Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Syslog message header facilities and priorities

RFC 3164 defines the facility and severity codes as described in this topic.

  • Message facilities and severities are numerically coded with integer decimal values. 
  • Each facility and severity, in addition to being given a fixed number, is also associated with a formal name.
  • The facility names originate from system level Unix processes, and are intended to identify the actual name of the process generating the syslog event. Later, this evolved to include identification of related functionality (such as mail, or kernel). 
  • Many of the facility codes are deprecated, and good candidates for being overridden as discussed in the previous section. In particular the uucp facility has been almost entirely deprecated. (Herein it is replaced with the name network). The ftp and ntp facilities are well on their way to being deprecated, although are still in some use within organizations, especially those with Unix based operations.
  • In a similar fashion, severity values are selected to indicate how messages are to be prioritized on the system. 
  • These severity values are sometimes referred to as priorities (although the use of this term might be confusing, since the priority is also sometimes referring to the facility or severity combination). 
  • Unlike facility numbers that have no ordinal value, severities have a definite rank, ranging from 0, the most important and pertinent severity to 7, that is the lowest and most easily discarded message.

Confusion regarding Severities and Priority names abound. This section summarizes the actual severity and priority values used by the BMC Defender Server, along with a detailed explanation. 

Refer to the tables in the following topics:


Related topic

Syslog-protocol



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*