分类: LINUX
2008-03-03 21:27:26
This section describes the format of a syslog message, according to RFC 3164 (). A syslog message consists of the following parts:
# 注释 :本节介绍 syslog 日志消息的结构,根据 RFC 3164 标准,一个 syslog 消息含有如下的部分 :
# -)1、PRI (优先级)
# -)2、header
# -)3、message
The total message must be shorter than 1024 bytes.
# 注释 :整个消息必须小于 1024 字节
The following is a sample syslog message: <133>Feb 25
14:09:07 webserver syslogd: restart. The message corresponds
to the following format:
![[Note]](190_files/note%5B1%5D.png) |
Note |
|---|---|
|
The syslog-ng application supports longer messages as well. For details, see
the # 注释 :注意,syslog-ng 可以支持更长的消息,但不建议这么做,最好不要超过 UDP 的 PDU 的长度 |
The PRI part of the syslog message (known as Priority value) represents the Facility and Severity of the message. Facility represents the part of the system sending the message, while severity marks its importance. The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. The possible facility and severity values are presented below.
# 注释 :PRI 部分也就是优先级部分。它代表 facility 和 serverity 。Facility 用于标识是那部分系统生成(发送)该消息的,而 severity 则给出该消息所代表的事件的严重程度。
# priority 值的计算方法是 : facility number * 8 + servieryt number
| Note | |
|---|---|
|
Facility codes may slightly vary between different platforms. The syslog-ng application accepts facility codes as numerical values as well. # 注释 :下面是各种 facility 的 number |
| Numerical Code | Facility |
|---|---|
| 0 |
kernel messages
# 注释 :0 表示 kernel facility |
| 1 |
user-level messages
# 注释 :1 表示 user facility |
| 2 |
mail system
# 注释 :2 表示来自邮件系统 |
| 3 |
system daemons
# 注释 :3 表示来自系统的守护进程 |
| 4 |
security/authorization messages
# 注释 :4 表示来自安全/认证系统 |
| 5 |
messages generated internally by syslogd
# 注释 :5 表示来自syslogd 内部 |
| 6 |
line printer subsystem
# 注释 :6 表示来自打印系统 |
| 7 |
network news subsystem
# 注释 :7 表示来自 NNS 系统 |
| 8 |
UUCP subsystem
# 注释 : 8 表示 UUCP 子系统 |
| 9 |
clock daemon
# 注释 :9 表示来自时钟守护进程 |
| 10 |
security/authorization messages
# 注释 :10 也表示来自安全/认证消息 |
| 11 |
FTP daemon
# 注释 :11 表示来自 FTP 守护进程 |
| 12 |
NTP subsystem
# 注释 :12 表示来自 NTP 系统 |
| 13 |
log audit
# 注释 :13 表示 log audit |
| 14 |
log alert
# 注释 :14 表示 log alert |
| 15 |
clock daemon
# 注释 :15 也是表示时钟守护进程 |
| 16-23 |
locally used facilities (local0-local7)
# 注释 :16-23 是表示 local0-local7
|
Table 2.1. syslog Message Facilities
The following table lists the severity values.
# 注释 :下面是各种 severity 值的 number
| Numerical Code | Severity |
|---|---|
| 0 |
Emergency: system is unusable
# 注释 :0 表示 emerg 级别,表示系统不可用 |
| 1 |
Alert: action must be taken immediately
# 注释 :1 表示 Alert 。表示必须立即采取动作 |
| 2 |
Critical: critical conditions
# 注释 :2 表示 Critical ,严重情况 |
| 3 |
Error: error conditions
# 注释 :3 表示 Error |
| 4 |
Warning: warning conditions
# 注释 :4 表示 Warnning |
| 5 |
Notice: normal but significant condition
# 注释 ;5 表示 notice |
| 6 |
Informational: informational messages
# 注释 :6 表示 info 级别。 |
| 7 |
Debug: debug-level messages
# 注释 :7 表示 debug
级别 |
Table 2.2. syslog Message Severities
The HEADER part contains a timestamp and the hostname (without the domain
name) or the IP address of the device. The timestamp field is the local time in
the Mmm dd hh:mm:ss format, where:
# 注释 :Header 部分含有一个时间戳和主机名(不含域名),或者是一个 ip 地址。
# 时间戳格式是
Mmm is the English abbreviation of the month: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
dd is the day of the month on two
digits. If the day of the month is less than 10, the first digit is replaced
with a space. (E.g., Aug 7.)
hh:mm:ss is the local time. The hour (hh) is represented in a 24-hour format. Valid entries are between 00 and 23, inclusive. The minute (mm) and second (ss) entries are between 00 and 59 inclusive.
| Note | |
|---|---|
|
The syslog-ng application supports other timestamp formats as well, like ISO,
or the PIX extended format. For details, see the |
The MSG part contains the name of the program or process that generated the
message, and the text of the message itself. The MSG part is usually in the
following format: program[pid]: message
text.
# 注释 :MSG 就是消息主体,它的格式一般是
