What is Syslog?
Syslog is an IETF RFC 5424 3164 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment, and IoT devices. The log messages generated by a device create a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information, and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.
...
The relaying of Syslog messages is sent over UDP port 514 or TCP 6514 ???. The TCP method also offers the benefit of the Transport Layer Security (TLS) protocol to keep messages private. Once collected, an administrator can use a syslog viewer to view, sort, and even alert on the various log messages coming in.
...
VALUE | SEVERITY | KEYWORD | DESCRIPTION | EXAMPLES |
---|---|---|---|---|
0 | Emergency | emerg | System is unusable | This level should not be used by applications. |
1 | Alert | alert | Should be corrected immediately | Loss of the primary ISP connection. |
2 | Critical | crit | Critical conditions | A failure in the system's primary application. |
3 | Error | err | Error conditions | An application has exceeded its file storage limit and attempts to write are failing. |
4 | Warning | warning | May indicate that an error will occur if action is not taken. | A non-root file system has only 2GB remaining. |
5 | Notice | notice | Events that are unusual, but not error conditions. |
|
6 | Informational | info | Normal operational messages that require no action. | An application has started, paused or ended successfully. |
7 | Debug | debug | Information useful to developers for debugging the application. |
|
When creating the log event, the originating device further segments the message into a logging facility code.
Facility code
Keyword
Description
0
kern
Kernel messages
1
user
User-level messages
2
Mail system
3
daemon
System daemons
4
auth
Security/authentication messages
5
syslog
Messages generated internally by syslogd
6
lpr
Line printer subsystem
7
news
Network news subsystem
8
uucp
UUCP subsystem
9
cron
Cron subsystem
10
authpriv
Security/authentication messages
11
ftp
FTP daemon
12
ntp
NTP subsystem
13
security
Log audit
14
console
Log alert
15
solaris-cron
Scheduling daemon
16–23
local0 – local7
Configure Syslog
To configure the export of logs do the following:
...