Each Syslog message includes a priority value at the beginning of the text. The priority value ranges from 0 to 191 and is made up of a Facility value and a Level value. The priority is enclosed in "<>" delimiters.
A BSD Unix Syslog message looks like this:
The priority is a value from 0 to 191 and is not space or leading zero padded.
For more information on the Syslog message format, please read the RFC.
The priority value is calculated using the following formula:
Priority = Facility * 8 + Level
The list of severity Levels:
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Recommended practice is to use the Notice or Informational level for normal messages.
A detailed explanation of the severity Levels:
Info useful to developers for debugging the app, not useful during operations
Normal operational messages - may be harvested for reporting, measuring throughput, etc - no action required
Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required
Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time
Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time
Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection
Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection
A "panic" condition - notify all tech staff on call? (earthquake? tornado?) - affects multiple apps/servers/sites...