Automatically generated based on tag:
| Title | Type | Summary | Location |
|---|---|---|---|
| Syslog | Page | Syslog, also known as "legacy-syslog" or "BSD-syslog", is a logging framework defined in RFC3164 then RFC5424 (IETF-syslog). syslog-ng and rsyslog extended the initial syslog protocol, and all three versions continue to be developed as separate projects, growing separately and in parallel. syslog logs events / messages from various system components, notably on: - Successful authentication and failed authentication attempts. - sudo usage. - Kernel and hardware component activities. - cron jobs and mail activity (sendmail). - ... syslog relies on "Facilities" to classify and separate log messages from their originating subsystem / components (kernel, cron, user, mail, ...). The facilities are associated with actions in syslog configuration files, to log the messages to a file on disk, send them over the network, or display them to end-users. The syslog log file locations are fully dependant on the syslog configuration and differ between Linux distribution and syslog implementation. |
Configuration files and directories: - /etc/syslog.conf - /etc/rsyslog.conf - /etc/rsyslog.d/*.conf - /etc/syslog-ng.conf - /etc/syslog-ng/* Main syslog log files: - auth / authpriv: (Debian / Ubuntu) /var/log/auth.log | (RedHat / Centos) /var/log/secure - All except auth and authpriv: /var/log/syslog - All except auth, authpriv, and mail: (RedHat / Centos) /var/log/messages - cron: /var/log/cron.log - mail: /var/log/mail.log - Linux kernel: /var/log/kern.log - User: /var/log/user.log |
View on GitHub