DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Meaning of <150>, <166> etc in syslog output?

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
26 Oct 2018 12:15 #93234 by dottedquad
Meaning of <150>, <166> etc in syslog output? was created by dottedquad
HI,

Each syslog line emitted by my 2862 starts with 3 digits in angled brackets, e.g. <150>.
Here's an actual example:
Code:
<150>Oct 10 14:43:08 DrayTek: Local User (MAC=A4-77-33-DD-A8-DC): 192.168.1.2 DNS -> 8.8.8.8 inquire www.google.com <150>Oct 10 14:43:08 DrayTek: Local User (MAC=A4-77-33-DD-A8-DC): 192.168.1.2 DNS -> 8.8.8.8 inquire www.google.com <166>Oct 10 14:43:19 DrayTek: WAN2 PPPoE ==> Protocol:LCP(c021) EchoReq Identifier:0x2B Magic Number: 0x0 00 00 ## <166>Oct 10 14:43:19 DrayTek: WAN2 PPPoE <== Protocol:LCP(c021) EchoRep Identifier:0x2B Magic Number: 0x5f43 ae 39 ##

I'd like to know what the 3 digits mean. Does anyone know?

Please Log in or Create an account to join the conversation.

More
26 Oct 2018 14:01 #93235 by anaglypta
Replied by anaglypta on topic Re: Meaning of &lt;150&gt;, &lt;166&gt; etc in syslog output?
Hello @dottedquad,

I believe these numbers are group identifiers used by the Draytek Syslog utility https://www.draytek.co.uk/support/downloads/software to segregate each group into their respective Syslog tab's when reading a saved log file back into the utility.

<134> = Firewall
<150> = User
<166> = WAN
etc.

Sorry I don't have a full list :(

Hope this helps

John.

Please Log in or Create an account to join the conversation.

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
26 Oct 2018 14:27 #93236 by dottedquad
Replied by dottedquad on topic Re: Meaning of &lt;150&gt;, &lt;166&gt; etc in syslog output?
Thanks Anaglypta. That's what I thought. You'd think there would be a definitive list of them!

I've been amusing myself writing a Python program to replace my use of Wallwatcher. It's surprising just how short a working program is that collects syslog data and writes it to a single file for each day. 50-60 lines is all it takes.

Please Log in or Create an account to join the conversation.

More
26 Oct 2018 16:04 #93237 by admin3
Replied by admin3 on topic Re: Meaning of &lt;150&gt;, &lt;166&gt; etc in syslog output?
Those numeric prefixes define the level & severity of the syslog message. On DrayTek routers, they're used to categorise the different types in the DrayTek syslog application.

This page gives a useful reference table of where each number is in relation to severity & level: https://answers.splunk.com/answers/31036/syslog-facility-and-severity-loglevel.html

For any syslog server other than the DrayTek one, here's a list of the different types and where they would be in the DrayTek Syslog utility:
Local use 0 - Firewall
Local use 1 - VPN
Local use 2 - User Log - sessions etc.
Local use 3 - Connection
Local use 4 - WAN
Local use 5 - DSL / modem
Local use 6 - DHCP / Other
Local use 7 - IPPBX

Forum Administrator

Please Log in or Create an account to join the conversation.

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
26 Oct 2018 17:45 #93238 by dottedquad
Replied by dottedquad on topic Re: Meaning of &lt;150&gt;, &lt;166&gt; etc in syslog output?
Thanks admin3! That's most illuminating, and makes sense of the syslog priority codes I typically see.
For example:
Firewall message: pri = 134 = 16x8+6 gives facility 16 (local 0) and severity 6 (info)
Local web login message: pri = 141 = 17x8+5 gives facility 17 (local 1) and severity 5 (notice)

I'm just glad I don't need to use them!

Please Log in or Create an account to join the conversation.

Moderators: Chris