Syslog Facilities

Top  Previous  Next

 

Each Syslog message includes a priority value at the beginning of the text. The priority value ranges from 0 to 191 and is made up of a Facility value and a Level value. The priority is enclosed in "<>" delimiters.

 

A BSD Unix Syslog message looks like this:

<PRI>HEADER MESSAGE

The priority is a value from 0 to 191 and is not space or leading zero padded.

For more information on the Syslog message format, please read the RFC.

 

The Facility value is a way of determining which process of the machine created the message. Since the Syslog protocol was originally written on BSD Unix, the Facilities reflect the names of Unix processes and Daemons.

The priority value is calculated using the following formula:

Priority = Facility * 8 + Level

 

The list of Facilities available:

 

0             kernel messages

1             user-level messages

2             mail system

3             system daemons

4             security/authorization messages

5             messages generated internally by syslogd

6             line printer subsystem

7             network news subsystem

8             UUCP subsystem

9             clock daemon

10            security/authorization messages

11            FTP daemon

12            NTP subsystem

13            log audit

14            log alert

15            clock daemon

16            local use 0  (local0)

17            local use 1  (local1)

18            local use 2  (local2)

19            local use 3  (local3)

20            local use 4  (local4)

21            local use 5  (local5)

22            local use 6  (local6)

23            local use 7  (local7)

 

If you are receiving messages from a Unix system, it is suggested you use the 'User' Facility as your first choice. Local0 through to Local7 are not used by Unix and are traditionally used by networking equipment. Cisco routers for example use Local6 or Local7.