How to get to know the level and facility of log messages on linux

Your Problem

You want to configure syslogd to sort messages according to their levels and/or facilities (such as warn, err, … or security, auth, …). But you do not know the level of the messages.

Solution

Unfortunately the normal syslogd has no option for showing level and facility of the messages. But you can configure it in a way that a seperate logfile is kept for each level and each facility. The config file /etc/syslog.conf could look like this:

*.=debug /var/log/lev_debug
*.=info /var/log/lev_info
*.=notice /var/log/lev_notice
*.=warn /var/log/lev_warn
*.=err /var/log/lev_err
*.=crit /var/log/lev_crit
*.=emerg /var/log/lev_emerg

auth.* /var/log/fac_auth
authpriv.* /var/log/fac_authpriv
cron.* /var/log/fac_cron
daemon.* /var/log/fac_daemon
ftp.* /var/log/fac_ftp
kern.* /var/log/fac_kern
lpr.* /var/log/fac_lpr
mail.* /var/log/fac_mail
news.* /var/log/fac_news
security.* /var/log/fac_security
syslog.* /var/log/fac_syslog
user.* /var/log/fac_user
uucp.* /var/log/fac_uucp
Now a message with the priority security.warn will be appended to the two files /var/log/lev_warn and /var/log/fac_security.

After having learned all information about the messages, you will probably deactivate those auxiliary log files.

Furthermore, you might want to have a look at syslog-ng, which is a compatible and much more flexible replacement for the standard syslogd.