Which SyslogFacility possible

[Christopher Förster]

Hi I would like to syslog only the security related events.

What values are possible in the commandline or config setting "syslogFacilitiy". The documentation only lists "user" as the default value.

https://docs.mongodb.com/manual/reference/configuration-options/#systemLog.syslogFacility

Wikipedia lists the following - so I expect it is somehow possible

https://en.wikipedia.org/wiki/Syslog#Facility

Thanks for your help in advance :)

BR Chris

[Stephen Steneker]

Hi Chris,

As per the documentation links you referenced, the list of available facilities is dependent on your operating system's implementation of syslog. Any facility accepted by your local syslogd should be valid.

Note: the facility is a broad category for the type of program that is logging a message. If you want to filter syslog entries to events of a certain severity or component you will need to set up rules (in your syslogd configuration) to match relevant Log Messages. For example: ACCESS (authentication) and NETWORK (connections).

There are several popular flavours of syslog daemon with different features and configuration syntax. If you're looking for more specific advice on setting up rules I would suggest posting on ServerFault tagged with your O/S, syslogd, and mongodb. I also expect you might want more finesse on your rules. For example, separating ACCESS events from QUERY without ignoring query/performance logging.

Regards,

Stennie