samhain supports the following facilities for logging:
e-mail — samhain uses built-in SMTP code, rather than an external mailer program. E-mails are signed to prevent forging.
syslog — The system logging utility.
            console — If running as
            daemon, 
            /dev/console is
            used, otherwise stderr. 
            /dev/console can be
            replaced by other devices, including a FIFO.
log file — Entries are signed to provide tamper-resistance.
log server — samhain uses TCP/IP with strong authentication and signed and encrypted messages.
external — samhain can be configured to invoke external programs for logging and/or taking some action upon certain conditions.
SQL db — Currently samhain supports MySQL, PostgreSQL, Oracle, and unixODBC.
Prelude — samhain can be compiled with support for the Prelude IDS, i.e. it can be used as a Prelude sensor.
Each of these logging facilities has to be activated by setting an appropriate threshold on the messages to be logged by this facility.
| ![[Note]](stylesheet-images/note.png) | Note | 
|---|---|
| In addition, some of these facilities require proper settings in the configuration file (see next sections). |