The O'Reilly Network continues its look at basic security tools
with snort and syslog:
Have you ever looked in your /var/log directory and
wondered, "Where'd all those log files come from?" Chances are they
were created by syslog, the system logging facility. syslog
actually consists of a couple different tools that were originally
part of the BSD distributions.
syslog has been ported to Linux and many other Unix operating
systems (Solaris, HP-UX, etc.) and keeps all the same functionality
of the original program. In some cases, a few functions have been
added but nothing has been removed. I would consider syslog to be
more of a "system" rather than a tool.
There are four parts to syslog; a syslogd daemon process, a
klogd daemon process, a programming interface syslog.h, and a
configuration file /etc/syslog.conf which is the key to the whole
system. The programming interface is used by many other programs,
such as Tripwire, to log activity on your system. Unless you're
writing a security tool, or want to incorporate syslog in some
other application you are writing, you won't use the programming
interface."
