Is there a way to find the syslog priority or severity of log entries using a standard unix tool?
For example I could grep for the word error in a log. But not all logs will state the word "error" should an error occur. It would be nice to find all the entries in a log that were logged at the err severity.
Obviously syslog knows these attributes but I'm not sure if this related meta data is simpled dropped once the message is written to disk, so this may not be possible.
Best Answer
Traditional syslog behavior is indeed as you say, the priority is part of the header of the syslog message and is used internally and only the timestamp, hostname and content of the message get written to disk.
That message may or may not include a textual description of the severity and there's no way to retrieve it after it is written to disk.
If you switch to a more feature rich alternative, like for instance
rsyslogyou get more configuration options, including templates where you could configure exactly how the events get stored, allowing you to include the priority.