This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EXOS Syslog Severity Overview?

EXOS Syslog Severity Overview?

SchmuFoo
Contributor

‎07-07-2015 09:38 AM

Hello Community,

just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?

configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
<severity> Severity value to use
"critical" "debug-data" "debug-summary" "debug-verbose" "error" "info" "notice" "warning"


I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:

severity[number]

any number (or range) from 0 (emergency) to 7 (debug) specifying the type of message

  • severity[4]
  • severity[1-3]
  • severity[1] AND severity[2]

Durign my tests I found out:

  • Failed logins are listed in PRTG as "Severity 4" events and on the EXOS side, the failed login entry is listed as an "warning" event.
  • Successfull logins are listed in PRTG as "Severity 6" and on the EXOS side as "info".
But what about all other possible syslog messages and severitys, to which "number level" do they belong to?

Cisco f.e. is using the following mapping:

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html

[1] https://prtg.paessler.com/help/syslog_receiver_sensor.htm

Cheers,
Jan

0 Kudos
8 REPLIES 8

BrandonC
Extreme Employee

‎07-07-2015 02:21 PM

Hi Jan,

The severity should line up with the severity in RFC 3164 .
Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages EXOS does not use Emergency or Alert, so the highest severity that will be seen is 2 (Critical). Debug-data, debug-summary, and debug-verbose will all be sent with severity 7.

-Brandon
0 Kudos

Ryan_Mathews
Extreme Employee
In response to BrandonC

‎07-07-2015 02:21 PM

Wow...thanks for the great comments Jan.

Also very much appreciate the F5 reference. That's a great company and we're always looking to learn ways to improve. Keep the feedback coming!
0 Kudos

SchmuFoo
Contributor
In response to BrandonC

‎07-07-2015 02:21 PM

Thank you all very much, your feedback, motivation AND response time is outstanding and realy realy appreciated!

Before doing business with Extreme Networks, there where only one single vendor which impressed me for many years in a similar manner:

-> F5 Networks which their Knowledge Portal "Ask F5" (https://support.f5.com/kb/en-us.html)

Great to see that you step in their footsteps (From my point of view) 🙂

Cheers from Cologne,
Jan

0 Kudos

Ryan_Mathews
Extreme Employee
In response to BrandonC

‎07-07-2015 02:21 PM

Brandon and Andrew...really nice job bridging the gap between our formal technical publications and EXOS. Your GTAC Knowledge article and reference to the RFC are spot on.

Jan,
Thank you for providing the Cisco example on what you'd like to see from Extreme. Not only did that help Brandon and Andrew address your inquiry quickly with the KB, it also gave us some good feedback to provide our Information Dev team to improve our technical publications.

Along those lines, I created a GTAC Knowledge article to capture how you give feedback on our formal technical publications in the future.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-do-I-provide-feedback-on-Extreme-s-Tech...

Lots of quality collaboration here. Good stuff!
0 Kudos
GTM-P2G8KFN