|
|
LogAnalysis
[logs] Syslog and facilities Jun 06 2007 10:55AM saudi sans (saudisans gmail com) (4 replies) Re: [logs] Facility 101 (was: Syslog and facilities) Jun 18 2007 01:04PM Chris Brenton (cbrenton chrisbrenton org) (1 replies) [logs] Syslog and Windows Jun 22 2007 04:35AM Bill Scherr IV (bschnzl cotse net) (5 replies) RE: [logs] Syslog and Windows Jun 25 2007 06:54PM Eric Fitzgerald (Eric Fitzgerald microsoft com) (2 replies) RE: [logs] Syslog and Windows Jun 25 2007 08:02PM Rainer Gerhards (rgerhards hq adiscon com) (1 replies) RE: [logs] Syslog and Windows Jun 25 2007 08:43PM Eric Fitzgerald (Eric Fitzgerald microsoft com) (1 replies) RE: [logs] Syslog and Windows Jun 25 2007 09:10PM Rainer Gerhards (rgerhards hq adiscon com) (1 replies) Re: [logs] Syslog and Windows Jun 25 2007 07:59PM Vincent Bernat (bernat luffy cx) (1 replies) RE: [logs] Syslog and Windows Jun 26 2007 07:05PM Eric Fitzgerald (Eric Fitzgerald microsoft com) (1 replies) [logs] Re: Syslog and Windows Jun 22 2007 05:11AM Chris Brenton (cbrenton chrisbrenton org) (1 replies) [logs] Re: Syslog and Windows Jun 22 2007 10:23AM Bill Scherr IV (bschnzl cotse net) (1 replies) RE: [logs] Re: Syslog and Windows Jun 22 2007 06:27PM Tina Bird (tbird precision-guesswork com) (3 replies) Re: [logs] Re: Syslog and Windows Jun 22 2007 07:15PM Gord Taylor (taylorgo gmail com) (1 replies) RE: [logs] Re: Syslog and Windows Jun 22 2007 08:24PM Rainer Gerhards (rgerhards hq adiscon com) (1 replies) Re: [logs] Syslog and Windows Jun 22 2007 05:04AM John Kinsella (jlk thrashyour com) (2 replies) Re: [logs] Syslog and Windows Jun 22 2007 08:43AM Russell Fulton (r fulton auckland ac nz) (1 replies) |
|
Privacy Statement |
Facility is indeed mostly useless if you do not do anthing about it. You
can configure different devices/senders to use specific facilities and
then use them while relaying, storing messages or some other way to
process them. It' mostly a filter property. With current syslog
impementations (e.g. syslog-ng, rsyslog [www.rsyslog.com], WinSyslog
[www.winsyslog.com]) you can filter on many more things than on
facility. For example, filters can be the originator, message content
etc. However, facility is often a very handy tool for filtering. It also
works with stock syslklogd on Linux.
HTH,
Rainer
PS: I am the maintainer of the rsyslog project and I am with Adiscon,
the WinSyslog vendor.
> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed]
> [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of saudi sans
> Sent: Wednesday, June 06, 2007 12:56 PM
> To: loganalysis (at) loganalysis (dot) org [email concealed]
> Subject: [logs] Syslog and facilities
>
> Syslog has facilities and levels.
>
> What is the "facility" in syslog ? The level concept is
> pretty intuitive.
>
> As I understand "facility" field contains the source-program which
> generated the log entry .
>
> I have a central syslog server where I am aggregating logs from
> several cisco routers and Unix machines.
>
> I have given Level7 as my facility in all cisco routers and
> Level4 for all Unix
>
> If I am collecting logs remotely does the "facility" field contain
> anything meaningful? Does it make any difference to the log generation
> ? Does it matter if I set Level4 or LevelX?
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]