About

Syslog is a (specification|standard) ¹⁾ for computer data logging. It separates:

• the software that generates messages
• from the system that stores them
• and the software that reports and analyzes them.

There is multiple implementation of syslog. The most known are:

• syslog
• or rsyslog

Facility

The facility filters the log to a destination (file,…)

Syslog

Syslog is a standard logging facility. It collects messages of various programs and services including the kernel, and stores them, depending on setup, in a bunch of log files typically under /var/log.

According to my /etc/syslog.conf:

• /var/log/kern.log captures only the kernel's messages of any log level; i.e. the output of dmesg.
• /var/log/messages instead aims at storing valuable, non-debug and non-critical messages. This log should be considered the “general system activity” log.
• /var/log/syslog in turn logs everything, except auth related messages.
• /var/log/auth.log.
• /var/log/mail.log.

Documentation / Reference

• wiki/syslog
• Difference between /var/log/messages, /var/log/syslog, and /var/log/kern.log?
• Internet Engineering Task Force (IETF) RFC 5424 - The Syslog Protocol