Syslog Levels

 Top  Previous  Next

 

Each Syslog message includes a priority value at the beginning of the text. The priority value ranges from 0 to 191 and is made up of a Facility value and a Level value. The priority is enclosed in "<>" delimiters.

 

A BSD Unix Syslog message looks like this:

<PRI>HEADER MESSAGE

The priority is a value from 0 to 191 and is not space or leading zero padded.

For more information on the Syslog message format, please read the RFC.

 

The priority value is calculated using the following formula:

Priority = Facility * 8 + Level

 

The list of severity Levels:

 

0       Emergency: system is unusable

1       Alert: action must be taken immediately

2       Critical: critical conditions

3       Error: error conditions

4       Warning: warning conditions

5       Notice: normal but significant condition

6       Informational: informational messages

7       Debug: debug-level messages

 

Recommended practice is to use the Notice or Informational level for normal messages.

 

 

A detailed explanation of the severity Levels:

 

DEBUG:

Info useful to developers for debugging the app, not useful during operations

 

INFORMATIONAL:

Normal operational messages - may be harvested for reporting, measuring throughput, etc - no action required

 

NOTICE:

Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required

 

WARNING:

Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time

 

ERROR:

Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time

 

ALERT:

Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection

 

CRITICAL:

Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection

 

EMERGENCY:

A "panic" condition - notify all tech staff on call? (earthquake? tornado?) - affects multiple apps/servers/sites...