Syslog Events Monitoring and Consolidation
Providing Syslog events monitoring, Syslog plugin implements a Syslog receiver that listens to Syslog messages, collects them and converts into AggreGate events. The Syslog events can be processed, stored, traced, displayed and filtered like any other conventional AggreGate events. For detailed Syslog protocol definition refer to RFC 5424.
Syslog monitoring is set up by Syslog plugin configuration parameters. When a Syslog message is received it is parsed and a corresponding AggreGate event is generated. The structure and data conversion rules are presented in the following table:
Event Field | Event Field Name | Type | Description |
Source Host | source | String | An address the Syslog message was received from in the form
For example: |
Severity | level | Integer | Original severity level specified in the Syslog message. Refer to RFC 5424 for a list of severity values. |
Facility | facility | Integer | Original facility specified in the Syslog message. |
IP Address or Host Name | host | String | Host specified in the Syslog message (usually the originator of the message). |
Message | message | String | Syslog message text providing information about the event. |
Timestamp | timestamp | Date | Timestamp specified in the Syslog message. |
The AggreGate event is generated with severity level that is converted from original Syslog severity using conversion table specified in the Syslog plugin configuration parameters.
Was this page helpful?