Where do syslog messages come from?


I am trying to learn about syslog (and syslog-ng).  I have a question:  Where do the log messages come from?  Does the kernel just spew messages all the time?  If logging is not configured, do the messages just go nowhere?  Does the programmer of a particular program decide the severity level (warn, info, etc) or does the system somehow classify the messages?  

For instance, as a programmer, can I just arbitrarily decide to send a log message classified as, say, daemon.warn?  Or am I limited to what types of messages I can send.  How would a program actually send a log message?  Would it use the "logger" command?

Memphis TN
Who is Participating?
TintinConnect With a Mentor Commented:
Lots of questions there.

1.  Log messages come from any program that does it's logging via syslog function call or via the command line 'logger' command.

2.  The Kernel will send out a variety of syslog messages. It depends on your syslog.conf configuration as to how much is actually recorded in log files.

3.  If syslogd is not running, or the syslog message doesn't match any of the syslog.conf entries, then it effectively gets binned.

4.  It's up to the programmer to decide what messages are debug, critical, notice, info etc.

5.  A programmer can use whatever facility and notice level they like for logging.  However, it is not a good idea to mix your logging with the standard existing syslog facilities.  LOCAL0 to LOCAL6 are reserved for custom apps, so you can log via them to keep the app logs separate from everything else.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.