[logs] capturing facility and level info redux

[Tina Bird]

I'm really hoping that the ability to capture facility and level information
in various stock *nixen has improved over the last several years. The last
time I checked, Solaris would allow me to tag syslog data with these values,
and Redhat wouldn't, no matter what I tried, leaving me to install syslog-ng
in order to capture that information.

The reason for all this inquisitiveness regarding Linux logs -- and failed
logins in general -- is that I'm updating the doc on firewall logging that I
helped create several years ago (with heaps of help, indeed most of the
content, from Chris Brenton and Bill Stearns). What I'm hoping to do is
producing sample data to incorporate in the discussion of iptables: data
related to significant administrative events for monitoring. I would also
really like to include a recommendation about the minimum level at which to
capture data from the host OS, to include things like reboots and failed
logins. Hence the current effort.

Is there a way to capture priorities and levels on Debian without installing
syslog-ng or some other replacement?

I'll report back, of course.

cheers -- tbird