sysklogd/syslog.conf

# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For information about the format of this file, see syslog.conf(5)
#

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*			 /var/log/auth.log
*.*;auth,authpriv.none		-/var/log/syslog

#cron.*				/var/log/cron.log
#daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
#lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
#user.*				-/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info			-/var/log/mail.info
#mail.warn			-/var/log/mail.warn
mail.err			 /var/log/mail.err
#mail.*;mail.!=info		-/var/log/mail
#mail,news.=info 		-/var/log/info

# The tcp wrapper loggs with mail.info, we display all
# the connections on tty12
#
#mail.=info			/dev/tty12

#
# Some "catch-all" log files.
#
#*.=debug;\
#	auth,authpriv.none;\
#	news.none;mail.none	-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none		-/var/log/messages

# Store all critical eventes, except kernel logs in critical
#
#*.=crit;kern.none		/var/log/critical

# Example of sending events to remote syslog server.
# All events from notice and above, except auth, authpriv
# and any kernel message are sent to server finlandia in
# RFC5424 formatted output.
#
#*.notice;auth,authpriv.none;
#	kern.none\		@finlandia	;RFC5424

# Emergencies are sent to anyone logged in
#
*.=emerg			*

# Priority alert and above are sent to the operator
#
#*.alert				root,joey

#
# Secure mode, same as -s, none(0), on(1), full(2).  When enabled
# only logging to remote syslog server possible, with full secure
# mode, not even that is possible.  We default to prevent syslogd
# from opening UDP/514 and receving messages from other systems.
#
secure_mode 1

#
# Include all config files in /etc/syslog.d/
#
include /etc/syslog.d/*.conf