Distributed Systems Administration Utilities User's Guide, Linux, March 2009

3 Consolidated Logging

Distributed Systems Administration Utilities offers consolidated logging features, including the

standard logging features offered by syslogd, and syslog Next Generation (syslog-ng)

features in standalone and cluster log consolidation environments.

The next sections of this document describe their use.

3.1 Introduction to syslog

syslogd (see ) (see syslogd(8)) is a ubiquitous component of UNIX systems that performs system

logging activities. syslogd reads from a set of log sources such as /dev/log and /proc/kmsg

and processes the log messages as instructed in /etc/syslog.conf. Applications log messages

to syslog using the syslog call (see syslog(3C)).

3.1.1 syslog Message Format

A syslog message has a standard format that includes an optional priority level and facility.

The priority level indicates the urgency of the message. The facility indicates the subsystem that

posted the message. Table 3-1 lists the priority level and facilities defined in /usr/include/

syslog.h.

Table 3-1 syslog Priority Levels

DescriptionMessage

Take action immediately.LOG_ALERT

Critical conditions have occurred.LOG_CRIT

Debug-level message.LOG_DEBUG

System is unusable.LOG_EMERG

Error conditions.LOG_ERR

Informational message.LOG_INFO

Normal but significant conditions that warrant attention.LOG_NOTICE

Warning conditions.LOG_WARNING

Table 3-2 describes syslog Facilities Messages.

Table 3-2 syslog Facilities Messages

DescriptionMessage

Security/authorization messages (DEPRECATED; use LOG_AUTHPRIV

instead).

LOG_AUTH

Security/authorization messages (private).LOG_AUTHPRIV

Clock daemon (cron and at).LOG_CRON

System daemons without separate facility values.LOG_DAEMON

Ftp daemon.LOG_FTP

Kernel messages.LOG_KERN

Reserved for local use.LOG_LOCAL0 through LOC_LOCAL7

Line printer subsystem.LOG_LPR

Mail subsystem.LOG_MAIL

3.1 Introduction to syslog 45