Syslog Events Monitoring and Consolidation

 Top  Previous  Next

Providing Syslog events monitoring, Syslog plugin implements a Syslog receiver that listens to Syslog messages, collects them and converts into AggreGate events. The Syslog events can be processed, stored, traced, displayed and filtered like any other conventional AggreGate events. For detailed Syslog protocol definition refer to RFC 5424.

Syslog monitoring is set up by Syslog plugin configuration parameters. When a Syslog message is received it is parsed and a corresponding AggreGate event is generated. The structure and data conversion rules are presented in the following table:

Event Field

Event Field Name

Type

Description

Source Host

source

String

Message source address, i.e. address the Syslog message was received from.

Severity

level

Integer

Original severity level specified in the Syslog message. Refer to RFC 5424 for a list of severity values.

Facility

facility

Integer

Original facility specified in the Syslog message.

IP Address or Host Name

host

String

Host specified in the Syslog message (usually the originator of the message).

Message

message

String

Syslog message text providing information about the event.

Timestamp

timestamp

Date

Timestamp specified in the Syslog message.

The AggreGate event is generated with severity level that is converted from original Syslog severity using conversion table specified in the Syslog plugin configuration parameters.