logger

Log a message to syslog

$ logger [message]

logger [-i] [-f file] [-p priority] [-s] [-t tag] [-u socket] [message ...]

message ...
    The message to be logged. If not specified, logger reads from standard input (stdin).

-i
    Logs the process ID (PID) of the logger process with each line.

-f file
    Reads the message from the specified file instead of from the command line arguments. Each line in the file becomes a separate log entry.

-p priority
    Specifies the priority of the message. The priority can be given as a numerical value or as a facility.level pair (e.g., user.info, daemon.crit).

-s
    Outputs the message to standard error (stderr), in addition to sending it to the system log.

-t tag
    Marks every line to be logged with the specified tag. This tag typically appears before the message text in the log entry, helping to identify the source of the log.

-u socket
    Writes the message to the specified Unix domain socket instead of the default syslog socket (e.g., /dev/log or /run/systemd/journal/socket).

The logger command provides a shell interface to the syslog system module. It allows users to send messages directly from the command line or within shell scripts to the system's logging daemon (e.g., syslogd, rsyslogd, or syslog-ng).

These messages are then processed by the logging daemon according to its configuration (typically /etc/syslog.conf or /etc/rsyslog.conf). This makes logger an invaluable tool for debugging scripts, integrating custom application logs into the centralized system log, security auditing, and general system monitoring.

Users can specify the message's facility and priority level, allowing for fine-grained control over how messages are categorized and routed by the syslog system.

The logger command relies on a running syslog daemon (e.g., rsyslogd, syslog-ng, or systemd-journald) to function correctly. If no daemon is active or configured to receive messages, entries sent by logger will likely be discarded without a trace.

The actual destination and handling of log messages are entirely dictated by the configuration of the syslog daemon (e.g., /etc/syslog.conf or /etc/rsyslog.conf). Care should be taken not to log sensitive information directly, as it may be written to disk in plain text, accessible to unauthorized users.

Syslog messages are categorized by a facility and a level (also known as priority or severity). This two-part classification allows the syslog daemon to filter, route, and store messages based on their origin and importance.

Common Facilities:
These denote the source of the message:
kern (kernel messages), user (user-level messages), mail (mail system), daemon (system daemons), auth (security/authorization messages), syslog (internal syslogd messages), lpr (line printer subsystem), news (USENET news system), uucp (UUCP subsystem), cron (cron/at daemon), authpriv (private security/authorization messages), ftp (FTP daemon), local0 through local7 (reserved for local use).

Common Levels (Severity, from highest to lowest):
These indicate the severity of the event:
emerg (panic conditions – system unusable), alert (conditions that should be corrected immediately), crit (critical conditions, e.g., hard device errors), err (error conditions), warning (warning conditions), notice (normal but significant condition), info (informational messages), debug (debugging messages).

Here are some practical examples demonstrating the use of the logger command:

Log a simple informational message:
logger "My application successfully started."

Log a critical error message from the 'daemon' facility:
logger -p daemon.crit "CRITICAL: Database connection lost!"

Log a message with a custom tag and include the PID:
logger -i -t MY_SCRIPT "Processing daily report."

Log multiple lines of content from a file:
echo -e "Line 1 of log\nLine 2 of log" > /tmp/app_events.txt
logger -f /tmp/app_events.txt -t APP_EVENTS

Log from standard input using a pipe:
dmesg | tail -n 5 | logger -t KERNEL_LAST_5 -p kern.info

The logger command has been a staple Unix utility for many decades, evolving closely with the syslog protocol itself. Its fundamental purpose—to provide a simple command-line interface for sending messages to the system log—has remained consistent.

Historically, it was a basic part of system administration toolsets, ensuring that scripts and manual commands could easily integrate with central logging. In modern Linux distributions, it's typically included as part of the util-linux package, maintaining its widespread availability and utility across various logging backends like rsyslog and systemd-journald.

syslogd(8), rsyslogd(8), syslog.conf(5), rsyslog.conf(5), journalctl(1)