About
Syslog is a (specification|standard) 1) for computer data logging. It separates:
- the software that generates messages
- from the system that stores them
- and the software that reports and analyzes them.
There is multiple implementation of syslog. The most known are:
- or rsyslog
Facility
The facility filters the log to a destination (file,…)
Syslog
Syslog is a standard logging facility. It collects messages of various programs and services including the kernel, and stores them, depending on setup, in a bunch of log files typically under /var/log.
According to my /etc/syslog.conf:
- /var/log/kern.log captures only the kernel's messages of any log level; i.e. the output of dmesg.
- /var/log/messages instead aims at storing valuable, non-debug and non-critical messages. This log should be considered the “general system activity” log.
- /var/log/syslog in turn logs everything, except auth related messages.
- /var/log/auth.log.
- /var/log/mail.log.