The Logging System
115
•
crit
•
alert
•
emerg
•
panic
The
codes
warn
,
error
, and
panic
have all been deprecated and should
not be used.
The
action
is usually a filename and location where the logs should be
sent. Note that generally,
log files are sent to the /var/log directory with a
filename that describes the facility that generated them, such as
auth
. This
means, for example,
that logs generated by the
auth
facility would be sent to
/var/log.auth.log.
Let’s look at some examples of log rules:
mail.* /var/log/mail
This example will log
mail
events of all (
*
) priorities to
/var/log/mail.
kern.crit /var/log/kernel
This example will log kernel events of critical (
crit
)
priority or higher
to
/var/log/kernel.
*.emerg :omusmsg:*
This last example will log all events of the emergency (
emerg
) priority to
all loggedon users. With these rules, the hacker can determine where the
log
files are located, change the priorities, or even disable specific logging
rules.