Syslog
From Teknologisk videncenter
Syslog is a method for delivering log information from a sender to a receiver, typically across and IP network. The term syslog can be used to describe the protocol that is used to transfer messages, the application to send or receive the messages as well as the logs messages themselves.
- The syslog protocol and message format are defined in RFC 3164.
- RFC 3195 defines reliable delivery of syslog over UDP.
- There is also a draft RFC - exprires october 1. 2009 Signed syslog Messages to standardize security in syslog messages.
- Wikipedia syslog
Facility values
Code | Name | RFC 3164 facelity | FreeBSD facility |
---|---|---|---|
0 | kern | Kernel messages | Kernel messages |
1 | user | User-level messages | User-level messages |
2 | Mail messages | Mail system | |
3 | daemon | System daemons | System Daemons |
4 | auth | Security and Authorisation | Security and Authorisation |
5 | syslog | Messages generated by syslogd | Messages generated by syslogd |
6 | lpr | Line Printer subsystem | Line Printer subsystem |
7 | news | Network News subsystem | Network News subsystem |
8 | uucp | UUCP subsystem | UUCP subsystem |
9 | cron | Clock daemon | Clock daemon |
10 | authpriv | Security and Authorisation | Security and Authorisation |
11 | ftp | FTP daemon | FTP daemon |
12 | ntp | Network Time Protocol | Network Time Protocol |
13 | - | Log audit | - |
14 | - | Log alert | - |
15 | - | Clock daemon | Kernel messages |
16 | local0 | Local use 0 | Local use 0 |
17 | local1 | Local use 1 | Local use 1 |
18 | local2 | Local use 2 | Local use 2 |
19 | local3 | Local use 3 | Local use 3 |
20 | local4 | Local use 4 | Local use 4 |
21 | local5 | Local use 5 | Local use 5 |
22 | local6 | Local use 6 | Local use 6 |
23 | local7 | Local use 7 | Local use 7 |
Priority values
Priority | Name |
---|---|
None | No priority |
0 | Emerg (Emergency) |
1 | Alert |
2 | Crit (Critical) |
3 | Err (Error) |
error | Same as 3 err |
4 | Warn (Warning) |
warn | Same as 4 warn |
5 | Notice |
6 | Info |
7 | Debug |
Links
Security
- There is also a draft RFC - exprires october 1. 2009 Signed syslog Messages to standardize security in syslog messages.
- RFC 3227 - Guidelines for Evidence Collection and Archiving