Skip to content
Related Articles

Related Articles

Syslog Message Logging Protocol

Improve Article
Save Article
Like Article
  • Last Updated : 11 Aug, 2020

Syslog is a standard for message logging. Syslog protocol is used for system management, system auditing, general information analysis, and debugging.

Syslog protocol basically uses three layers :

  1. Syslog Content –
    Syslog content is the information of the payload in the system packet.
  2. Syslog Application –
    It analyzes and handles the generation, interpretation routing and storage of syslog messages.
  3. Syslog Transport –
    Syslog Transport is responsible for transporting the messages.



    Functions in syslog are performed at 5 layers.

    • Originator –
      The originator is the local machine that generates the message.
    • Collector –
      The collector collects the syslog content for analysis. It is basically the syslog server.
    • Relay –
      A relay basically forwards messages from the originator or other relays to the collector or other relays.
    • Transport Sender –
      It transports the syslog messages to a transport protocol, most commonly UDP.
    • Transport Receiver –
      It receives the messages from the specified transport protocol.



    Message Components :
    In the information header, information that is added before passing to the syslog receiver :

    • Originator process ID
    • Timestamp of when the event was ooriginated.
    • IP address of the originator.
    • Information provided by the originator includes facility code and severity level.



    Facility Code :
    The facility value indicates which process created the syslog message. The Syslog protocol was originally written on DSB Unix, so facility value reflects the name of the Unix processes and daemons.

    CODEKEYWORDDESCRIPTION
    0kernkernel messages
    1useruser level messages
    2mailmail system3daemonsystem daemons
    4authsecurity/authorization messages
    5syslogmessages generated internally by syslog
    6lprline printer subsystem
    7newsnetwork news subsystem
    8uucpUUCP subsystem
    9clock daemon
    10authprivsecurity/authorization messages
    11ftpFTP daemon
    12NTP subsystem
    13log audit
    14log alert
    15cronclock daemon
    16local0local use 0 (local0)
    17local1local use 1 (local1)
    18local2local use 2 (local2)
    19local3local use 3 (local3)
    20local4local use 4 (local4)
    21local5local use 5 (local5)
    22local6local use 6 (local6)
    23local7local use 7 (local7)



    Syslog Severity Levels :
    The facility value indicates which process created the syslog message. The Syslog protocol was originally written on DSB Unix, so facility value reflects the name of the Unix processes and daemons.

    VALUESEVERITYKEYWORDDESCRIPTION
    0EmergencyemergSystem is unusable1AlertalertShould be corrected immediately
    2CriticalcritCritical conditions3ErrorerrError conditions
    4WarningwarningMay indicate that an error will occur if an action is not taken.
    5NoticenoticeEvents that are unusual but not error conditions
    6InformationinfoNormal operational messages that require no action.
    7DebugdebugInfo useful to developers for debugging the app.

    My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!