Section: Metalog configuration file (5)
Updated: 4
Page Index


metalog.conf - configuration file for metalog  


[default values]

<section title :>
<section values>

<section 2 title :>
<section 2 values>



[default values] will be used if you do not redefine them in a section. You can choose <section title> as you wish. It doesn't mean anything, just allow you to keep an easy to read config file.

Values names can be one of the following:

maxsize = <number (bytes)>
Once a logfile has exceeded the value defined (in bytes), it will be rotated. If maxfile is equal to zero, it disables log rotation. Defining a default value is a good idea.
maxtime = <number (seconds)>
Once a logfile is older than the value defined (in seconds), it will be rotated. Defining a default value is a good idea.

NB: A logfile is rotated when either maxsize or maxtime limit is reached. If either one or both is equal 0, then log rotation is disabled.

maxfiles = <number>
This value indicates the maximum number of rotated files kept. So you'll have x rotated files (log-date-string filename type), plus the file named "current".
facility = "<facility>"
Only records a message if the application that issued it uses syslog facility <facility>. Facility names are : "auth", "authpriv", "cron", "daemon", "ftp", "kern", "lpr", "mail", "news", "security", "syslog", "user", "uucp", "local0", "local1" ... "local7". All kernel messages are logged with facility "kern". A section can have several "facility = ..." lines to match more than one facility. If <facility> is "*", it'll match all the facilities.
remote_host = "<IP address or domain name>"
Log entries are sent to the remote log server defined by this IP address or domain name. Only one remote log server can be defined. This can only be defined in the default values section. All log messages are sent there, limitations via "ratelimit", "ratelimit_burst" or "showrepeats" are ignored for log message sent to the remote log server. In case a domain or host name is configured, the necessary DNS request will be repeated after every failed attempt or after 120 seconds when the name has been successfully resolved.
remote_port = "<value>"
The UDP port of the remote log server. Default is "514". This can only be defined in the default values section.
remote_log = "<number>"
Default is 0. Log messages are sent to the remote log server when set to 1. Can be defined for default values or in sections.
break = <number>
Default is 0. If set to 1 and a section is matched, perform action, but don't consider any more possible section matches below this one in the config file. This is useful for creating a config where specific types of log messages are matched and dispatched, while a "catch-all" section at the bottom of the config file handles the default case.

Using 0 would cause messages to be potentially handled by multiple sections, causing message duplication, while using 1 on the sections above a final "catch-all" would avoid duplication.

minimum = <level>
Only record a message if its urgency is inferior or equal to <level>. Level '0' is the most critical one, while level '7' is for debugging messages. 5 will strip all non-important messages. The default minimum level is 7 (i.e. keep all messages).
maximum = <level>
Don't log if the message level exceeds that value. By default, maximum is the largest possible level.
logdir = "/dir/where/logs/will/be/written/"
Files will be written under the specified directory. The special value "NONE" will skip the log message.
program = "name"
Can be used to do filtering instead of facility. Remember to use the executable name.
regex = "perl compatible regular expression"
Can be used when you want to log all messages that match the pattern (like "invalid", "fail", etc...) to send them to a single directory.

Multiple regex may be defined in a single section.

neg_regex = "perl compatible regular expression"
Can be used when you want to log all messages that do not match the pattern.

Multiple neg_regex may be defined in a section.

postrotate_cmd = "/path/to/a/program"
Run specified program after a log file has been rotated.

The program is passed the date, the program name ("metalog"), and the new logfile name.

program_regex = "perl compatible regular expression"
Similar to program, this is a regex that matches the program name to send all messages from related programs to the same log file.

Multiple program_regex may be defined in a section.

program_neg_regex = "perl compatible regular expression"
The inverse of program_regex to filter out logs from programs that match.

Multiple program_neg_regex may be defined in a section.

showrepeats = <number>
Set to 0 to filter out repeat log messages.
command = "/path/to/program/to/execute"
Run the specified program as soon as something is logged in a given section.

The program is passed the date, the matching program name, and the log message.

stamp_fmt = "%b %e %T"
Format of the human readable timestamp prepended to all log messages. This format string is passed literally to the strftime(3) function. An empty string is used to disable timestamps (for cases where the log messages already include its own).
flush = <number>
If set to 0, matching log messages will always be buffered. If set to 1, they will always be written to the file system immediately.

Both settings override the global default given through command line parameters (-a/-s) or signals.

ratelimit = "5/m"
Limits the rate of logged messages to the specified number of messages per unit of time. Valid units of time are second, minute, hour and day, each identified by its first letter. Fractional values are allowed such as "0.5/m" to make human parsing easier.

A limit of 0 (the default) may be used to disable any rate limit handling. In this case, the unit of time may be omitted.

ratelimit_burst = <number>
Up to this number of lines will be printed at the beginning of a burst of message, if the rate of messages has been well below the limit before. The specified message rate will not be exceeded. The default value of 1 disables special treatment for bursts. Values less than 1 are invalid and will be rejected.


Note that the exact paths depend on the build settings. These are the standard paths.



Mike Frysinger <>
Laurent Wandrebeck (low) <>
Leo Lipelis <>
Hendrik Visage <>
Frank DENIS (Jedi/Sector One) <>