Open In App

Syslog Message Logging Protocol

Improve
Improve
Like Article
Like
Save
Share
Report

Syslog is a standard for message logging. Syslog protocol is used for system management, system auditing, general information analysis, and debugging.

Syslog protocol basically uses three layers :

  1. Syslog Content –
    Syslog content is the information of the payload in the system packet.

  2. Syslog Application –
    It analyzes and handles the generation, interpretation routing and storage of syslog messages.

  3. Syslog Transport –
    Syslog Transport is responsible for transporting the messages.


  4. Functions in syslog are performed at 5 layers.

    • Originator –
      The originator is the local machine that generates the message.
    • Collector –
      The collector collects the syslog content for analysis. It is basically the syslog server.
    • Relay –
      A relay basically forwards messages from the originator or other relays to the collector or other relays.
    • Transport Sender –
      It transports the syslog messages to a transport protocol, most commonly UDP.
    • Transport Receiver –
      It receives the messages from the specified transport protocol.



    Message Components :
    In the information header, information that is added before passing to the syslog receiver :

    • Originator process ID
    • Timestamp of when the event was originated.
    • IP address of the originator.
    • Information provided by the originator includes facility code and severity level.



    Facility Code :
    The facility value indicates which process created the syslog message. The Syslog protocol was originally written on DSB Unix, so facility value reflects the name of the Unix processes and daemons.

    CODE KEYWORD DESCRIPTION
    0 kern kernel messages
    1 user user level messages
    2 mail mail system
    3 daemon system daemons
    4 auth security/authorization messages
    5 syslog messages generated internally by syslog
    6 lpr line printer subsystem
    7 news network news subsystem
    8 uucp UUCP subsystem
    9 clock daemon
    10 authpriv security/authorization messages
    11 ftp FTP daemon
    12 NTP subsystem
    13 log audit
    14 log alert
    15 cron clock daemon
    16 local0 local use 0 (local0)
    17 local1 local use 1 (local1)
    18 local2 local use 2 (local2)
    19 local3 local use 3 (local3)
    20 local4 local use 4 (local4)
    21 local5 local use 5 (local5)
    22 local6 local use 6 (local6)
    23 local7 local use 7 (local7)



    Syslog Severity Levels :
    The facility value indicates which process created the syslog message. The Syslog protocol was originally written on DSB Unix, so facility value reflects the name of the Unix processes and daemons.

    VALUE SEVERITY KEYWORD DESCRIPTION
    0 Emergency emerg System is unusable
    1 Alert alert Should be corrected immediately
    2 Critical crit Critical conditions
    3 Error err Error conditions
    4 Warning warning May indicate that an error will occur if an action is not taken.
    5 Notice notice Events that are unusual but not error conditions
    6 Information info Normal operational messages that require no action.
    7 Debug debug Info useful to developers for debugging the app.


    Last Updated : 19 Jul, 2022
    Like Article
    Save Article
    Previous
    Next
    Share your thoughts in the comments
Similar Reads