[colug-432] syslog facilities

Rick Hornsby richardjhornsby at gmail.com
Wed Apr 9 10:46:21 EDT 2014


Curious about opinions on syslog facilities, specifically when your
[r]syslog server is set up to accept logs from remote sources.  Says the
RFC, the enumerated facilities are:

              0             kernel messages
              1             user-level messages
              2             mail system
              3             system daemons
              4             security/authorization messages
              5             messages generated internally by syslogd
              6             line printer subsystem
              7             network news subsystem
              8             UUCP subsystem
              9             clock daemon
             10             security/authorization messages
             11             FTP daemon
             12             NTP subsystem
             13             log audit
             14             log alert
             15             clock daemon (note 2)
             16             local use 0  (local0)
             17             local use 1  (local1)
             18             local use 2  (local2)
             19             local use 3  (local3)
             20             local use 4  (local4)
             21             local use 5  (local5)
             22             local use 6  (local6)
             23             local use 7  (local7)


I realize the names are just labels, but I like to do things correctly
and not just make it up as I go along.  I want, as much as possible,
the next guy who comes after me not to scratch his head wondering what
kind of nonsense I came up with.


If you're using a syslog server (for example) to accept HTTP access
logs from load balancers, which facility is the "correct" one?  We're
using local0 right now, but that feels kind of hack-ish because local
is supposed to be for local stuff, not remote stuff?


What is the convention for choosing a facility to handle remote logs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140409/97049720/attachment-0001.html 


More information about the colug-432 mailing list