Hello Community,
just stumpled over the avaible/following syslog severity list and wondering, if there is also an severityname <-> fix number mapping existing?
configure log target syslog 1.2.3.4:514 vr VR-Mgmt local0 filter "DefaultFilter" severity ?
<severity> Severity value to use
"critical" "debug-data" "debug-summary" "debug-verbose" "error" "info" "notice" "warning"
I'm testing the syslog sensor feature from PRTG [1] and the per device configuration sensor is working with the following filter option:
severity[number]
any number (or range) from 0 (emergency) to 7 (debug) specifying the type of message
- severity[4]
- severity[1-3]
- severity[1] AND severity[2]
Durign my tests I found out:
- Failed logins are listed in PRTG as "Severity 4" events and on the EXOS side, the failed login entry is listed as an "warning" event.
- Successfull logins are listed in PRTG as "Severity 6" and on the EXOS side as "info".
But what about all other possible syslog messages and severitys, to which "number level" do they belong to?
Cisco f.e. is using the following mapping:
http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html
[1]
https://prtg.paessler.com/help/syslog_receiver_sensor.htm
Cheers,
Jan
