IRCu readme.log
Secretagent (Talk)
(New page: <pre> Older versions of ircd had no consistent way of logging various actions. Some things, such as G-lines, were written out to log files with names compiled into the server. Others cou...)
(New page: <pre> Older versions of ircd had no consistent way of logging various actions. Some things, such as G-lines, were written out to log files with names compiled into the server. Others cou...)
Current revision as of 03:32, 25 April 2008
Older versions of ircd had no consistent way of logging various actions. Some things, such as G-lines, were written out to log files with names compiled into the server. Others could only be logged through syslog. Some required that their log files exist beforehand. For u2.10.11, this situation has changed dramatically. All logging in the server is now unified through a single logging subsystem. Unfortunately, the server still does not generate all the logs that it could, and some more tuning is in store for the next major release of ircd. Nevertheless, the logs that are generated are far more consistent, and those log messages may be sent to a given file, to syslog, or even to online operators--or any combination of these three methods. This file is intended to describe configuration of the logging subsystem. All logs are classified by a "subsystem" and a "level." The subsystem is a major classification; each subsystem may be configured individually. The level classification is used to indicate how important the message is; subsystems may be configured to omit log messages with less than a certain importance--not unlike syslog. Levels Levels are used to classify the importance of various log messages. The most important level is the "CRIT" level; the least important is the "DEBUG" level. Each of the levels is also mapped to a corresponding syslog level, and some may even force generation of certain types of server notices. Each importance level is described below. * CRIT - Used for very critical notifications, such as server termination. This is mapped to the corresponding "CRIT" syslog priority. This will also generate server notices to the "OLDSNO" server notice mask. * ERROR - Used to report important error conditions. This is mapped to the corresponding "ERR" syslog priority. * WARNING - Used to warn about certain conditions. This is mapped to the corresponding "WARNING" syslog priority. * NOTICE - Used for reporting important information. This is mapped to the corresponding "NOTICE" syslog priority. * TRACE - Used to tracing operation of the server. This is mapped to the corresponding "INFO" syslog priority. * INFO - Used for reporting unimportant but potentially useful information. This is mapped to the corresponding "INFO" syslog priority. * DEBUG - Used for reporting debugging information. This is mapped to the corresponding "DEBUG" syslog priority. This will also generate server notices to the "DEBUG" server notice mask. Subsystems All of the subsystems are described below, along with their default logging configuration. There are no default log files to log to, and the default logging level is INFO (unless the server is compiled with debugging enabled)--this means that only notices of importance INFO or higher will be logged. * SYSTEM - Used to report information that affects the server as a whole. By default, log messages to this subsystem go nowhere. * CONFIG - Used to report information concerning the configuration file. By default, log messages to this subsystem go to the default syslog facility, which defaults to "USER," and to the "OLDSNO" server notice mask. * OPERMODE - Used to report usage of /OPMODE and /CLEARMODE. By default, log messages to this subsystem go to the "HACK4" server notice mask. * GLINE - Used to report usage of /GLINE, particularly BADCHANs. By default, log messages to this subsystem go to the "GLINE" server notice mask. * JUPE - Used to report usage of /JUPE. By default, log messages to this subsystem go to the "NETWORK" server notice mask. * WHO - Used to report usage of the extended features of /WHO (/WHOX). By default, log messages to this subsystem go nowhere. * NETWORK - Used to report net junctions and net breaks. By default, log messages to this subsystem go to the "NETWORK" server notice mask. * OPERKILL - Used to report usage of /KILL by IRC operators. By default, log messages to this subsystem go nowhere. * SERVKILL - Used to report usage of /KILL by other servers. By default, log messages to this subsystem go nowhere. * USER - Used to report user sign-ons and sign-offs. By default, log messages to this subsystem go nowhere. * OPER - Used to report usage of /OPER, either successfully or unsuccessfully. By default, log messages to this subsystem go to the "OLDREALOP" server notice mask. * RESOLVER - Used to report error messages or other conditions from the resolver and authentication system. By default, log messages to this subsystem go nowhere. * SOCKET - Used to report problems with sockets. By default, log messages to this subsystem go nowhere. * DEBUG - Used only when debugging is enabled. All log messages to this subsystem go either to the console or to the debug log file compiled into the server, as well as to the "DEBUG" server notice mask. This is the only subsystem with a default log file. * OLDLOG - Not used anywhere. This is a left-over from when the logging subsystem was first created. Log messages to this subsystem go nowhere. * DNSBL - Used to report dnsbl checking, marking, and exemption. Use the INFO level for most of the dnsbl logging information. Configuration The true power of the logging subsystem comes from its extremely flexible configuration. The default server facility can be configured, as can the facility for each individual subsystem described above. Moreover, administrators can configure the server to log to specific files, send selected log messages to operators subscribed to any server notice mask, and even change the default log level for each subsystem. The logging subsystem has a set of tables mapping names to the numerical values used internally. Subsystems, levels, syslog facilities, and server notice masks are all configured using strings. These tables even include special strings, such as "DEFAULT" and "NONE." Each possible configuration piece is described below. Default Syslog Facility The IRC server has a default facility that it uses when sending log messages to syslog. The default facility may be overridden for each individual subsystem, but the default itself can be changed with an appropriate F-line in the configuration file. The facility normally defaults to "USER," but may be configured to be any of AUTH, CRON, DAEMON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7, LPR, MAIL, NEWS, USER, or UUCP. Some systems also have the AUTHPRIV facility. To configure this default, add an F-line to the configuration file that looks like "F:LOG:<facility>"; <facility> should be replaced with the string for the desired default syslog facility. Log Files Each subsystem may be configured to send its log messages to any single log file with an F-line like "F:LOG:<subsys>:FILE:<file>"; <subsys> should be replaced with one of the subsystem names described above, and <file> should be a file name for the log file. The file name may be relative to the server's data directory ("DPATH"), or it may be an absolute path name. Note that if you're using chroot, these absolute path names will be relative to the server's root directory. Logging to Syslog By default, except for the CONFIG subsystem, no logs are sent to syslog. This can be overridden using an F-line like "F:LOG:<subsys>:FACILITY:<facility>"; <subsys>, as above, should be replaced with one of the subsystem names described above, and <facility> must be one of the facility strings mentioned under "Default Syslog Facility." The facility string may also be "NONE," to turn off syslog for that subsystem, and "DEFAULT," to use the server's default facility. Please don't confuse a DEFAULT facility with the default for a particular subsystem; only the CONFIG subsystem defaults to DEFAULT, whereas all the rest default to NONE. Logging via Server Notices Log messages can be sent to online IRC operators. Many subsystems actually default to this behavior, in fact. For security, log messages containing IP addresses or other extremely sensitive data will never be sent via server notices, but all others can be sent to a specific server notice mask. (For more information about server notice masks, please see doc/snomask.html.) The available mask names are OLDSNO, SERVKILL, OPERKILL, HACK2, HACK3, UNAUTH, TCPCOMMON, TOOMANY, HACK4, GLINE, NETWORK, IPMISMATCH, THROTTLE, OLDREALOP, CONNEXIT, and DEBUG. The special mask name "NONE" inhibits sending of server notices for a particular subsystem. The F-line for this configuration looks like "F:LOG:<subsys>:SNOMASK:<mask>"; again, <subsys> is one of the subsystems described above, and <mask> is one of the mask names. Setting Minimum Logging Level The minimum log level for a particular subsystem may be set with an F-line like "F:LOG:<subsys>:LEVEL:<level>"; here, <subsys> is yet again one of the subsystems described above, and <level> is one of the level names, also described above.