topic EXOS Syslog Severity Overview? in ExtremeSwitching (EXOS/Switch Engine)

EXOS Syslog Severity Overview?

SchmuFoo — Tue, 07 Jul 2015 16:38:00 GMT

Hello Community,

just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?

configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
<severity> Severity value to use
"critical" "debug-data" "debug-summary" "debug-verbose" "error" "info" "notice" "warning"

I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:

severity[number]

any number (or range) from 0 (emergency) to 7 (debug) specifying the type of message

severity[4]
severity[1-3]
severity[1] AND severity[2]

Durign my tests I found out:

Failed logins are listed in PRTG as "Severity 4" events and on the EXOS side, the failed login entry is listed as an "warning" event.

Successfull logins are listed in PRTG as "Severity 6" and on the EXOS side as "info".

But what about all other possible syslog messages and severitys, to which "number level" do they belong to?

Cisco f.e. is using the following mapping:

Alert Messages, Severity 1
Critical Messages, Severity 2
Error Messages, Severity 3
Warning Messages, Severity 4
Notification Messages, Severity 5
Informational Messages, Severity 6
Debugging Messages, Severity 7

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html

[1] https://prtg.paessler.com/help/syslog_receiver_sensor.htm

Cheers,
Jan

RE: EXOS Syslog Severity Overview?

Andrew_Maldonad — Tue, 07 Jul 2015 19:08:00 GMT

Jan,

The EXOS EMS Messages Catalog contains a significant amount of information regarding EXOS log messages including severity level. Here is a link to the EXOS EMS Messages Catalog.

http://documentation.extremenetworks.com/ems_catalog/downloads/EMS_Messages_Catalog.pdf

-Andrew

RE: EXOS Syslog Severity Overview?

Ryan_Yacobucci — Tue, 07 Jul 2015 19:08:00 GMT

Link is dead. Found new EMS Messages Catalog: http://documentation.extremenetworks.com/ems_catalog_22.1/EMS_Messages_21/introduction.shtml

RE: EXOS Syslog Severity Overview?

Andrew_Maldonad — Tue, 07 Jul 2015 19:48:00 GMT

Jan,

Here is a link to a section of the EXOS Command Reference Guide that goes into more detail regarding the severity levels.

http://documentation.extremenetworks.com/exos_commands/EXOS_All/EXOS_Commands_All/r_configure-log-ta...

-Andrew

RE: EXOS Syslog Severity Overview?

BrandonC — Tue, 07 Jul 2015 21:21:00 GMT

Hi Jan,

The severity should line up with the severity in RFC 3164 .
Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages EXOS does not use Emergency or Alert, so the highest severity that will be seen is 2 (Critical). Debug-data, debug-summary, and debug-verbose will all be sent with severity 7.

-Brandon

RE: EXOS Syslog Severity Overview?

BrandonC — Tue, 07 Jul 2015 21:21:00 GMT

I also created a GTAC Knowledge article with further information regarding this:

https://gtacknowledge.extremenetworks.com/articles/Q_A/How-do-EXOS-log-severities-map-to-the-numeric...

RE: EXOS Syslog Severity Overview?

Ryan_Mathews — Tue, 07 Jul 2015 21:21:00 GMT

Brandon and Andrew...really nice job bridging the gap between our formal technical publications and EXOS. Your GTAC Knowledge article and reference to the RFC are spot on.

Jan,
Thank you for providing the Cisco example on what you'd like to see from Extreme. Not only did that help Brandon and Andrew address your inquiry quickly with the KB, it also gave us some good feedback to provide our Information Dev team to improve our technical publications.

Along those lines, I created a GTAC Knowledge article to capture how you give feedback on our formal technical publications in the future.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-do-I-provide-feedback-on-Extreme-s-Tech...

Lots of quality collaboration here. Good stuff!

RE: EXOS Syslog Severity Overview?

SchmuFoo — Tue, 07 Jul 2015 21:21:00 GMT

Thank you all very much, your feedback, motivation AND response time is outstanding and realy realy appreciated!

Before doing business with Extreme Networks, there where only one single vendor which impressed me for many years in a similar manner:

-> F5 Networks which their Knowledge Portal "Ask F5" (https://support.f5.com/kb/en-us.html)

Great to see that you step in their footsteps (From my point of view) 🙂

Cheers from Cologne,
Jan

RE: EXOS Syslog Severity Overview?

Ryan_Mathews — Tue, 07 Jul 2015 21:21:00 GMT

Wow...thanks for the great comments Jan.

Also very much appreciate the F5 reference. That's a great company and we're always looking to learn ways to improve. Keep the feedback coming!