Previous  Top  Next

Each Syslog message includes a priority value at the beginning of the text. The priority value ranges from 0 to 191 and is made up of a Facility value and a Level value. The priority is enclosed in "<>" delimiters.

A BSD Unix Syslog message looks like this:
The priority is a value from 0 to 191 and is not space or leading zero padded.
For more information on the Syslog message format, please read the RFC.

The Facility value is a way of determining which process of the machine created the message. Since the Syslog protocol was originally written on BSD Unix, the Facilities reflect the names of Unix processes and Daemons.
The priority value is calculated using the following formula:
Priority = Facility * 8 + Level

The list of Facilities available:

0   kernel
1   user
2   mail
3   daemon
4   authorization
5   syslogd  
6   line printer subsystem  
7   news
8   UUCP
9   cron
10   security
11   FTP
12   NTP
13   log audit
14   log alert
15   clock daemon
16   local use 0  (local0) 
17   local use 1  (local1) 
18   local use 2  (local2) 
19   local use 3  (local3) 
20   local use 4  (local4) 
21   local use 5  (local5) 
22   local use 6  (local6) 
23   local use 7  (local7)

If you are receiving messages from a Unix system, it is suggested you use the "user" Facility as your first choice. Local0 through to Local7 are not used by Unix and are traditionally used by networking equipment. Cisco routers for example use Local6 or Local7.