syslog is a protocol for tracking and logging all manner of system messages. Linux applications use syslog to export all their error and status messages to files located in the /var/log directory.
syslog uses the client-server model; a client transmits a text message to the server (receiver). The server is commonly called syslogd, syslog daemon or syslog server. syslog uses the User Datagram Protocol (UDP) port 514 for communication. The messages are sent in cleartext, although an SSL wrapper can be used to provide encryption.
Each message sent to the syslog server has two labels associated with it that makes the message easier to handle. The first label describes the function (facility) of the application that generated it. For example, mail servers typically log using the mail facility. The second label specifies the severity level. After these two labels, the action in specified. The action is usually a filename in the /var/log directory tree, in which the messages will be stored:
facility.priority action
Here is a list of facilities available:
NumberKeywordFacility description0kernkernel messages1useruser-level messages2mailmail system3daemonsystem daemons4authsecurity/authorization messages5syslogmessages generated internally by syslogd6lprline printer subsystem7newsnetwork news subsystem8uucpUUCP subsystem9-clock daemon10authprivsecurity/authorization messages11ftpFTP daemon12-NTP subsystem13-log audit14-log alert15cronclock daemon16local0local use 0 (local0)17local1local use 1 (local1)18local2local use 2 (local2)19local3local use 3 (local3)20local4local use 4 (local4)21local5local use 5 (local5)22local6local use 6 (local6)23local7local use 7 (local7)Here is a list of severity levels:
CodeSeverityKeywordDescription0Emergencyemerg (panic)System is unusable.1AlertalertAction must be taken immediately.2CriticalcritCritical conditions.3Errorerr (error)Error conditions.4Warningwarning (warn)Warning conditions.5NoticenoticeNormal but significant condition.6InformationalinfoInformational messages.7DebugdebugDebug-level messages.
NOTE – when you specify a priority, you are actually specifying everything at that priority or higher. For example, mail.info would mean all messages coming from the mail facility with the info, notice, warning, err, crit, alert or emerg priority.
.
Author Name
Author Description!
Post a Comment