Difference between revisions of "Linux Syslog"

Summary

Linux uses the syslog standard for message logging, this allows programms and applications to generate messages that can be captured, processed and stored by the system logger. It eliminates the need for each and every application having to come up with and implement a logging mechanism on their own and also means that logging can be configured and controlled in a centralized location.

Requirements

A syslog server accepts syslog messages and processes, those messages based on a set of configurable rules.

Traditionally the syslogd daemon filled this role but many Linux distributions now ship with alternatives such as:

• rsyslog (rocket-fast system for log processing)
• syslog-ng (ng stands for next-generation)

Description

The Syslog Standard uses facilities and severities to categorize messages. Facilities are used to indicate what type of program or what part of the system the message originated from, e.g.

• Facility: messages that are labeled with a kernel facility originate from the Linux kernel.
• Severities on the other hand are used to categorize messages based on their urgency. The severities are emergency, alert, critical, error, warning, notice and info.

A syslog service uses configurable logging rules to determine what to do with the given message, these rules use combinations of facilities and severities. In most cases messages are simply written to a file in the /var/log directory somewhere but you can do advanced things such as send the messages over the network to a central location. If you want to generate your own log messages for example when you’re writing shell scripts use the logger command-line utility. To automatically prune files and keep your disks from filling up with old messages use the logrotate utility.

References

• https://www.syslog-ng.com/
• https://www.rsyslog.com/