cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

EXOS Syslog Severity Overview?

EXOS Syslog Severity Overview?

SchmuFoo
Contributor
Hello Community,

just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?

configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
<severity> Severity value to use
"critical" "debug-data" "debug-summary" "debug-verbose" "error" "info" "notice" "warning"


I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:

severity[number]

any number (or range) from 0 (emergency) to 7 (debug) specifying the type of message

  • severity[4]
  • severity[1-3]
  • severity[1] AND severity[2]

Durign my tests I found out:

  • Failed logins are listed in PRTG as "Severity 4" events and on the EXOS side, the failed login entry is listed as an "warning" event.
  • Successfull logins are listed in PRTG as "Severity 6" and on the EXOS side as "info".
But what about all other possible syslog messages and severitys, to which "number level" do they belong to?

Cisco f.e. is using the following mapping:

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html

[1] https://prtg.paessler.com/help/syslog_receiver_sensor.htm

Cheers,
Jan

8 REPLIES 8

BrandonC
Extreme Employee
Hi Jan,

The severity should line up with the severity in RFC 3164 .
Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages EXOS does not use Emergency or Alert, so the highest severity that will be seen is 2 (Critical). Debug-data, debug-summary, and debug-verbose will all be sent with severity 7.

-Brandon

Wow...thanks for the great comments Jan.

Also very much appreciate the F5 reference. That's a great company and we're always looking to learn ways to improve. Keep the feedback coming!

Thank you all very much, your feedback, motivation AND response time is outstanding and realy realy appreciated!

Before doing business with Extreme Networks, there where only one single vendor which impressed me for many years in a similar manner:

-> F5 Networks which their Knowledge Portal "Ask F5" (https://support.f5.com/kb/en-us.html)

Great to see that you step in their footsteps (From my point of view) šŸ™‚

Cheers from Cologne,
Jan

Brandon and Andrew...really nice job bridging the gap between our formal technical publications and EXOS. Your GTAC Knowledge article and reference to the RFC are spot on.

Jan,
Thank you for providing the Cisco example on what you'd like to see from Extreme. Not only did that help Brandon and Andrew address your inquiry quickly with the KB, it also gave us some good feedback to provide our Information Dev team to improve our technical publications.

Along those lines, I created a GTAC Knowledge article to capture how you give feedback on our formal technical publications in the future.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-do-I-provide-feedback-on-Extreme-s-Tech...

Lots of quality collaboration here. Good stuff!
GTM-P2G8KFN