Skip to main content

RSYSLOG Overview


Syslog Definition

Syslog is a standard protocol that defines log information and collection with 'The BSD syslog protocol' defined in RFC 3164.


Transport Protocol

Syslog transmits log information using the User Datagram Protocol (UDP) and is transmitted using port number 514.


Since UDP is used, the reliability of the transfer cannot be guaranteed and is unilaterally transferred to the server and ended.


Packet Format

Syslog Message is divided into PRI Part, Header, and MSG.


PRI Part

It consists of Facility and Severity.


The Facility is defined as follows:

Numerical CodeFacility
0Kernel messages
1User-level messages
2Mail system
3System daemons
4Security/authentication messages
5Messages generated internally by syslogd
6Line printer subsystem
7Network news subsystem
8UUCP subsystem
9Clock daemon
10Security/authentication messages
11FTP daemon
12NTP subsystem
13Log audit
14Log alert
15Scheduling daemon
16–23Locally used facilities

Severity 

Numerical CodeSeverity
0Emergency: system is unusable
1Alert: action must be taken immediately
2Critical: critical conditions
3Error: error conditions
4Warning: warning conditions
5Notice: normal but significant condition
6Informational: informational messages
7Debug: debug-level messages


The PRI value consists of 8 times the facility value and the severity value added.

For example, a facility of 20 and severity of 5 would be 20 x 8 +5 = 165.


HEADER Part

The header consists of timestamp and hostname( or IP address).


MSG Part

This is a text message indicating additional information, separated by TAG Field and CONTENT Field.

TAG means process name, and the content contains detailed messages.


Packet Format

PRIHEADERMSG
FACILITYSEVERITYTIMESTAMPHOSTNAMETAG CONTENT

 


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

FCAPS: Major Functions of Management System(NMS, EMS)

  When defining the functions of NMS and EMS, it is often referred to as FCAPS. FCAPS stands for Fault, Configuration, Account, Performance, and Security. The functions of a normal management system are all included in this category. Let's take a look at each function.   Fault Management Fault means unavailable status. When talking about a fault, it is usually referred to as an alarm. Fault and alarm are not specifically distinguished, but to be strict, fault can be considered to mean a phenomenon in which a fault occurred in the system, and faults are classified into hardware and software. Alarm defines in detail about a fault that has occurred and informs the operator when a fault occurs.   According to the definition of the standard document, Alarm usually has Severity, Probable Cause, Category, and additionally includes location information. A brief look at each definition is as follows.   Severity: Severity is defined as Critical Major, Minor, Warn...
Post a Comment
Read more

What is NMS and EMS

First of all, NMS is an abbreviation for Network Management System, and EMS is an abbreviation for Element Management System. TMN, a very old standard document, describes the two as concepts such as NM, EM, and NE. We will look at the relevant standard documents when there is an opportunity in the future, and first, let's look at a schematic concept. In order to efficiently operate and manage network equipment, NMS and EMS suitable for the service area are required. In general, in the case of wired networks, NMS is often operated alone, and in the case of mobile communication networks, EMS is required in addition to NMS. In this article, we will examine the concept of the overall management system and explain the differences between NMS and EMS. Management System refers to a GUI system that performs network management functions, usually represented by FCAPS. Here, FCAPS means the following five functions. l   Fault Management  l   Configuration Management l   Accou...
Post a Comment
Read more

SNMP Overview

Simple Network Management Protocol (SNMP) is a Management Protocol most used in network management systems. More than 70% of the world's network equipment supports SNMP, and as it has a long history, it is easy to develop and verify with various tools and libraries that have already been verified.   On the other hand, the simple structure of GET, SET, and NOTIFICATION is not easy to standardize, and it is difficult to implement various OAM functions. There are many standard MIBs defined by IETF(RFC xxxx), and large equipment manufacturers basically support them, but m ost of the MIBs required for operation are supported as private MIBs, and the main functions are often vendor specific.   As a result, Service Providers requested a standardized operation plan, which became the background for NETCONF and others. Nevertheless, since SNMP is still the most widely used protocol, so it is essential to understand the management system. The history of SNMP As the Internet based...
Post a Comment
Read more