166 代表的意思是local4.info, 这个是PRI标识,首先请看下表,这是syslog-ng中预定义的。
- Numerical Code Facility
- 0 kernel messages
- 1 user-level messages
- 2 mail system
- 3 system daemons
- 4 security/authorization messages
- 5 messages generated internally by syslogd
- 6 line printer subsystem
- 7 network news subsystem
- 8 UUCP subsystem
- 9 clock daemon
- 10 security/authorization messages
- 11 FTP daemon
- 12 NTP subsystem
- 13 log audit
- 14 log alert
- 15 clock daemon
- 16-23 locally used facilities (local0-local7)
左边是值,右边是对应的facility,下表的level也是如此。
- Numerical Code Severity
- 0 Emergency: system is unusable
- 1 Alert: action must be taken immediately
- 2 Critical: critical conditions
- 3 Error: error conditions
- 4 Warning: warning conditions
- 5 Notice: normal but significant condition
- 6 Informational: informational messages
- 7 Debug: debug-level messages
PRI 就等于facility * 8 + level, 166 = local4*8 + info,即166代表local4.info
至于$DATE就比较简单了,代表日期, $MSG代表日志内容, $HOST代表主机。