Log - Syslog


Syslog is a (specification|standard) 1) for computer data logging. It separates:

  • the software that generates messages
  • from the system that stores them
  • and the software that reports and analyzes them.

There is multiple implementation of syslog. The most known are:


The facility filters the log to a destination (file,…)


Syslog is a standard logging facility. It collects messages of various programs and services including the kernel, and stores them, depending on setup, in a bunch of log files typically under /var/log.

According to my /etc/syslog.conf:

  • /var/log/kern.log captures only the kernel's messages of any log level; i.e. the output of dmesg.
  • /var/log/messages instead aims at storing valuable, non-debug and non-critical messages. This log should be considered the “general system activity” log.
  • /var/log/syslog in turn logs everything, except auth related messages.
  • /var/log/auth.log.
  • /var/log/mail.log.

Documentation / Reference

Powered by ComboStrap