[colug-432] syslog facilities
Rick Hornsby
richardjhornsby at gmail.com
Wed Apr 9 10:46:21 EDT 2014
Curious about opinions on syslog facilities, specifically when your
[r]syslog server is set up to accept logs from remote sources. Says the
RFC, the enumerated facilities are:
0 kernel messages
1 user-level messages
2 mail system
3 system daemons
4 security/authorization messages
5 messages generated internally by syslogd
6 line printer subsystem
7 network news subsystem
8 UUCP subsystem
9 clock daemon
10 security/authorization messages
11 FTP daemon
12 NTP subsystem
13 log audit
14 log alert
15 clock daemon (note 2)
16 local use 0 (local0)
17 local use 1 (local1)
18 local use 2 (local2)
19 local use 3 (local3)
20 local use 4 (local4)
21 local use 5 (local5)
22 local use 6 (local6)
23 local use 7 (local7)
I realize the names are just labels, but I like to do things correctly
and not just make it up as I go along. I want, as much as possible,
the next guy who comes after me not to scratch his head wondering what
kind of nonsense I came up with.
If you're using a syslog server (for example) to accept HTTP access
logs from load balancers, which facility is the "correct" one? We're
using local0 right now, but that feels kind of hack-ish because local
is supposed to be for local stuff, not remote stuff?
What is the convention for choosing a facility to handle remote logs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140409/97049720/attachment-0001.html
More information about the colug-432
mailing list