You can find the results in tomorrow's snapshot, however I'd appreciate if you could check my judgement and see if I did something wrong.
In main.c, there are four messages generated at NOTICE level that I think are really INFO: syslog-ng starting up SIGHUP received, reloading configuration Termination requested via signal, terminating syslog-ng shutting down The reason these aren't worthy of notice is that the system administrator already knows about these events; he ordered them. Something worthy of notice is something that happens independently. While almost all the error reports are issued at ERROR level, I found these that seem to be the same kind of errors, but have the lower NOTICE level: cfg_lex.c: unknown parse flag cfg_grammar.c: The value specified for time_sleep is too large. And here's one that's CRITICAL: macros.c: Internal error, unknown macro referenced Isn't this just another error? If a result of this is that Syslog fails completely, it would be worth an ALERT, but then the message should mention that Syslog failed completely. CRITICAL is just for when an entire major system is in imminent danger of collapse and needs immediate attention. I think a system could continue useful work for quite a while without Syslog service. In afsocket.c, "Number of allowed concurrent connections exceeded" is an ERROR. If this is what I think it is, it's not a case of Syslog being broken, but nonetheless something that might need attention, so I would call it WARNING or NOTICE. And in affile.c, "Destination file is too old, removing" is to me business as usual, not something someone is likely to want to respond to, so I would make it INFO. -- Bryan Henderson San Jose, California