Linux – where are the /var/log/messages alert event levels error, warning, failed, etc. stored

alertslinux

Is there a list of /var/log/messages event level keywords stored in a system file somewhere in CentOS 7 that would show all the possible "strings" to search for when grep'ing through /var/log/messages, or dmesg, etc?

I want to use a script for searching the most common or ALL possible events like err, error, failed, warning, kernel, etc.

Also, are the possible events different for logfiles messages, dmesg, cron, etc, or are the event keyswords all alike through the different log files?

Best Answer

The log priority is not stored in /var/log/messages at all.

Like its predecessors, rsyslog uses the priority as a hint to determine where to route any given log message. By default, it does not log the priority itself.

However, the systemd journal does log the priority (and keeps a lot of other interesting metadata). You can use the -p option to journalctl to narrow down log messages by priority.

       -p, --priority=
           Filter output by message priorities or priority ranges. Takes
           either a single numeric or textual log level (i.e. between
           0/"emerg" and 7/"debug"), or a range of numeric/text log levels in
           the form FROM..TO. The log levels are the usual syslog log levels
           as documented in syslog(3), i.e.  "emerg" (0), "alert" (1),
           "crit" (2), "err" (3), "warning" (4), "notice" (5), "info" (6),
           "debug" (7). If a single log level is specified, all messages with
           this log level or a lower (hence more important) log level are
           shown. If a range is specified, all messages within the range are
           shown, including both the start and the end value of the range.
           This will add "PRIORITY=" matches for the specified priorities.

See the journalctl man page for all of the ways in which you can search the journal.

Related Topic