======
Syslog
======

This chapter covers some aspects related to :osdx:cfg:`system syslog`, which is a
feature that allows the user to manage the underlying Syslog protocol.

The syslog protocol makes possible the generation of log messages on various
subsystems and store them into a local file or forwarding them to a central syslog server, which collects and
stores the messages. This serves to network management that helps identify potetntial issues and
security threats.

Concepts
========

To help the recollection of the log messages between multiple devices along the
system (routes, switches, etc.), a syslog server is set up to store the log messages and, afterwards, filter among them.

Thes log messages have a header with information about the date of generation,
the facility which makes the message, the error code and the subsystem generator
of the message.

Let's suppose we have the following log message, extracted from inside the router:

  2023-05-10 09:40:39.181655 authpriv-info , sshd[2390]: Server listening on 0.0.0.0 port 22.

``2023-05-10 09:40:39.181655`` is the timestamp when the message was
received, ``authpriv-info`` represents that the authprive facility (Security and authentication messages) had generated the
message with a code of info. ``sshd[2390]`` indicate the name of the subsystem
that generated the message, sshd being the name of the subsystem and the number
being a distinctive between subsystems with the same name . The rest of the message is the content of the message.

Filters
=======

Each part of the inner :osdx:cfg:`system syslog` feature has the capacity of filtering among
every generated log messages. The regex filter only returns log messages which content
matches with the POSIX-Extended Regular Expression. The app filter allows to accept
only the syslog messages generated from a particular subsystem (e.g., sshd for
:osdx:cfg:`service ssh` subsystem), the subsystem name appears right before the message
content.
The level option only returns the log messages with a severity level higher or
equal to the selected level.
These are the error codes, from more to less severe:

* Emergency: system is unusable
* Alert: action must be taken immediately
* Critical: critical conditions
* Error: error conditions
* Warning: warning conditions
* Notice: normal but significant condition
* Info: informational messages
* Debug: debug-level messages

Options
=======
There are options for the compression of the stored log files in the case the
logs are redirected to an internal file and the number and size of them.

There are more options in the case of the forwarding of the log messages to an external
server is going to be UDP or TCP, the option to encrypt the traffic with TLS or to
communicate with the Syslog server on a specific interface or VRF.

.. osdx:cmdtree:: cfg
  :maxdepth: 2

  system syslog