Syslog facilities and severities - Documentation for BMC AMI Defender for Db2 6.1
Syslog facilities and severities are transmitted in a single field that RFC 3164 refers to as the PRI (priority) and that is the first field of the message.
The priority is calculated using the following syntax:
(facilityCode x 8) + severityCode = priority
The priority value is enclosed in angle brackets.
Example
Using the values from the following tables, the priority of a system daemon (syslog code = 3) with a warning (severity code = 4) is calculated as follows:
(3 x 8) + 4 = 28
The priority is enclosed in angle brackets:
<28>Oct 11 22:14:15 LPARB …
Syslog facilities
The following table lists the syslog facility names from RFC 3164 (in mixed case) and RFC 5427 (in lowercase) with their meanings. In BMC AMI Defender, you can specify facilities using either of the RFC names (in upper, lower or mixed case) and use the following abbreviations:
- Abbreviate RFC 3164 forms to the part shown in upper case.
- Abbreviate RFC 5427 names that are longer than four characters to their first four characters, except for cron2 and localn names, which you must write out fully.
As specified for BMC AMI Defender or CZASEND | Description from RFC 3164 and RFC 5427 | Syslogcode | Usage by BMC AMI Defender and CZASEND |
|---|---|---|---|
KERNel | kernel messages | 0 | SMF 7, SMF 90 |
USER | user-level messages | 1 | CZASEND |
MAIL | mail system | 2 |
|
SYSTem | system daemons | 3 | SMF 30 |
SECURITY4 | security/authorization messages 1 | 4 | SMF 80; SMF ACF2; SMF TSS80 |
SYSLOGd | messages generated internally by syslogd | 5 | zDefender internal messages; SMF DIAG |
PRINTER | line printer subsystem | 6 |
|
NEWS | network news subsystem | 7 |
|
UUCP | UUCP subsystem | 8 | SMF 119 |
CLOCK9 | clock daemon 2 | 9 |
|
SECURITY10 | security/authorization messages 1 | 10 |
|
FTP | FTP daemon | 11 |
|
NTP | NTP subsystem | 12 |
|
LOGAUdit | log audit 1 | 13 | SMF DB2 |
LOGALert | log alert 1 | 14 | SMF events except as otherwise indicated |
CLOCK15 | clock daemon 2 | 15 |
|
LOCAL0 | local use 0 (local0) | 16 | SMF 110 |
LOCAL1 | local use 1 (local1) | 17 | IND$FILE audit |
LOCAL2 | local use 2 (local2) | 18 | MicroFocus ChangeMan |
LOCAL3 | local use 3 (local3) | 19 | LSPACE |
LOCAL4 | local use 4 (local4) | 20 | CONSOLE |
LOCAL5 | local use 5 (local5) | 21 | MQ SMF 115 and 116 |
LOCAL6 | local use 6 (local6) | 22 |
|
LOCAL7 | local use 7 (local7) | 23 |
|
1 Various syslog message generating devices utilize facilities 4, 10, 13, and 14 for security/authorization, audit, and alert messages.
2 Various syslog message generating devices utilize both facilities 9 and 15 for clock (cron/at) messages.
