EXOS Syslog Severity Overview?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello Community,

just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?


configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
  <severity>      Severity value to use
    "critical"  "debug-data"  "debug-summary"  "debug-verbose"  "error"  "info"  "notice"  "warning"


I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:

severity[number]

any number (or range) from 0 (emergency) to 7 (debug) specifying the type of message

  • severity[4]
  • severity[1-3]
  • severity[1] AND severity[2]

Durign my tests I found out:

  • Failed logins are listed in PRTG as "Severity 4" events and on the EXOS side, the failed login entry is listed as an "warning" event.
  • Successfull logins are listed in PRTG as "Severity 6" and on the EXOS side as "info".

But what about all other possible syslog messages and severitys, to which "number level" do they belong to?


Cisco f.e. is using the following mapping:

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html


[1] https://prtg.paessler.com/help/syslog_receiver_sensor.htm


Cheers,
Jan
Photo of Jan Steinbach

Jan Steinbach

  • 1,192 Points 1k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Andrew Maldonado

Andrew Maldonado, Extreme Alumnus

  • 2,302 Points 2k badge 2x thumb
Jan,

The EXOS EMS Messages Catalog contains a significant amount of information regarding EXOS log messages including severity level. Here is a link to the EXOS EMS Messages Catalog.

http://documentation.extremenetworks.com/ems_catalog/downloads/EMS_Messages_Catalog.pdf

-Andrew
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,734 Points 5k badge 2x thumb
Photo of Andrew Maldonado

Andrew Maldonado, Extreme Alumnus

  • 2,302 Points 2k badge 2x thumb
Jan,

Here is a link to a section of the EXOS Command Reference Guide that goes into more detail regarding the severity levels.

http://documentation.extremenetworks.com/exos_commands/EXOS_All/EXOS_Commands_All/r_configure-log-ta...

-Andrew
(Edited)
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,608 Points 10k badge 2x thumb
Hi Jan,

The severity should line up with the severity in RFC 3164 
Numerical Code        Severity
      0            Emergency: system is unusable
      1            Alert: action must be taken immediately
      2            Critical: critical conditions
      3            Error: error conditions
      4            Warning: warning conditions
      5            Notice: normal but significant condition
      6            Informational: informational messages
      7            Debug: debug-level messages
      
EXOS does not use Emergency or Alert, so the highest severity that will be seen is 2 (Critical). Debug-data, debug-summary, and debug-verbose will all be sent with severity 7.

-Brandon
(Edited)
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,608 Points 10k badge 2x thumb
I also created a GTAC Knowledge article with further information regarding this:

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-do-EXOS-log-severities-map-to-the-numeric...
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Brandon and Andrew...really nice job bridging the gap between our formal technical publications and EXOS.  Your GTAC Knowledge article and reference to the RFC are spot on.


Jan,
Thank you for providing the Cisco example on what you'd like to see from Extreme.  Not only did that help Brandon and Andrew address your inquiry quickly with the KB, it also gave us some good feedback to provide our Information Dev team to improve our technical publications.  

Along those lines, I created a GTAC Knowledge article to capture how you give feedback on our formal technical publications in the future.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-do-I-provide-feedback-on-Extreme-s-Tech...

Lots of quality collaboration here.  Good stuff!  
Photo of Jan Steinbach

Jan Steinbach

  • 1,192 Points 1k badge 2x thumb
Thank you all very much, your feedback, motivation AND response time is outstanding and realy realy appreciated!

Before doing business with Extreme Networks, there where only one single vendor which impressed me for many years in a similar manner:

-> F5 Networks which their Knowledge Portal "Ask F5" (https://support.f5.com/kb/en-us.html)

Great to see that you step in their footsteps (From my point of view) :-)

Cheers from Cologne,
Jan
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Wow...thanks for the great comments Jan.

Also very much appreciate the F5 reference.  That's a great company and we're always looking to learn ways to improve.  Keep the feedback coming!