Syslog is a widely used standard for message logging. Network administrators may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as routers, switches and firewalls use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository.
Syslog messages usually include information to help identify basic information about where, when, and why the log was sent: IP Address, Timestamp, and the actual log Message.
Syslog uses a concept called “Facility” to identify the source of a message on any given machine.
|5||syslog||messages generated internally by syslogd|
|6||lpr||line printer subsystem|
|7||news||network news subsystem|
|16||local0||local use 0 (local0)|
|17||local1||local use 1 (local1)|
|18||local2||local use 2 (local2)|
|19||local3||local use 3 (local3)|
|20||local4||local use 4 (local4)|
|21||local5||local use 5 (local5)|
|22||local6||local use 6 (local6)|
|23||local7||local use 7 (local7)|
Also, Syslog messages have a severity level field. The severity level indicates the importance of the message.
|0||Emergency||emerg||This level should not be used by applications.|
|1||Alert||alert||Should be corrected immediately||Loss of the primary ISP connection.|
|2||Critical||crit||A failure in the system’s primary application.|
|3||Error||err||An application has exceeded its file storage limit and attempts to write are failing.|
|4||Warning||warning||May indicate that an error will occur if action is not taken.||A non-root file system has only 2GB remaining.|
|5||Notice||notice||Events that are unusual, but not error conditions.|
|6||Informational||info||Normal operational messages that require no action.||An application has started, paused or ended successfully.|
|7||Debugging||debug||Information useful to developers for debugging the application.|
Notes: Syslog packet size is limited to 1024 bytes and carries the following information Facility, Severity, Hostname/IP Address, Timestamp and Message.