×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
billshinn
New Member
Member since: ‎10-24-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-24-2011
Activity Feed
Topics I've Started
No posts to display.
View All

Re: syslog facility and severity (loglevel)

by in Getting Data In
‎05-11-2012 10:22 PM
‎05-11-2012 10:22 PM
In RFC3164 priority (i.e. the required PRI part of the syslog packet (before the HEADER and MSG) is calculated by multiplying the facility by 8, then adding the severity. So per the RFC, where local1 = 17, therefore 17*8 = 136. Adding to that a 1 for the severity = alert, you get the 137 mentioned in the original post. The <137> is just on spec for a proper syslog message. As for extraction, you need to reverse the math. This explains it really, really well: https://gist.github.com/1017480 As for field extraction, I think there must be a quick piece of code that can do that vs a table/matrix search. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM