As well as the common system facilities (mail, news, daemon, cron, etc), syslog provides a series of "local" facilities, numbers 0 to 7: LOCAL0, LOCAL1, …, LOCAL7.
Which ones are program defaults for common applications?
I'm looking to find out which facilities are "traditionally" used for well known services. I will be deploying an application over many servers, with various software installed, and would like to see if there's a "free" facility I could easily use for my own logs.
As a note, I realize there are other ways of doing this than a syslog facility. Just curious!
Here are some, (a start to answering my own question) and some thanks to voretaq7:
LOCAL0is used by postgresqlLOCAL2is used by sudoLOCAL3is used by some versions of SpamAssassinLOCAL4is used by default by slapd (OpenLDAP server)LOCAL5is sometimes used by the Snort IDSLOCAL7is used for boot messages on Fedora 12
Best Answer
The
LOCALnfacilities are available for any local use and can vary pretty widely from site to site.I guarantee every one of the 8 available are used by something, so if you want to avoid conflicts my best advice is to log all 7 to separate logs and pick the one that nothing else seems to be using.
Some you missed (program defaults - may be changed locally so double-check):
LOCAL0is used by postgresql (if configured to log to syslog)LOCAL2is used by sudo (if configured to log to syslog)LOCAL3is used by some versions of SpamAssassinmailinsteadLOCAL5is sometimes used by the Snort IDS