Header Only - DO NOT REMOVE - Extreme Networks

Syslog Facilities


I am configuring syslog on an X440G2. I don't understand what facilities are. From what I understand, they are different levels of information such as Errors, Critical, Warning, Informative. But I can't find any documentation that says what each local stands for. All the documentation just uses on or the other, but never explains what they are. Can anyone provide insight?

8 replies

Userlevel 7
Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1
Grosjean, Stephane wrote:

Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1

THANK YOU!!! I could not for the life of me find anything that listed them like that! Why is this not in Extreme's documentation anywhere (or is it)?
Grosjean, Stephane wrote:

Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1

Actually, that documentation just lists them out Local0...Local7. But it doesn't say what Extreme uses them for? I mistook the severity levels 0 - 7 for that listing.
Userlevel 7
Grosjean, Stephane wrote:

Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1

Hi,

the facility names are used on the syslog server to sort messages into different log files. There is no special meaning to the names "local0" to "local7", they are provided to enable local configuration.

You might want to sort all messages from site 1 to log file site1.log, and all from site 2 to site2.log. One way to achieve this would be to use the facility local1 on site 1, and local2 on site2, and configure the syslog server to save messages according to the facility name to the intended file.

As such you just basically choose a facility name and use that consistently.

Br,
Erik
Userlevel 7
Grosjean, Stephane wrote:

Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1

Hi, the document I pointed out is the rfc, what defines syslog. An interesting part in it, that I outlined, is the explanation between severity and facilities, which you seemed to be confused with. As for the localx facilities, as Erik pointed out, they don't have specific meaning: they are user-defined. You do whatever _you_ want with it.
Grosjean, Stephane wrote:

Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1

Okay, so it doesn't matter what I choose at the switch level? It is just a matter of grouping logs from "these" switches into one group, and "those" switches into another group, but at the log server level?
Userlevel 7
Grosjean, Stephane wrote:

Hi, I think you want to read that: https://tools.ietf.org/html/rfc3164#section-4.1.1

Yes, that's correct.

Another reason for having configurable syslog facilities is to integrate a new switch into an existing setup that already chose one of the localX facilities.
Userlevel 7
Great question and great answers! I believe we can write up a GTAC Knowledge article on this topic.

Reply