The Syslog Severity level ranges between 0 to 7. Each number points to the relevance of the action reported.
From a debugging message (7) to a completely unusable system (0).
The Syslog Message Format
The format of a Syslog trap message is:
As shown in the following message, the Severity “field” can be found within the message.
Each section of the message provides the following information:
- Seq no:
It is the sequence number of the message log.
Date and time when the message was created.
This component represents the process, modules, or protocols that created the syslog event. It could be the mail system, the kernel, clock, line printer, network, etc.
A single digit ranging from 0 to 7 that determines the importance of the reported event.
[Optional] This is a text that describes the message.
- Description Text:
Provides more information on the reported event.
The Syslog Severity Levels in Detail
|0||Emergency||Panic: The network is useless.|
|1||Alert||Something bad happened, deal with it NOW!|
|2||Critical||Something bad is about to happen, deal with it NOW!|
|3||Error||A failure in the system that needs attention.|
|4||Warning||Something will happen if it is not dealt within a timeframe.|
|5||Notification||Normal but significant conditions.|
|6||Informational||Informative but not important.|
|7||Debugging||Lots of unnecessary messages. Only relevant for developers|
An urgent crisis that must be dealt with immediately. This condition is usually affecting everything in the network, all remote sites, applications, and servers. This kind of severity is rare but it could be destructive.
An alert is a condition that must be dealt with immediately. Alert indicates that something already happened. It could be a corrupted database or loss in the primary connection to the ISP.
This level indicates that something bad is about to happen and must be corrected right away. It usually indicates failure in a primary system (or link) of a backup solution. It could be a failure in a system’s primary application or an expired license.
A failure in a system that is usually not urgent but should be dealt within a reasonable time frame. A few examples of errors are when an application exceeded the storage, memory allocation, file not found, etc.
A notice that if action is not taken an error will occur. Warnings are usually message logs such as “file system is 89%” or “there is only 2GB remaining of free space.”
This is usually a normal condition but that must be considered. An event that could lead into a potential issue in the future which might require special care but no immediate action is needed. Examples are unsupported commands, installed license notifications, root admin actions, etc.
Logs containing information about normal operations. These messages do not require any action whatsoever. These can be used for creating reports, or planning for capacity. Examples are when an application started or ended successfully, throughput metrics, etc.
Debugging is not useful for day to day operations. This type of Syslog level is only useful for developers who are identifying and removing existing and potential errors in the software code.