The default Debian syslog.conf specifies the following entries:
This line specifies that all priorities of auth and authpriv should be logged to /var/log/auth.log.
This line specifies that all priorities of all facilities should log to /var/log/syslog. The minus symbol means that syslogd does not need to “sync” after each entry. “Syncing” commits the changes to the file system, which can take up some input/output resources if there are many entries to be logged.
Note that “auth,authpriv.non” specifies “none of the priorities of the facilities auth and authpriv”. This means that /var/log/syslog will not contain any entries from the auth or authpriv facilities. This is done for security purposes.
All priorities of the facility “daemon”. This catches everything that is has a specific facility. Note that these messages are also logged in /var/log/syslog. In other words, a priority of a facility can be logged by any number of actions.
These are all straightforward definitions. Let’s skip to some more interesting lines:
This rule specifies that the file /var/log/debug be used to log all debug messages from all facilities. The use of the equal symbol means that only debug priority messages will be logged, instead of debug and all higher priorities. Furthermore, the rest of the selectors specify that none of auth, authpriv, news or mail messages should be logged here.
This rule uses the default action: send it to the console of everyone.
This rule specifies what kind of messages go to the /dev/xconsole system file. This system file corresponds to the X11 console window, which is typically used to monitor system messages when a GUI environment is deployed.