Automatically generated based on tag:

Syslog Page Syslog, also known as "legacy-syslog" or "BSD-syslog", is a logging framework defined in RFC3164 then RFC5424 (IETF-syslog). syslog-ng and rsyslog extended the initial syslog protocol, and all three versions continue to be developed as separate projects, growing separately and in parallel.

syslog logs events / messages from various system components, notably on:
- Successful authentication and failed authentication attempts.
- sudo usage.
- Kernel and hardware component activities.
- cron jobs and mail activity (sendmail).
- ...

syslog relies on "Facilities" to classify and separate log messages from their originating subsystem / components (kernel, cron, user, mail, ...). The facilities are associated with actions in syslog configuration files, to log the messages to a file on disk, send them over the network, or display them to end-users.

The syslog log file locations are fully dependant on the syslog configuration and differ between Linux distribution and syslog implementation.
Configuration files and directories:
- /etc/syslog.conf
- /etc/rsyslog.conf
- /etc/rsyslog.d/*.conf
- /etc/syslog-ng.conf
- /etc/syslog-ng/*

Main syslog log files:
- auth / authpriv: (Debian / Ubuntu) /var/log/auth.log | (RedHat / Centos) /var/log/secure
- All except auth and authpriv: /var/log/syslog
- All except auth, authpriv, and mail: (RedHat / Centos) /var/log/messages
- cron: /var/log/cron.log
- mail: /var/log/mail.log
- Linux kernel: /var/log/kern.log
- User: /var/log/user.log

View on GitHub