Linux Syslog
Summary
Linux uses the syslog standard for message logging, this allows programms and applications to generate messages that can be captured, processed and stored by the system logger. It eliminates the need for each and every application having to come up with and implement a logging mechanism on their own and also means that logging can be configured and controlled in a centralized location.
Requirements
A syslog server accepts syslog messages and processes, those messages based on a set of configurable rules.
Traditionally the syslogd daemon filled this role but many Linux distributions now ship with alternatives such as:
- rsyslog
- syslog-ng (ng stands for next-generation)
Description
The Syslog Standard uses facilities and severities to categorize messages. Facilities are used to indicate what type of program or what part of the system the message originated from, e.g.
- Facility: messages that are labeled with a kernel facility originate from the Linux kernel.
- Severity is on the other hand are used to categorize messages based on their urgency. The severities are emergency, alert, critical, error, warning, notice and info.
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)