Page created: 6 Nov 2019
|
Page updated: 25 Mar 2020
The Directory Server supports access logging using the syslog protocol that has been part of the Berkeley Software Distribution (BSD) operating systems for many years. Syslog provides a flexible, albeit simple, means to generate, store and transfer log messages that is supported on most UNIX and Linux operating systems.
The quasi-standard syslog message format cannot exceed 1 kbytes and has three important
parts:
- PRI. Specifies the message priority based on its facility and severity. The message facility is a numeric identifier that specifies the type of log messages, such as kernel messages, mail system messages, etc. The severity is a numeric identifier that specifies the severity level of the operation that is being reported. Together, the facility and the severity determine the priority of the log message indicated by angled brackets and 1-3 digit priority number. For example, "<0>", "<13>", "<103>" are valid representations of the PRI.
- Timestamp and Host Name. The timestamp displays the current date and time of the log. The host name or IP address displays the source of the log.
- Message. Displays the actual log message.
Administrators can configure syslog to handle log messages using log priorities that are
based on the message’s facility and severity. This feature allows users to configure the
logging system in such a way that messages with high severities can be sent to a centralized
repository, while lower severity messages can be stored locally on a server.
Note: Since the
numeric values of the severity and facility are operating system-dependent, the central
repository must only include syslog messages from compatible OS types, otherwise the
meanings of the PRI field is ambiguous.