Looking at the CEE field names, the descriptions are very brief
For example, what the permitted values for "sev", are they the same as
the levels in Syslog level?
More confusing are the syslog!pri and syslog!fac fields.
From the Syslog API[1]:
priority = facility | level
example:
pri = LOG_DAEMON | LOG_INFO
= 0x18 | 6
= 0x1e
but I see that some people are simply putting the level value (e.g. 6)
into the syslog!pri field.
It would appear more useful to have a syslog!level field for cases where
we know the level (LOG_INFO) but we might not know the facility value.
1. https://www.man7.org/linux/man-pages/man3/syslog.3.html
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
For example, what the permitted values for "sev", are they the same as
the levels in Syslog level?
More confusing are the syslog!pri and syslog!fac fields.
From the Syslog API[1]:
priority = facility | level
example:
pri = LOG_DAEMON | LOG_INFO
= 0x18 | 6
= 0x1e
but I see that some people are simply putting the level value (e.g. 6)
into the syslog!pri field.
It would appear more useful to have a syslog!level field for cases where
we know the level (LOG_INFO) but we might not know the facility value.
1. https://www.man7.org/linux/man-pages/man3/syslog.3.html
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.