In /etc/syslog.conf
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
I googled some and it seems that root and operator mean email to root and to operator. Is this correct?
Best Answer
A couple additions to lain's answer. You won't see the root messages if you su to root. The tty actually has to be owned by root which you can check like this:
The "operator" isn't an actual user but sends the log messages to the console. You can't always see the console these days because the GUI runs on top of it. You can open a console window by running this as root:
A lot of this stuff is historic now when we commonly had serial consoles on the servers monitored by operators. You can see the things logged are to show kernel errors probably caused by failing hardware and server process failures.