Brian Vagnoni on 8 Mar 2008 14:19:22 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Syslog Question


Thanks Steven;

I'm testing out Manage Engines Firewall Analyzer. It takes syslog input from my Sonicwall firewall. I just want to make sure that it is getting the all of the correct information.

Brian Vagnoni



PGP Digital Fingerprint

F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955


From: Stephen Gran [mailto:steve@lobefin.net]
To: Philadelphia Linux User's Group Discussion List [mailto:plug@lists.phillylinux.org]
Sent: Sat, 08 Mar 2008 15:23:05 -0500
Subject: Re: [PLUG] Syslog Question

On Sat, Mar 08, 2008 at 02:46:29PM -0500, Brian Vagnoni said:
> I was reading some of the RFC's, but they weren't totally clear.
>
> Which had higher precedence. In other words what will supply the most
> verbose information:
>
> 0 kernel messages
> 1 user-level messages
> 2 mail system
> 3 system daemons
> 4 security/authorization messages (note 1)
> 5 messages generated internally by syslogd
> 6 line printer subsystem
> 7 network news subsystem
> 8 UUCP subsystem
> 9 clock daemon (note 2)
> 10 security/authorization messages (note 1)
> 11 FTP daemon
> 12 NTP subsystem
> 13 log audit (note 1)
> 14 log alert (note 1)
> 15 clock daemon (note 2)
> 16 local use 0 (local0)
> 17 local use 1 (local1)
> 18 local use 2 (local2)
> 19 local use 3 (local3)
> 20 local use 4 (local4)
> 21 local use 5 (local5)
> 22 local use 6 (local6)
> 23 local use 7 (local7)
>
> Now I understand that debug have the most information but how does it
> apply to the facilities.
>
> Numerical Severity
> Code
>
> 0 Emergency: system is unusable
> 1 Alert: action must be taken immediately
> 2 Critical: critical conditions
> 3 Error: error conditions
> 4 Warning: warning conditions
> 5 Notice: normal but significant condition
> 6 Informational: informational messages
> 7 Debug: debug-level messages
>
> Sorry for the weird formatting cut and paste isn't always perfect,

Facilities and Priorities are seperate things. The same message can be
mail and Alert or UUCP and Error. Added to that, syslogd has rules
about what facilities and what priority gets logged where.

Given that, I'm not sure how to answer your question. It might be
better to back up a step and explain what you are actually trying to do.
--
--------------------------------------------------------------------------
| Stephen Gran | "The geeks shall inherit the earth." |
| steve@lobefin.net | -- Karl Lehenbauer |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug