[logs] Syslog and facilities
David Corlette
dcorlette at novell.com
Wed Jun 6 09:40:55 PDT 2007
Hello,
It's really just a classification scheme - mail programs are *supposed* to log to facility "mail", news to "news" etc - but not all apps do that correctly.
The idea is that then you can use the facility to filter the data as necessary or redirect to separate logs (e.g. a log just for mail) as you desire.
>>> On Wed, Jun 6, 2007 at 4:55 AM, in message
<74fb60700706060355t4b923210lf895203d56c20ef at mail.gmail.com>, "saudi sans"
<saudisans at gmail.com> wrote:
> Syslog has facilities and levels.
>
> What is the "facility" in syslog ? The level concept is pretty intuitive.
>
> As I understand "facility" field contains the source-program which
> generated the log entry .
>
> I have a central syslog server where I am aggregating logs from
> several cisco routers and Unix machines.
>
> I have given Level7 as my facility in all cisco routers and Level4 for all
> Unix
>
> If I am collecting logs remotely does the "facility" field contain
> anything meaningful? Does it make any difference to the log generation
> ? Does it matter if I set Level4 or LevelX?
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
More information about the LogAnalysis
mailing list