The manpages for pam , consolehelper , userhelper , and authconfig
The PAM administrator's guide: /usr/share/doc/pam*/html
The manpages for the PAM modules (use the command apropos pam_ to see a list of all of them); not all of the PAM modules have a manpage
8.7. Logging
It's important to know what is going on on your system. Fedora provides a standardized, network-based logging system and tools to automatically monitor and trim logfiles. Understanding and using these tools effectively will allow you to keep your finger on the pulse of your system with minimal effort.
8.7.1. How Do I Do That?
The syslog facility collects and routes messages in a Fedora system. The file /etc/syslog.conf configures the message routing; the default version of the file looks like this:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
On the left side of each entry is a pattern that consists of selectors. Each selector contains one or more facilities (separated by commas), then a period, and then one or more levels (again, separated by commas).
The facility indicates the origin of the log entry. Possible values are shown in Table 8-3 .
Table 8-3. Facility values to indicate the origin of the log entry
| Value | Description |
|---|---|
| authpriv | Security, authentication, or authorization systems. |
| cron | Task scheduler (crond and atd). |
| daemon | Server daemons that don't have a category of their own. |
| ftp | File-transfer-protocol daemon. |
| kern | Kernel messages. |
| local0, local1, local2, local3, local4, local5, local6, and local7 | Reserved for custom use on a distribution-by-distribution or site-by-site basis. Fedora uses local7 to log boot messages. |
| lpr | Printing system. |
| Electronic mail. | |
| news | Net news (Usenet). |
| syslog | Messages from syslogd itself. |
| user | User-level messages. |
| uucp | Unix-to-Unix copy messages (rarely used). |
The level consists of a priority level and can be any of the values listed in Table 8-4 , in increasing order of severity.
Table 8-4. Priority-level values, in order of severity
| Value | Description |
|---|---|
| debug | Informational software debugging messages. |
| info | General informational messages. |
| notice | Important normal messages that do not indicate an error or problem. |
| warning | Information about an unusual or impending situation. |
| err | Error messages, indicating that something is wrong. |
| crit | Critical conditions indicating imminent danger. |
| alert | Serious, emergency problems. |
| emerg | Emergency situation: the system is in crisis and failing. |
Specifying a level means any message of that level or higher (more severe), so the selector kern.crit would match messages from the kernel with a priority of crit , alert , or emerg . To match only crit , an equal sign is added: kern.=crit . An exclamation mark negates a match: kern.!crit matches kernel messages with a priority below crit , while kern.!=crit matches all kernel messages except those with a priority of crit .
An asterisk indicates that the facility or level should be ignored. Therefore, authpriv.* matches messages from the authpriv facility regardless of the priority, and *.info matches messages from any facility which are at the info level or higher. Multiple facilities or priorities can be matched using commas (indicating an OR operation), so mail,local3.* matches any message from the mail or local3 facilities.
Multiple selectors may be included in one entry, separated by semicolons, which indicates an AND operation. The special priority none matches no messages from the specified facility. Therefore *.crit;kern.none matches all messages that are of crit priority or higher, unless they come from the kernel.