The tool chosen to manage system logs will be Syslog.
What is Syslog?
Syslog is a standard protocol that allows you to send and centralize log messages from different devices or applications. Thanks to Syslog, we can separate the components that generate messages from those that store or process them for analysis. Each message incorporates an identification code that indicates the origin and a severity level that defines the importance of the recorded event.
Information to be logged (log levels)
All severity levels set by Syslog will be used, which are as follows:
- Emergency (Emergency): The system is completely inoperable and immediate action is required.
- Alert: Urgent intervention is needed to avoid serious consequences.
- Critical (Critical): Serious bugs have been detected that could compromise essential services.
- Error (Error): Incidents that indicate malfunctions.
- Warning: Situations that can develop into problems if not corrected.
- Notification (Notice): Relevant events that do not involve errors.
- Information (Informative): General information about the normal operation of the services.
- Debugging (Debug): Detailed technical information designed to assist in error detection and correction.
Practical examples:
- Emergency: The system has completely crashed and needs an immediate reboot.
- Alert: Suspicious access or unauthorized password change detected.
- Critic: Errors in the main database that may affect the service.
- Error: A login attempt failed due to incorrect password.
- Notice: Too many failed login attempts in a short time.
- Notification: User session started or ended successfully.
- Information: Starting a backup process or receiving an email.
- Debugging: Internal values of a variable during execution of a verification process.