Share

Read next article:

"Create Customized Syslog Monitor"

Read previous article:

"Change Polling Type"

Syslog Messages

In Default | 0 comments

Syslog is a widely used standard for message logging. Network administrators may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as routers, switches and firewalls use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository.

Syslog messages usually include information to help identify basic information about where, when, and why the log was sent: IP Address, Timestamp, and the actual log Message.

Syslog uses a concept called “Facility” to identify the source of a message on any given machine.

Facility Code Keyword Description
0 kern kernel messages
1 user user-level messages
2 mail mail system
3 daemon system daemons
4 auth security/authorization messages
5 syslog messages generated internally by syslogd
6 lpr line printer subsystem
7 news network news subsystem
8 uucp UUCP subsystem
9 clock daemon
10 authpriv security/authorization messages
11 ftp FTP daemon
12 NTP subsystem
13 log audit
14 log alert
15 cron scheduling daemon
16 local0 local use 0 (local0)
17 local1 local use 1 (local1)
18 local2 local use 2 (local2)
19 local3 local use 3 (local3)
20 local4 local use 4 (local4)
21 local5 local use 5 (local5)
22 local6 local use 6 (local6)
23 local7 local use 7 (local7)

 

Also, Syslog messages have a severity level field. The severity level indicates the importance of the message.

 Value Severity Keyword  Description Examples
 0 Emergency emerg This level should not be used by applications.  
 1 Alert alert Should be corrected immediately Loss of the primary ISP connection.
 2 Critical crit A failure in the system’s primary application.  
 3 Error err An application has exceeded its file storage limit and attempts to write are failing.  
 4 Warning warning May indicate that an error will occur if action is not taken. A non-root file system has only 2GB remaining.
 5 Notice notice Events that are unusual, but not error conditions.  
 6 Informational info Normal operational messages that require no action. An application has started, paused or ended successfully.
 7 Debugging debug Information useful to developers for debugging the application.  

 

Notes:
Syslog packet size is limited to 1024 bytes and carries the following information Facility, Severity, Hostname/IP Address, Timestamp and Message. 

 

Share on Facebook0Tweet about this on TwitterShare on Google+0Share on LinkedIn0Pin on Pinterest0

Leave a Reply

Allowed Tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

eighteen − four =

Facebook

Unable to display Facebook posts.
Show error

Error: Unsupported get request. Object with ID 'orchtechsoftwarehouse' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api
Type: GraphMethodException
Code: 100
Please refer to our Error Message Reference.