Syslog: Difference between revisions

From 탱이의 잡동사니
Jump to navigation Jump to search
m (Pchero moved page Syslogd to Syslog over redirect)
 
(8 intermediate revisions by the same user not shown)
Line 55: Line 55:


|-
|-
| LOG_AUTH || security/authorization messages. The authorization system: login()<ref>https://www.freebsd.org/cgi/man.cgi?query=login&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, su()<ref>https://www.freebsd.org/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, getty()<ref>https://www.freebsd.org/cgi/man.cgi?query=getty&sektion=8&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, etc.
| LOG_AUTH || security/authorization messages. The authorization system: login<ref>https://www.freebsd.org/cgi/man.cgi?query=login&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, su<ref>https://www.freebsd.org/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, getty<ref>https://www.freebsd.org/cgi/man.cgi?query=getty&sektion=8&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, etc.


|-
|-
Line 77: Line 77:
|-
|-
| LOG_LPR || The line printer spooling system such as lpr, lpc, lpd, etc.
| LOG_LPR || The line printer spooling system such as lpr, lpc, lpd, etc.
|
|}
{| class="wikitable"
! Facility !! Keyword !! C code !! Facility Description
|-
| 0 || kern || LOG_KERN || kernel messages
|-
| 1 || user || LOG_USER || user-level messages
|-
| 2 || mail || LOG_MAIL || mail system
|-
| 3 || daemon || LOG_DAEMON || system daemons
|-
| 4 || auth || LOG_AUTH || security/authorization messages. The authorization system: login()<ref>https://www.freebsd.org/cgi/man.cgi?query=login&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, su()<ref>https://www.freebsd.org/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, getty()<ref>https://www.freebsd.org/cgi/man.cgi?query=getty&sektion=8&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, etc.


|-
|-
| 5 || syslog || LOG_SYSLOG || messages generated internally by syslogd
| LOG_MAIL || The mail system.


|-
|-
| 6 || lpr || LOG_LPR || line printer subsystem
| LOG_NEWS || The network news system.


|-
|-
| 7 || news || LOG_NEWS || network news subsystem
| LOG_NTP || The network time protocol system.


|-
|-
| 8 || uucp || LOG_UUCP || UUCP subsystem
| LOG_SECURITY || Security subsystems, such as ipfw.


|-
|-
| 9 || clock || LOG_CRON || clock daemon
| LOG_SYSLOG || Message generated internally by syslogd.


|-
|-
| 10 || authpriv || LOG_AUTHPRIV || security/authorization messages. The same as LOG_AUTH, but logged to a file readable only by selected individuals.
| LOG_USER || Messages generated by random user processes. This is the default facility identifier if none is specified.


|-
|-
| 11 || ftp || - || FTP daemon
| LOG_UUCP || The uucp system.


|-
|-
| 12 || - || - || NTP subsystem
| LOG_LOCAL0 || Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7.
 
|-
| 13 || - || - || log audit
 
|-
| 14 || - || - || log alert
 
|-
| 15 || cron || - || clock daemon
 
|-
| 16 || local0 || LOG_LOCAL0 || local use 0 (local0)
 
|-
| 17 || local1 || LOG_LOCAL1 || local use 1 (local1)
 
|-
| 18 || local2 || LOG_LOCAL2 || local use 2 (local2)
 
|-
| 19 || local3 || LOG_LOCAL3 || local use 3 (local3)
 
|-
| 20 || local4 || LOG_LOCAL4 || local use 4 (local4)
 
|-
| 21 || local5 || LOG_LOCAL5 || local use 5 (local5)
 
|-
| 22 || local6 || LOG_LOCAL6 || local use 6 (local6)
 
|-
| 23 || local7 || LOG_LOCAL7 || local use 7 (local7)


|}
|}


=== Severity ===
=== Level ===
{| class="wikitable"
{| class="wikitable"
! Code !! Severity !! Keyword !! C code !! Description
! Level !! Description


|-
|-
| 0 || Emergency || emerg(panic) || LOG_EMERG || System is unusable. A panic condition. This is normally broadcast to all users.
| LOG_EMERG || System is unusable. A panic condition. This is normally broadcast to all users.


|-
|-
| 1 || Alert || alert || LOG_ALERT || Action must be taken immediately. A condition that should be corrected immediately, such as a corrupted system database.
| LOG_ALERT || Action must be taken immediately. A condition that should be corrected immediately, such as a corrupted system database.


|-
|-
| 2 || Critical || crit || LOG_CRIT || Critical conditions. Critical conditions, e.g., hard device errors.
| LOG_CRIT || Critical conditions. Critical conditions, e.g., hard device errors.


|-
|-
| 3 || Error || err(error) || LOG_ERR || Error conditions.
| LOG_ERR || Error conditions.


|-
|-
| 4 || Warning || warning(warn) || LOG_WARNING || Warning conditions.
| LOG_WARNING || Warning conditions.


|-
|-
| 5 || Notice || notice || LOG_NOTICE || Normal but significant condition. Conditions that are not error conditions, but should possibly be handled specially.
| LOG_NOTICE || Normal but significant condition. Conditions that are not error conditions, but should possibly be handled specially.


|-
|-
| 6 || Informational || info || LOG_INFO || Informational messages.
| LOG_INFO || Informational messages.


|-
|-
| 7 || Debug || debug || LOG_DEBUG || Debug-level messages. Message that contain information normally of use only when debugging a program.
| LOG_DEBUG || Debug-level messages. Message that contain information normally of use only when debugging a program.


|}
|}
Line 192: Line 136:
== See also ==
== See also ==
* http://system-monitoring.readthedocs.io/en/latest/log.html - 로그(syslog)
* http://system-monitoring.readthedocs.io/en/latest/log.html - 로그(syslog)
* https://www.freebsd.org/cgi/man.cgi?query=syslog - FreeBSD Manual Pages(syslog)
== Referecne ==
<references />


[[category:system]]
[[category:system]]

Latest revision as of 12:14, 13 June 2017

Overview

Syslog 내용 정리

Basic

syslog 를 이용하면, 원격 시스템 내부에서는 물론이고 로그의 내용을 서버로 전송하여 파일이나 DB에 저장하여 볼 수 있다. 단순한 기능 같지만, 원격 모니터링에 있어서 가장 기능 중 하나라고 할 수 있다. 빈번하게 변화하는 값들은 modbus 프로토콜을 이용하여 모니터링하고, 중요한 이벤트나 디버깅 정보등은 syslog 로 관리하면 편리하다. syslog 는 특정 이벤트가 발생하는 시점들을 관리할 수도 있고, 시스템에 문제가 발생했을 때 원인을 분석하는 디버깅 용도로도 매우 유용하다.

syslog 는 IETF의 RFC 5424 로 등록되어 있다. RFC 5424 에는 syslog 메시지를 인터넷 상으로 전달하는 방법을 기술한다.

syslog log print

다음은 /var/log/syslog 의 내용 일부이다. syslog가 설치된 시스템에서는 기본적으로 시스템에서 발생하는 로그들을 이 파일에 출력한다.

Jun  8 09:27:55 myworkplace dhclient: XMT: Solicit on wlan0, interval 114200ms.
Jun  8 09:28:43 myworkplace kernel: [ 1534.673986] SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled

^^^^^^ ^^^^^^^^ ^^^^^^^^^^^ ^^^^^^^^^^^^^  ^^^^^^^^^^^^^^^^^^^^^^^^^
DATE   TIME     hostname    process name   message (log content)

위의 예에서 보인바와 같이 syslog 의 출력은 날짜와 시간으로 시작한다. 이후 호스트 이름과 프로세스 이름을 출력하며, 여기까지는 syslog 에서 자동으로 출력해 주는 부분이다. 콜론(:) 이후의 내용은 로그를 찍는 이유를 설명하는 메시지 부분이다.

apache 와 같은 프로그램들은 syslog 기준을 따르지 않는 독자적인 로그를 별도의 로그 파일에 기록한다. ubuntu 의 경우, /var/log/apache2/ 아래에 access.log 와 error.log 로 별도 저장한다.

Log level

syslog 는 다음과 같은 메시지 특성을 가진다. facility 는 메시지를 발생시킨 프로그램의 타입을 나타내는 값이며, severity 는 메시지의 성격 또는 중요도를 나타낸다. syslog 에서는 이 값에 따라 로그 메시지를 어느 파일에 기록할지, 누구에게 이 사실을 알릴 것인지를 결정한다.

Option

Option Description
LOG_CONS Write directly to system console if there is an error while sending to system logger.
LOG_NDELAY Open the connection immediately(normally, the connection is opened when the first message is logged).
LOG_NOWAIT Don't wait for child processes that may have been created while logging the message. (The GNU C library does not create a child process, so this option has no effect on Linux.)
LOG_ODELAY The converse of LOG_NDELAY; opening of the connection is delayed until syslog() is called. (This is the default, and need not to be specified.)
LOG_PERROR (Not in POSIX.1-2001 or POSIX.1-2008.) Print to stderr as well.
LOG_PID Include PID with each message.

Facility

Facility 는 로그 메시지를 남기는 프로그램의 타입의 종류를 나타낸다. Facility 를 통해서 프로그램을 구분하여 로그를 설정할 수 있다.

Facility Facility Description
LOG_AUTH security/authorization messages. The authorization system: login<ref>https://www.freebsd.org/cgi/man.cgi?query=login&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, su<ref>https://www.freebsd.org/cgi/man.cgi?query=su&sektion=1&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, getty<ref>https://www.freebsd.org/cgi/man.cgi?query=getty&sektion=8&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>, etc.
LOG_AUTHPRIV security/authorization messages. The same as LOG_AUTH, but logged to a file readable only by selected individuals.
LOG_CONSOLE Message written to /dev/console by the kernel console output driver.
LOG_CRON The cron daemon. cron<ref>https://www.freebsd.org/cgi/man.cgi?query=cron&sektion=8&apropos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports</ref>
LOG_DAEMON System daemons, such as routed, that are not provided for explicitly by other facilities.
LOG_FTP The file transfer protocol daemons such as ftpd, tftpd.
LOG_KERN Messages generated by the kernel. These cannot be generated by any user processes.
LOG_LPR The line printer spooling system such as lpr, lpc, lpd, etc.
LOG_MAIL The mail system.
LOG_NEWS The network news system.
LOG_NTP The network time protocol system.
LOG_SECURITY Security subsystems, such as ipfw.
LOG_SYSLOG Message generated internally by syslogd.
LOG_USER Messages generated by random user processes. This is the default facility identifier if none is specified.
LOG_UUCP The uucp system.
LOG_LOCAL0 Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7.

Level

Level Description
LOG_EMERG System is unusable. A panic condition. This is normally broadcast to all users.
LOG_ALERT Action must be taken immediately. A condition that should be corrected immediately, such as a corrupted system database.
LOG_CRIT Critical conditions. Critical conditions, e.g., hard device errors.
LOG_ERR Error conditions.
LOG_WARNING Warning conditions.
LOG_NOTICE Normal but significant condition. Conditions that are not error conditions, but should possibly be handled specially.
LOG_INFO Informational messages.
LOG_DEBUG Debug-level messages. Message that contain information normally of use only when debugging a program.

See also

Referecne

<references />