17
281
17 Configuring System Logging
In this chapter you will find commands you can use to
configure and manage system logging.
Logging System Events
Logs are text files that form a record of what has occurred on the system, much like a
journal.
Configuring the Log File
Log files are maintained in the /Library/Logs/ and /var/log/ folders. Some commonly
monitored log files include console.log and system.log. Applications may have their
own log files located in different folders. Console.log is located in /Library/Logs/
Console/uid, where uid is the user ID. The console.log file contains recent console
activity. System.log is located in /var/log/ and contains all system activity, including
console log information.
Configuring Your System Logging
The configuration file for the system logging daemon, syslogd, is /etc/syslog.conf.
Each line within /etc/syslog.conf consists of text containing three types of data:
 Facility: categories of log messages. The standard facilities include mail, news, user,
and kern (kernel).
 Priority: urgency of the message. In order from least to most critical, they are: debug,
info, notice, warning, err, crit, alert, and emerg. The priority of the log message is
set by the application sending it, not by syslogd.
 Action: specifies what to do with a log message of a specific facility and priority.
Messages can be sent to files, named pipes, devices, or to a remote host.
The following example line specifies that for any log messages in the category mail,
with a priority of
emerg or higher, the message will be written to the /var/log/mail.log
file:
mail.emerg /var/log/mail.log