EXOS Syslog Severity Overview?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-07-2015 09:38 AM
Hello Community,
just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?
configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
<severity> Severity value to use
"critical" "debug-data" "debug-summary" "debug-verbose" "error" "info" "notice" "warning"
I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:
Durign my tests I found out:
Cisco f.e. is using the following mapping:
[1] https://prtg.paessler.com/help/syslog_receiver_sensor.htm
Cheers,
Jan
just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?
configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
<severity> Severity value to use
"critical" "debug-data" "debug-summary" "debug-verbose" "error" "info" "notice" "warning"
I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:
severity[number]
any number (or range) from 0 (emergency) to 7 (debug) specifying the type of message
- severity[4]
- severity[1-3]
- severity[1] AND severity[2]
Durign my tests I found out:
- Failed logins are listed in PRTG as "Severity 4" events and on the EXOS side, the failed login entry is listed as an "warning" event.
- Successfull logins are listed in PRTG as "Severity 6" and on the EXOS side as "info".
Cisco f.e. is using the following mapping:
http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html
[1] https://prtg.paessler.com/help/syslog_receiver_sensor.htm
Cheers,
Jan
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-07-2015 02:21 PM
Hi Jan,
The severity should line up with the severity in RFC 3164 .
Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages EXOS does not use Emergency or Alert, so the highest severity that will be seen is 2 (Critical). Debug-data, debug-summary, and debug-verbose will all be sent with severity 7.
-Brandon
The severity should line up with the severity in RFC 3164 .
Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages EXOS does not use Emergency or Alert, so the highest severity that will be seen is 2 (Critical). Debug-data, debug-summary, and debug-verbose will all be sent with severity 7.
-Brandon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-07-2015 02:21 PM
Wow...thanks for the great comments Jan.
Also very much appreciate the F5 reference. That's a great company and we're always looking to learn ways to improve. Keep the feedback coming!
Also very much appreciate the F5 reference. That's a great company and we're always looking to learn ways to improve. Keep the feedback coming!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-07-2015 02:21 PM
Thank you all very much, your feedback, motivation AND response time is outstanding and realy realy appreciated!
Before doing business with Extreme Networks, there where only one single vendor which impressed me for many years in a similar manner:
-> F5 Networks which their Knowledge Portal "Ask F5" (https://support.f5.com/kb/en-us.html)
Great to see that you step in their footsteps (From my point of view) 🙂
Cheers from Cologne,
Jan
Before doing business with Extreme Networks, there where only one single vendor which impressed me for many years in a similar manner:
-> F5 Networks which their Knowledge Portal "Ask F5" (https://support.f5.com/kb/en-us.html)
Great to see that you step in their footsteps (From my point of view) 🙂
Cheers from Cologne,
Jan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-07-2015 02:21 PM
Brandon and Andrew...really nice job bridging the gap between our formal technical publications and EXOS. Your GTAC Knowledge article and reference to the RFC are spot on.
Jan,
Thank you for providing the Cisco example on what you'd like to see from Extreme. Not only did that help Brandon and Andrew address your inquiry quickly with the KB, it also gave us some good feedback to provide our Information Dev team to improve our technical publications.
Along those lines, I created a GTAC Knowledge article to capture how you give feedback on our formal technical publications in the future.
https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-do-I-provide-feedback-on-Extreme-s-Tech...
Lots of quality collaboration here. Good stuff!
Jan,
Thank you for providing the Cisco example on what you'd like to see from Extreme. Not only did that help Brandon and Andrew address your inquiry quickly with the KB, it also gave us some good feedback to provide our Information Dev team to improve our technical publications.
Along those lines, I created a GTAC Knowledge article to capture how you give feedback on our formal technical publications in the future.
https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-do-I-provide-feedback-on-Extreme-s-Tech...
Lots of quality collaboration here. Good stuff!
