Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Severity codes and their meaning

The basic severities, defined by RFC 3164, are as follows:

Severity

Code

Description

Debug

7

This represents the lowest severity, and is reserved strictly for debugging the system. In practice, debug messages can be totally ignored by everyone. It is common to over-use this severity, and users should always consider promoting this severity to Info in a production environment.

Info

6

These are informational messages that can be reviewed later (having some relevance) but can be operationally ignored because they have no effect on management activities.

Notice

5

These are messages that are sent with the intention of being noticed. They have a fairly significant level of importance. It is common to filter these messages (wrongly) since they are meant to be noticed and not discarded. Hence, a filter should generally not remove any messages with this severity.

Warning

4

This is a significant message. It should be taken seriously and reacted to, because it signifies a non-trivial degree of risk. There might not be any corrective action needed with this type of message.

Error

3

This is a highly significant message. The message indicates that corrective action, manual intervention, or operational change is necessary. All error severities require acknowledgement and a fix or system configuration change. No error message should ever be ignored.

Critical

2

A critical situation exists that requires immediate attention. All other activities should be set aside and the problem be addressed as soon as possible. Possible risk to security or data or infrastructure is eminent.

Alert

1

An extremely critical condition exists that requires immediate intervention by the highest levels of management, requiring whatever resources necessary to immediately fix. Data has been lost, security has been breached, or infrastructure has been damaged.

Emergency

0

This severity should never be used. Human safety is in jeopardy, immediate evacuation is needed, police or firefighters or both are need to be called.

Given the obvious nature of the common meaning for these severities, it is startling to see how many times the severities are actually misinterpreted or ignored, both by operations management and the designers of syslog messages.

Example

Because Emergency is the highest severity, many naïve designers might decide to arbitrarily use this severity for messages that are rightly Info type messages, knowing that an Emergency message probably not ever be filtered. This can be extremely annoying. If this situation occurs, it is easily corrected in the BMC Defender Server, by using the Severity Override feature of the system to adjust the severity to its proper place.

Related topic

Syslog-protocol


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*