Syslog Definition
Syslog is a standard protocol that defines log information and collection with 'The BSD syslog protocol' defined in RFC 3164.
Transport Protocol
Syslog transmits log information using the User Datagram Protocol (UDP) and is transmitted using port number 514.
Since UDP is used, the reliability of the transfer cannot be guaranteed and is unilaterally transferred to the server and ended.
Packet Format
Syslog Message is divided into PRI Part, Header, and MSG.
PRI Part
It consists of Facility and Severity.
The Facility is defined as follows:
| Numerical Code | Facility |
| 0 | Kernel messages |
| 1 | User-level messages |
| 2 | Mail system |
| 3 | System daemons |
| 4 | Security/authentication messages |
| 5 | Messages generated internally by syslogd |
| 6 | Line printer subsystem |
| 7 | Network news subsystem |
| 8 | UUCP subsystem |
| 9 | Clock daemon |
| 10 | Security/authentication messages |
| 11 | FTP daemon |
| 12 | NTP subsystem |
| 13 | Log audit |
| 14 | Log alert |
| 15 | Scheduling daemon |
| 16–23 | Locally used facilities |
Severity
| Numerical Code | Severity |
| 0 | Emergency: system is unusable |
| 1 | Alert: action must be taken immediately |
| 2 | Critical: critical conditions |
| 3 | Error: error conditions |
| 4 | Warning: warning conditions |
| 5 | Notice: normal but significant condition |
| 6 | Informational: informational messages |
| 7 | Debug: debug-level messages |
The PRI value consists of 8 times the facility value and the severity value added.
For example, a facility of 20 and severity of 5 would be 20 x 8 +5 = 165.
HEADER Part
The header consists of timestamp and hostname( or IP address).
MSG Part
This is a text message indicating additional information, separated by TAG Field and CONTENT Field.
TAG means process name, and the content contains detailed messages.
Packet Format
| PRI | HEADER | MSG | ||
| FACILITY | SEVERITY | TIMESTAMP | HOSTNAME | TAG CONTENT |
Comments
Post a Comment