[logs] Syslog and facilities
jcalhoun at securityeventmonitoring.com
jcalhoun at securityeventmonitoring.com
Wed Jun 6 09:31:32 PDT 2007
If you are logging all logs to one file on your central syslog server
then the facilities won't matter. If, however, you want to send all of
you router logs to say /var/log/router_logs and all of your firewall
logs to /var/log/firewall_logs, then the facilities can be used to
"flag" classes of logs. So what you do then, is set your devices to
log on different facilities and then using syslog filters, you can
split the logs out into different files.
I hope this helps.
Thanks,
Johnny
> -------- Original Message --------
> Subject: [logs] Syslog and facilities
> From: "saudi sans" <saudisans at gmail.com>
> Date: Wed, June 06, 2007 3:55 am
> To: loganalysis at loganalysis.org
>
> Syslog has facilities and levels.
>
> What is the "facility" in syslog ? The level concept is pretty intuitive.
>
> As I understand "facility" field contains the source-program which
> generated the log entry .
>
> I have a central syslog server where I am aggregating logs from
> several cisco routers and Unix machines.
>
> I have given Level7 as my facility in all cisco routers and Level4 for
> all Unix
>
> If I am collecting logs remotely does the "facility" field contain
> anything meaningful? Does it make any difference to the log generation
> ? Does it matter if I set Level4 or LevelX?
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
More information about the LogAnalysis
mailing list