Such a list is impossible, as unlike Windows events (which have a static list of IDs, a specific template for each ID, and only fill in parameters) syslog messages are simply free-form text.
To enumerate possible messages even for a single program would require searching its source code for syslog()
calls, which might be made indirectly through custom functions, through various libraries (e.g. log4net) or not use syslog at all (e.g. various programs use systemd-journal functions). So that requires specific knowledge about each program's source code, and cannot be easily automated at the scale of an entire Linux distribution – which it would have to be, as new versions may have different messages.
(The systemd journal does have optional message IDs and 'catalog' files containing descriptions and translations. It's still opt-in and the usage is rare.)
Really even the Windows event message lists only cover the standard OS components and perhaps things like MS Office. They cannot possibly cover all messages that third-party software might log, which might install its own catalogs and event IDs, or even submit freeform messages.
Why? This appears to be a X->Y problem, where you've not actually told us what you're trying to do. As such, you'll never get an appropriate answer.
– djsmiley2k TMW – 2018-09-03T14:03:58.147I want to filter my syslog messages to get only those I am interested in. I would like for example to get the syslog messages saying that a user authentication has failed or succeed. – M.Brbr – 2018-09-03T14:30:42.493
1Grep is your friend in this case. You could filter for only Auth level messages, however the syslog levels rely on applications logging to the right levels, or you having filters to make sure everything is in the right levels. I'd personally just call the syslog and then grep for what I need:
grep /var/log/messages 'logged'
– djsmiley2k TMW – 2018-09-03T14:53:40.293Keep in mind that some of the events you're requesting are a bit fuzzy. Authentication failures are logged by PAM – except when they don't use PAM (password logins do, but SSH publickey logins don't). Administrator actions are so many and varied that it's practically impossible to have a single "event" for all of them. – user1686 – 2018-09-06T11:40:36.787