=====Review Syslog Files=====

Overview of Syslog Facilities

^  Code	^  Facility  ^  Facility description  ^
|  0  |  kern  | Kernel messages |
|  1  |  user  | User-level messages |
|  2  |  mail  | Mail system messages |
|  3  | daemon  | System daemon messages |
|  4  |  auth  | Authentication and security messages |
|  5  |  syslog  | Internal syslog messages |
|  6  |  lpr  | Printer messages |
|  7  |  news  | Network news messages |
|  8  |  uucp  | UUCP protocol messages |
|  9  |  cron  | Clock daemon messages |
|  10  |  authpriv  | Non-system authorization messages |
|  11  |  ftp  | FTP protocol messages |
|  16-23  |  local0 to local7  | Custom local messages|

Overview of Syslog Priorities

^  Code  ^  Priority  ^  Priority description  ^
|  0  |  emerg  |  System is unusable  |
|  1  |  alert  |  Action must be taken immediately  |
|  2  |  crit  |  Critical condition  |
|  3  |  err  |  Non-critical error condition  |
|  4  |  warning  |  Warning condition  |
|  5  |  notice  |  Normal but significant event  |
|  6  |  info  |  Informational event  |
|  7  |  debug  |  Debugging-level message  |

configuration file is usually at /etc/rsyslog.conf extra configurations are stored in the drop in directory at /etc/rsyslog.d/

====example====

make ssh use its own log. By default ssh uses the Authpriv to make it so that it uses its own log requires 3 steps

1: modify sshd.conf and a new conf file to /etc/sshd_config.d/99-logging.conf and put 
 SyslogFacilty local6
<code> SyslogFacilty local6 </code> 

By default its in sshd.conf and set to  SyslogFacilty Auth

2: and an extra conf file to rsyslog stgored in /etc/rsyslog.d/99-sshd.conf
<code> local6.*

3: restart both sshd and rsyslog

to test rsyslog you can use logger

<code> logger -p local6.info " teting testing" </code> this will generate a log entry on the sshd.log