Syslog facilities and priorities

syslog is the most common protcol for transmitting system messages over an IP network.
It is described at length in RFC 3164.
At the bottom of the post, you can find the meanings of syslog facility and severity (also known as priority)

Layout of a syslog message

  • Name of program
  • Facility
  • Priority/Severity
  • Message

Note: Not all parts are visible in the logfile(s), but they must exist in the syslog datagram

Example logfile:

Mar  8 20:06:27 debian sshd[5215]: Accepted password for root from port 1860 ssh2
Mar  8 20:12:39 olive logger: transfer-file: Transferred /var/transfer/config/olive_juniper.conf.gz_20090308_191131
Mar  8 20:18:28 gate 46: Mar  8 20:18:28.209 MEZ: %SYS-5-CONFIG_I: Configured from console by net_admin on console
Mar  8 20:26:45 olive mgd[11561]: UI_CMDLINE_READ_LINE: User 'net_admin', command 'show '

Example capture:


Syslog facilities

Name Usage
kern Kernel
user Regular user processes
mail Mail system
lpr Line printer system
auth Authorization stuff
daemon Daemons
news News subsystem
uucp UUCP subsystem
local0 General
local1 General
local2 General
local3 General
local4 General
local5 General
local6 General
local7 General
mark dummy facility, that sends out an message every 20 min.

Syslog priorities/severities

Num. Severity Meaning
0 Emergency system is unusable
1 Alert action must be taken immediately
2 Critical critical conditions
3 Error error conditions
4 Warning warning conditions
5 Notice normal but significant condition
6 Informational informational messages
7 Debug debug-level messages

1 comment to Syslog facilities and priorities

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>