Syslog Facilities

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I am configuring syslog on an X440G2. I don't understand what facilities are. From what I understand, they are different levels of information such as Errors, Critical, Warning, Informative. But I can't find any documentation that says what each local stands for. All the documentation just uses on or the other, but never explains what they are.

Can anyone provide insight?
Photo of Cody Roche

Cody Roche

  • 104 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,650 Points 10k badge 2x thumb
Hi,
I think you want to read that: https://tools.ietf.org/html/rfc3164#s...
Photo of Cody Roche

Cody Roche

  • 104 Points 100 badge 2x thumb
Actually, that documentation just lists them out Local0...Local7. But it doesn't say what Extreme uses them for? I mistook the severity levels 0 - 7 for that listing.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,772 Points 10k badge 2x thumb
Hi,

the facility names are used on the syslog server to sort messages into different log files. There is no special meaning to the names "local0" to "local7", they are provided to enable local configuration.

You might want to sort all messages from site 1 to log file site1.log, and all from site 2 to site2.log. One way to achieve this would be to use the facility local1 on site 1, and local2 on site2, and configure the syslog server to save messages according to the facility name to the intended file.

As such you just basically choose a facility name and use that consistently.

Br,
Erik
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,650 Points 10k badge 2x thumb
Hi, the document I pointed out is the rfc, what defines syslog. An interesting part in it, that I outlined, is the explanation between severity and facilities, which you seemed to be confused with. As for the localx facilities, as Erik pointed out, they don't have specific meaning: they are user-defined. You do whatever _you_ want with it.
(Edited)
Photo of Cody Roche

Cody Roche

  • 104 Points 100 badge 2x thumb
Okay, so it doesn't matter what I choose at the switch level? It is just a matter of grouping logs from "these" switches into one group, and "those" switches into another group, but at the log server level?
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,772 Points 10k badge 2x thumb
Yes, that's correct.

Another reason for having configurable syslog facilities is to integrate a new switch into an existing setup that already chose one of the localX facilities.
Photo of Drew C.

Drew C., Community Manager

  • 40,238 Points 20k badge 2x thumb
Great question and great answers!  I believe we can write up a GTAC Knowledge article on this topic.