||||
| *.* -/var/log/ipfw | *.* -/var/log/ipfw | ||||
| # Log ipfw messages with "Deny" in the message body. | |||||
| :msg, contains, ".*Deny.*" | |||||
| *.* /var/log/ipfw.deny | |||||
| # Reset program name filtering | |||||
| !* | |||||
| # Log messages from bird or bird6 into one file | |||||
| :processname, regex, "^bird6?$" | |||||
| *.* /var/log/bird-all.log | |||||
| # Log messages from servers in racks 10-19 in multiple locations, case insensitive | |||||
| :hostname, icase_ereregex, "^server-(dcA|podB|cdn)-rack1[0-9]{2}\\..*" | |||||
| *.* /var/log/racks10..19.log | |||||
| .Ed | .Ed | ||||
| .Sh SEE ALSO | .Sh SEE ALSO | ||||
| .Xr syslog 3 , | .Xr syslog 3 , | ||||
| Context not available. | |||||