Showing results for 
Search instead for 
Did you mean: 

Syslog severity in Netsight

Syslog severity in Netsight

New Contributor II
My idea was to create severity alarm based on syslog messages i ECM. But I noticed that all syslog messages are logged and displayed with one severity INFO. Severity is coded in first 3 bits of every syslog message. But ECM is ignoring original severity.
Is there any explanation for such behavior?
Can ECM log syslog messages with original severity?

Thanks for your advices.

Honored Contributor
Hey Marius,

I've tried it and now I'd see the severity# in front of the message....


Could you also fix it that the facility information is used.

My WLAN controller has the following syslog settings.
i.e. Station Events should use facility local.1


Trace from a packet that is tx by the controller = local.1 for a station events


This is what I get in the EMC syslog...
<6>Nov 23 21:15:58 events: EventType[Registration] MAC[84:18:26:7C:1C:2B] AP[AP3825i] SSID[Home] BSSID[D8:84:66:02:DF:E8] Details: Radio[2]

It would be great to also have that information in EMC and be able to filter on it so i.e. I'd only see my station events = local.1


Extreme Employee
Hi Marius,

This is a bug in the /etc/rsyslog.conf file which will be fixed in an upcoming release.

If you edit the /etc/rsyslog.conf file and find the line:

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

and replace it with:

# Use precise instead
$template precise,"<%syslogpriority%>%timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate precise

and then run:

service rsyslog restart

your /var/log/syslog files should have the following format with the severity in the first 3 characters:

<6>Nov 23 14:17:01 netsight147-11 CRON[182011]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
<6>Nov 23 14:17:02 netsight147-11 CRON[182007]: (CRON) info (No MTA installed, discarding output)

Please let us know how it goes.


Mike Butterfield