There are two services, or daemons, that control logging,
klogd only deals with kernel messages.
syslogd deals with other system messages, such as
applications. You can configure the behavior of both by editing the files
/etc/syslog.conf and /etc/sysconfig/syslog. Full custom logging is beyond
the scope of this article, but full details can be found in the Resources listed at the end of this article. You can
also learn much by looking at the man page for /etc/sylogd.conf.
Essentially, each message generated by software provides some information to identify where the message came from and what message it is. The /etc/syslog.conf file allows you to specify what you want done with that kind of message. You can dump it to the messages file. You can dump it to a custom file. You can have it sent to a remote host where that host will process it according to its own syslogd configuration. Remote logging is an excellent security feature. By placing your logs on a remote system, you can prevent a security breach from easily covering its tracks by altering the log files.
Here is an example of customized logging taken from the
man /etc/syslog.conf page:
The first rule directs any message that has the kernel facility to the file /var/adm/kernel.
The second statement directs all kernel messages of the priority crit and higher to the remote host finlandia. This is useful, because if the host crashes and the disks get irreparable errors, you might not be able to read the stored messages. If they're on a remote host, too, you still can try to find out the reason for the crash.
The third rule directs these messages to the actual console, so the person who works on the machine will get them, too.
The fourth line tells the syslogd to save all kernel messages that come with priorities from info up to warning in the file /var/adm/kernel- info. Everything from err and higher is excluded.
The ability to customize logging like this provides a great deal of flexibility and control over the Linux environment.