[Sussex] Red Hat Enterprise syslog question

paul.morriss at tokenbay.co.uk paul.morriss at tokenbay.co.uk
Wed May 10 10:20:21 UTC 2006


Dear all,

I have been trying to find out the log file (syslog) format of Red Hat
Linux Enterprise Edition. I am aware that it uses a variant of the SYSLOG
format, unfortunately I have been unable to locate the exact
specifications of this particular variant. The nearest I have found on the
website was this log example:

Jul 18 20:51:03 clu1 clufence[30780]: <info> STONITH: rps10 at /dev/ttyS0,\
	  port 1 controls clu2
Jul 18 20:51:17 clu1 clufence[30780]: Port 0 being turned on.
Jul 18 20:51:17 clu1 clufence[30780]: <notice> STONITH: clu2 is no longer
fenced off.
     [1]         [2]      [3]               [4]         [5]

Each entry in the log file contains the following information:
•	[1] Date and time
•	[2] Hostname
•	[3] Cluster resource or daemon
•	[4] Severity
•	[5] Message

( Taken from
http://www.redhat.com/docs/manuals/csgfs/browse/rh-cs-en-3/s1-software-syslog.html
)

This, however, is not an explicit specification and also shows signs of
inconsistency, with the severity tag missing (when Port 0 is turned on),
and the date seeming somewhat incomplete.  I believe the severity tag is
configurable through syslog.conf?

I am looking for the schema/RFC for the log file format, specifying the
date output format (e.g. YYYYMMDD_HHSSMM, assuming that the time and date
stamp is consistent), and all the fields that are used (and those that are
optional), along with what their contents are to be.

I have looked through RFC 3164 but this has been no help.  We are also
looking for a document that lists the kernel level events and there
format.

If anybody can direct me to an explicit technical specification for Red
Hat Linux Enterprise’s syslog format, it would be appreciated.

Thanks.






More information about the Sussex mailing list