This topic describes how an ECS Syslog message can be further filtered with server-side configuration.
You can configure Syslog servers in the ECS Portal (or by using the ECS Management REST API) to specify the messages that are delivered to the servers. You can then use server-side filtering techniques to reduce the number of messages that are saved to the logs. Filtering is done at the facility level. A facility segments messages by type. ECS directs messages to facilities as described in the following table.
Table 1. Syslog facilities used by ECS
Facility
Keyword
Defined use
ECS use
1
user
User-level messages
Fabric alerts
3
daemon
System daemons
OS messages
4
auth
Security and authorization messages
ssh and
sudo success and failure messages
16
local0
Local use 0
Object alerts, object audits
All facilities
*
For each facility, you can filter by severity level by using the following format:
facility-keyword.severity-keyword
Severity keywords are described in the following table.
Table 2. Syslog severity keywords
Severity level number
Severity level
Keyword
0
Emergency
emerg
1
Alert
alert
2
Critical
crit
3
Error
err
4
Warning
warn
5
Notice
notice
6
Informational
info
7
Debug
debug
All severities
All severities
*
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\