Syslog
Standard protocol for system logging:
Message Format
| Field | Description | Example Value |
|---|---|---|
PRI | Priority value = Facility * 8 + Severity, enclosed in angle brackets | <34> |
TIMESTAMP | Date and time in "Mmm dd hh:mm:ss" format | Oct 22 12:34:56 |
HOSTNAME | Hostname or IP address of the sender | <hostname> |
TAG | Application name and optional PID | appname[1234] |
MESSAGE | Free-form message content | This is a log message. |
| Field | Description | Example Value |
|---|---|---|
PRI | Priority value = Facility * 8 + Severity, enclosed in angle brackets | <34> |
VERSION | Syslog protocol version (always 1 for RFC 5424) | 1 |
TIMESTAMP | ISO 8601 timestamp with optional timezone | 2025-01-03T14:07:15.003Z |
HOSTNAME | FQDN or IP address of the sender | host.example.com |
APP-NAME | Application name | appname |
PROCID | Process ID | 1234 |
MSGID | Identifier for the type of message | ID47 |
STRUCTURED-DATA | Optional structured key-value pairs | [exampleSDID@32473 iut="3"] |
MESSAGE | Free-form message content | This is a structured log message. |
Facility Values
| Code | Facility |
|---|---|
0 | kernel messages |
1 | user-level messages |
2 | mail system |
| ... | ... |
16–23 | local0 to local7 |
Severity Levels
| Code | Level |
|---|---|
0 | Emergency |
1 | Alert |
2 | Critical |
3 | Error |
4 | Warning |
5 | Notice |
6 | Informational |
7 | Debug |