Syslog: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 1: | Line 1: | ||
==syslog== | |||
Messages refer to a facility (<code>auth, authpriv, daemon, cron, ftp, lpr, kern, mail, news, syslog, user, uucp, local0, ... , local7 </code>) and are assigned a severity (<code>Emergency, Alert, Critical, Error, Warning, Notice, Info</code> or <code>Debug</code>) | Messages refer to a facility (<code>auth, authpriv, daemon, cron, ftp, lpr, kern, mail, news, syslog, user, uucp, local0, ... , local7 </code>) and are assigned a severity (<code>Emergency, Alert, Critical, Error, Warning, Notice, Info</code> or <code>Debug</code>) | ||
by the sender of the message. | by the sender of the message. | ||
Line 80: | Line 82: | ||
| 7 || Debug || Debug-level messages. || Info useful to developers for debugging the application, not useful during operations. | | 7 || Debug || Debug-level messages. || Info useful to developers for debugging the application, not useful during operations. | ||
|} | |} | ||
==Send syslog message to remote host== | |||
nc -w0 -u 10.151.101.110 514 <<< "<14>User Info msg from remote machine. abjorklund" |
Revision as of 15:11, 12 June 2012
syslog
Messages refer to a facility (auth, authpriv, daemon, cron, ftp, lpr, kern, mail, news, syslog, user, uucp, local0, ... , local7
) and are assigned a severity (Emergency, Alert, Critical, Error, Warning, Notice, Info
or Debug
)
by the sender of the message.
Configuration allows directing messages to various local devices (console), files (/var/log/) or remote syslog daemons. Care must be taken when updating the configuration as omitting or misdirecting message facilities or severities can cause important messages to be ignored by syslog or overlooked by the administrator.
Facility Levels
Facility Number | Facility Description |
---|---|
0 | kernel messages |
1 | user-level messages |
2 | mail system |
3 | system daemons |
4 | security/authorization messages |
5 | messages generated internally by syslogd |
6 | line printer subsystem |
7 | network news subsystem |
8 | UUCP subsystem |
9 | clock daemon |
10 | security/authorization messages |
11 | FTP daemon |
12 | NTP subsystem |
13 | log audit |
14 | log alert |
15 | clock daemon |
16 | local use 0 (local0) |
17 | local use 1 (local1) |
18 | local use 2 (local2) |
19 | local use 3 (local3) |
20 | local use 4 (local4) |
21 | local use 5 (local5) |
22 | local use 6 (local6) |
23 | local use 7 (local7) |
Severity levels
Code | Severity | Description | General Description |
---|---|---|---|
0 | Emergency | System is unusable. | A "panic" condition usually affecting multiple apps/servers/sites. At this level it would usually notify all tech staff on call. |
1 | Alert | Action must be taken immediately. | Should be corrected immediately, therefore notify staff who can fix the problem. An example would be the loss of a backup ISP connection. |
2 | Critical | Critical conditions. | Should be corrected immediately, but indicates failure in a primary system, an example is a loss of primary ISP connection. |
3 | Error | Error conditions. | Non-urgent failures, these should be relayed to developers or admins; each item must be resolved within a given time. |
4 | Warning | Warning conditions. | Warning messages, not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time. |
5 | Notice | Normal but significant condition. | Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required. |
6 | Informational | Informational messages. | Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required. |
7 | Debug | Debug-level messages. | Info useful to developers for debugging the application, not useful during operations. |
Send syslog message to remote host
nc -w0 -u 10.151.101.110 514 <<< "<14>User Info msg from remote machine. abjorklund"