The syslog daemon, syslogd, is installed with the base distributions of FreeBSD.
Syslogd accepts logs from:
- the kernel (from /dev/klog),
- applications running on the system via the logging socket it creates (/var/run/log)
- other systems over UDP port 514 (by default) when configured to do so.
The /etc/syslog.conf file controls what system messages go to what log file.
FreeBSD and most of the 3rd party applications that issue messages do so using facility.level (facility - This is who is issuing the messages).
1) The FreeBSD facilities are:
auth - authentication messages from login(1), su(1), getty(8), sshd(8)2) Level - the severity of the message and is a keyword
authpriv - like auth, should only be read by privileged individuals
console - capture log messages written to /dev/console by the kernel console output driver
cron - messages generated by the cron(8) daemon
daemon - messages generated by system daemons like routed(8) that are not sent to other facilities
ftp - for ftpd(8)
kern - Kernel messages read from /dev/klog
local0..local7 - for local use
lpr - line printing and spooling daemon
mail - messages from Sendmail, Postfix, and other mail-related programs (Courier IMAP and POP mail)
mark - pseudofacility and used only by syslogd
news - for providing the network news system (nntp)
security - IPFW logs (/var/log/security)
syslog - syslog-related messages
user - when no facility is specified
uucp - uucp system
emerg - a panic condition. This is normally broadcast to all users
alert - a condition that should be corrected immediately (ex: corrupted system database)
crit - critical conditions (ex: hard device errors)
err - errors
warning - warning messages
notice - not error conditions, but should possibly be handled specially
info - informational messages
debug - only for debugging
none - pseudo-priority causes messages of the attached level to not be logged
There is a wildcard * meaning all or everything.
a) *.notice means messages from all facilities of level notice and below,so that would include notice, info, and debug severity messages.
b) kern.=info means only kernel messages of severity level info are selected.
You have explicit control over the messages you can select to go to different logs. When you add a new log file for an application you just installed be sure to also configure it for rotation and archiving in /etc/newsyslog.conf.
As part of defining a new log file in /etc/syslog.conf you also have to create the file. Using the touch command will do this just fine.
touch /var/log/dhcpd.log will create the dhcpd.log file.
To activate the changes to /etc/syslog.conf you can reboot or force the syslogd task into re-reading /etc/syslog.conf by issuing this console command:
3) LOG Rotation and Archiving
The /etc/newsyslog.conf file controls when a log is to be rotated and how it's to be archived.
4) Capturing Screen Content To A File
Sometimes you may want to capture everything that displays on the console screen to a file. This is really useful in making a record of what you are doing that you can review later if there is a problem.
Use the script command like this:
script /root/console.logWhen finished 'enter exit' to stop recording all console messages to the file
5) FreeBSD Logs
All the operating system logs are stored in the same location, /var/log
# all the console messages for user ‘root’ account.
# no other user account will see any system messages
# *.notice; authpriv.none; kern.debug; lpr.info; mail.crit; news.err
By default, Cisco IOS does not send log messages to a terminal session over IP, that is, telnet or SSH connections don’t get log messages.
Console connections on a serial cable do have logging enabled by default.
1) Check current logging settings
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
2) Enable/Disable logging to appear on terminal (vty), by default is NO
Router#term no mon
3) Disable Logging Completely on your console.
Router(config)#no logging console
4) Configure Logging Levels
Cisco routers, switches, PIX and ASA firewalls prioritize log messages into 8 levels.
Log messages with lower numbers are more critical than higher numbers.
Router(config)#logging console ?
<0-7> Logging severity level
emergencies System is unusable (severity=0)
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
errors Error conditions (severity=3)
warnings Warning conditions (severity=4)
notifications Normal but significant conditions (severity=5)
informational Informational messages (severity=6)
debugging Debugging messages (severity=7)
guaranteed Guarantee console messages
xml Enable logging in XML
Router(config)#logging console warnings
Router(config)#logging monitor ?
5) Logging Synchronous
In Synchronous logging, after the message is thrown in to the terminal,
router displays the original prompt with what you have already typed.
Router(config)#line console 0
Router(config)#line vty 0 4
6) Logging buffer size (number of entries to be available)
Router(config)# logging buffered 8192
7) Logging to Syslog Server
Router(config)# logging 220.127.116.11) Timestamp log messages
service timestamps debug datetime msec localtime show-timezone9)
service timestamps log datetime msec localtime show-timezone