You want to configure syslogd to sort messages according to their levels and/or facilities (such as warn, err, ... or security, auth, ...). But you do not know the level of the messages.
Unfortunately the normal syslogd has no option for showing level and facility of the messages. But you can configure it in a way that a seperate logfile is kept for each level and each facility. The config file /etc/syslog.conf could look like this:
*.=debug /var/log/lev_debug *.=info /var/log/lev_info *.=notice /var/log/lev_notice *.=warn /var/log/lev_warn *.=err /var/log/lev_err *.=crit /var/log/lev_crit *.=emerg /var/log/lev_emerg auth.* /var/log/fac_auth authpriv.* /var/log/fac_authpriv cron.* /var/log/fac_cron daemon.* /var/log/fac_daemon ftp.* /var/log/fac_ftp kern.* /var/log/fac_kern lpr.* /var/log/fac_lpr mail.* /var/log/fac_mail news.* /var/log/fac_news security.* /var/log/fac_security syslog.* /var/log/fac_syslog user.* /var/log/fac_user uucp.* /var/log/fac_uucp
Now a message with the priority security.warn will be appended to the two files /var/log/lev_warn and /var/log/fac_security.
After having learned all information about the messages, you will probably deactivate those auxiliary log files.
Furthermore, you might want to have a look at syslog-ng, which is a compatible and much more flexible replacement for the standard syslogd.
Keywords: syslog syslogd facility debug info notice warn err crit emerg auth authpriv cron daemon ftp kern lpr mail news security user uucp Author: Mathias Kettner