From owner-svn-doc-all@FreeBSD.ORG Sun Jun 3 05:58:25 2012 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1C098106564A; Sun, 3 Jun 2012 05:58:25 +0000 (UTC) (envelope-from bjk@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 00BF38FC17; Sun, 3 Jun 2012 05:58:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q535wOtB025870; Sun, 3 Jun 2012 05:58:24 GMT (envelope-from bjk@freebsd.org) Received: from localhost (bjk@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) with ESMTP id q535wOWx025867; Sun, 3 Jun 2012 05:58:24 GMT (envelope-from bjk@freebsd.org) X-Authentication-Warning: freefall.freebsd.org: bjk owned process doing -bs Date: Sun, 3 Jun 2012 05:58:24 +0000 (UTC) From: Benjamin Kaduk To: Benedict Reuschling In-Reply-To: <201206022143.q52LhBiJ015607@svn.freebsd.org> Message-ID: References: <201206022143.q52LhBiJ015607@svn.freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-doc-head@freebsd.org, zeising@daemonic.se, svn-doc-all@freebsd.org, doc-committers@freebsd.org Subject: Re: svn commit: r38967 - head/en_US.ISO8859-1/books/handbook/config X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2012 05:58:25 -0000 On Sat, 2 Jun 2012, Benedict Reuschling wrote: > Author: bcr > Date: Sat Jun 2 21:43:10 2012 > New Revision: 38967 > URL: http://svn.freebsd.org/changeset/doc/38967 > > Log: > This change adds much more information about syslogd and newsyslog > than we had before in the configuration chapter. It describes how > the system logger can be configured, the rationale behind it and > the most important field that the user should edit. > > PR: docs/168305 > Submitted by: Niclas Zeising (zeising daemonic se) > Reviewed by: wblock@, myself > > Modified: > head/en_US.ISO8859-1/books/handbook/config/chapter.sgml > > Modified: head/en_US.ISO8859-1/books/handbook/config/chapter.sgml > ============================================================================== > --- head/en_US.ISO8859-1/books/handbook/config/chapter.sgml Sat Jun 2 19:28:33 2012 (r38966) > +++ head/en_US.ISO8859-1/books/handbook/config/chapter.sgml Sat Jun 2 21:43:10 2012 (r38967) > @@ -1415,6 +1415,303 @@ ifconfig_fxp0_alias7="inet 202.0.75.20 n [...] > + > + Configuring the system logger > + <application>syslogd</application> > + > + system logging > + syslog > + syslogd > + > + System logging is an important aspect of system > + administration. It is used both to detect hardware and software > + issues and errors in the system, as well as playing a very > + important role in security auditing and incident response. The tense seems to change in the middle of this sentence (that is, "playing" does not really match up to anything. I would probably s/, as well as playing/; it also plays/ . > + System daemons without a controlling terminal also usually log > + information to a system logging facility or other log > + file. > + [...] > + > + Configuring &man.syslogd.8; is quite straight > + forward. The configuration file contains one line per action, > + and the syntax for each line is a selector field followed by > + an action field. The syntax of the selector field is > + facility.level and this will match Should the '.' be ? I think I would like s/ and this/, which/ . > + log messages from facility at level > + level or higher. It is also > + possible to add an optional comparison flag before the level > + to specify more precisely what is logged. Multiple > + selector fields can be used for the same action, and are > + separated with a semicolon (;). Using > + * will match everything. Hmm, okay, maybe the '.' should remain if there is also the '*' form. > + The action field denotes where to send the log message, > + such as a file or a remote log host. As an example, here is > + the default syslog.conf from &os;: > + > + # $&os;$ > +# > +# Spaces ARE valid field separators in this file. However, > +# other *nix-like systems still insist on using tabs as field > +# separators. If you are sharing this file between systems, you > +# may want to use only tabs as field separators here. > +# Consult the &man.syslog.conf.5; manpage. > +*.err;kern.warning;auth.notice;mail.crit /dev/console > +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > +security.* /var/log/security > +auth.info;authpriv.info /var/log/auth.log > +mail.info /var/log/maillog > +lpr.info /var/log/lpd-errs > +ftp.info /var/log/xferlog > +cron.* /var/log/cron > +*.=debug /var/log/debug.log > +*.emerg * > +# uncomment this to log all writes to /dev/console to /var/log/console.log > +#console.info /var/log/console.log > +# uncomment this to enable logging of all log messages to /var/log/all.log > +# touch /var/log/all.log and chmod it to mode 600 before it will work > +#*.* /var/log/all.log Or wait, does '*' not actually match everything and '*.*' is needed? > +# uncomment this to enable logging to a remote loghost named loghost > +#*.* @loghost > +# uncomment these if you're running inn > +# news.crit /var/log/news/news.crit > +# news.err /var/log/news/news.err > +# news.notice /var/log/news/news.notice > +!ppp > +*.* /var/log/ppp.log > +!* > + > + > + > + Match all messages with a level of > + err or higher, as well as > + kern.warning, > + auth.notice and > + mail.crit, and sends these log messages Another tense mismatch; 'Match'/'sends' do not agree; I would prefer to go with 'send'. > + to the console (/dev/console). > + > + > + > + Match all messages from the mail > + facility at level info or above, and > + logs the messages to Likewise here, just "log" would be fine. > + /var/log/maillog. > + > + > + > + This line uses a comparison flag, = > + to only match messages at level debug, > + and logs them in and here. > + /var/log/debug.log. > + [...] > + > + For more information about the different levels and > + facilities, refer to &man.syslog.3; and &man.syslogd.8;. > + For more information about syslog.conf, > + its syntax and more advanced usage examples, see Someone mentioned an Oxford comma? > + &man.syslog.conf.5; and + linkend="network-syslogd">. > + > + > + > + Log management and rotation with > + <application>newsyslog</application> > + > + newsyslog > + newsyslog.conf > + log rotation > + log management > + > + Log files tend to grow quickly and accumulate steadily. > + This leads to the files being full of less immediately useful > + information, as well as filling up the hard drive. To > + mitigate this, log management comes into play. In &os;, > + &man.newsyslog.8; is the tool used to manage log files. This > + program is used to periodically rotate and compress log files, > + as well as optionally create missing log files and signal > + programs when log files are moved. The log files do not > + necessarily have to come from syslog, &man.newsyslog.8; works I think this might be better as a semicolon. -Ben > + with any logs written from any program. It is important to > + note that newsyslog is normally run from > + &man.cron.8; and is not a system daemon. In the default > + configuration it is run every hour. > +