{"id":487,"date":"2013-02-03T17:53:00","date_gmt":"2013-02-03T17:53:00","guid":{"rendered":"http:\/\/www.balajibandi.com\/?p=487"},"modified":"2017-09-03T17:57:20","modified_gmt":"2017-09-03T16:57:20","slug":"how-to-determine-the-syslog-facility-using-tcpdump","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=487","title":{"rendered":"How to determine the Syslog Facility using tcpdump"},"content":{"rendered":"<h1><span style=\"color: #0000ff;\"><strong>How to determine the Syslog Facility using tcpdump<\/strong><\/span><\/h1>\n<p>Each Syslog message contains a priority value. The priority value is enclosed within the characters &lt; &gt;. The priority value can be between 0 and 191 and consists of a Facility value and a Level value. Facility being the type of message, such as a kernel or mail message. And level being a severity level of the message.<\/p>\n<p>To calculate the priority value the following formula is used :<strong>\u00a0Priority = Facility * 8 + Level<\/strong><\/p>\n<p>So to determine the facility value of a syslog message we divide the priority value by 8. The remainder is the level value.<\/p>\n<p>My Cisco Config :<\/p>\n<p>logging trap debugging<br \/>\nlogging source-interface Vlan100<br \/>\nlogging host 192.168.1.67 \u00a0 \u00a0&#8211; SYSLOG Server<\/p>\n<p>Below is an example of the tcpdump syntax :<\/p>\n<p id=\"QWTZskN\"><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"184\" class=\"alignnone size-full wp-image-488 \" src=\"http:\/\/www.balajibandi.com\/wp-content\/uploads\/2017\/09\/img_59ac33be802ee.png\" alt=\"\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2017\/09\/img_59ac33be802ee.png 750w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2017\/09\/img_59ac33be802ee-300x74.png 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p>Using the above example this would give us a facility of 17 (local1) and a level of 5 (notice)<\/p>\n<p id=\"IRmbwrD\"><img loading=\"lazy\" decoding=\"async\" width=\"295\" height=\"335\" class=\"alignnone size-full wp-image-489 \" src=\"http:\/\/www.balajibandi.com\/wp-content\/uploads\/2017\/09\/img_59ac341aac646.png\" alt=\"\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2017\/09\/img_59ac341aac646.png 295w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2017\/09\/img_59ac341aac646-264x300.png 264w\" sizes=\"auto, (max-width: 295px) 100vw, 295px\" \/><\/p>\n<p><strong>Severity Levels<\/strong><\/p>\n<p>0 Emergency: system is unusable<br \/>\n1 Alert: action must be taken immediately<br \/>\n2 Critical: critical conditions<br \/>\n3 Error: error conditions<br \/>\n4 Warning: warning conditions<br \/>\n5 Notice: normal but significant condition<br \/>\n6 Informational: informational messages<br \/>\n7 Debug: debug-level messages<\/p>\n<p><strong>Facilities available<\/strong><\/p>\n<p>0 kernel messages<br \/>\n1 user-level messages<br \/>\n2 mail system<br \/>\n3 system daemons<br \/>\n4 security\/authorization messages<br \/>\n5 messages generated internally by syslogd<br \/>\n6 line printer subsystem<br \/>\n7 network news subsystem<br \/>\n8 UUCP subsystem<br \/>\n9 clock daemon<br \/>\n10 security\/authorization messages<br \/>\n11 FTP daemon<br \/>\n12 NTP subsystem<br \/>\n13 log audit<br \/>\n14 log alert<br \/>\n15 clock daemon<br \/>\n16 local use 0 (local0)<br \/>\n17 local use 1 (local1)<br \/>\n18 local use 2 (local2)<br \/>\n19 local use 3 (local3)<br \/>\n20 local use 4 (local4)<br \/>\n21 local use 5 (local5)<br \/>\n22 local use 6 (local6)<br \/>\n23 local use 7 (local7)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to determine the Syslog Facility using tcpdump Each Syslog message contains a priority value. The priority value is enclosed within the characters &lt; &gt;. The priority value can be between 0 and 191 and consists of a Facility value and a Level value. Facility being the type of message, such as a kernel or [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-487","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=487"}],"version-history":[{"count":1,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/487\/revisions"}],"predecessor-version":[{"id":490,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/487\/revisions\/490"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}