5.4 Giới thiệu về syslogd
61
extra security. * maillog: Mail-related messages and errors. * cron: Cron-related messages
and errors. * spooler: UUCP and news-related messages and errors.
Tập tin cấu hình syslog.conf
As a matter of fact, now would be a good time to investigate the syslog configuration
file, /etc/syslog.conf. (Note: If you don’t have syslog.conf, keep reading for the sake of
information, but you may be using an alternative syslog daemon.) Browsing that file, we
see there are entries for each of the common log files mentioned above, plus possibly some
other entries. The file has the format facility.priority action, where those fields are defined
as follows:
facility Specifies the subsystem that produced the message. The valid keywords for fa-
cility are auth, authpriv, cron, daemon, kern, lpr, mail, news, syslog, user, uucp and local0
through local7.
priority Specifies the minimum severity of the message, meaning that messages of this
priority and higher will be matched by this rule. The valid keywords for priority are debug,
info, notice, warning, err, crit, alert, and emerg.
action The action field should be either a filename, tty (such as /dev/console), remote
machine prefixed by @ , comma-separated list of users, or * to send the message to every-
body logged on. The most common action is a simple filename.
Reloading and additional information page 8 of 12
Hopefully this overview of the configuration file helps you to get a feel for the strength
of the syslog system. You should read the syslog.conf(5) man-page for more information
prior to making changes. Additionally the syslogd(8) man-page supplies lots more detailed
information.
Note that you need to inform the syslog daemon of changes to the configuration file
before they are put into effect. Sending it a SIGHUP is the right method, and you can use
the killall command to do this easily:
5.4.4
Ghi nhớ bảo mật
You should beware that the log files written to by syslogd will be created by the program if
they don’t exist. Regardless of your current umask setting, the files will be created world-
readable. If you’re concerned about the security, you should chmod the files to be read-write
by root only. Additionally, the logrotate program (described below) can be configured to
create new log files with the appropriate permissions. The syslog daemon always preserves
the current attributes of an existing log file, so you don’t need to worry about it once the
file is created.
Tiện ích logrotate
The log files in /var/log will grow over time, and potentially could fill the filesystem.
It is advisable to employ a program such as logrotate to manage the automatic archiving of
the logs. The logrotate program usually runs as a daily cron job, and can be configured to
rotate, compress, remove, or mail the log files.
For example, a default configuration of logrotate might rotate the logs weekly, keeping 4
weeks worth of backlogs (by appending a sequence number to the filename), and compress
the backlogs to save space. Additionally, the program can be configured to deliver a SIGHUP
to syslogd so that the daemon will notice the now-empty log files and append to them
appropriately.
