Configuring syslog facility and priority - F-Secure Community
<main> <article class="userContent"> <p> </p> Configuring syslog facility and priority <p>This article provides information about Linux syslog-related information for configuring the F-Secure Management Agent Alert forwarding. </p> <p>What is the default syslog facility used by F-Secure Client/Server Security and how does the syslog priority map to the F-Secure Alert severity? </p> <p>The default syslog facility is "daemon", and the syslog facility can be configured and changed by using F-Secure Policy Manager Console (PMC): </p> <pre class="code codeBlock" spellcheck="false">F-Secure Management Agent Settings Alerting Alert Agents System logger, syslog</pre> <p>Review also the Alert Forwarding settings in PMC at <code class="code codeInline" spellcheck="false">F-Secure Management Agent // Settings // Alerting // Alert Fordwarding // System Logger, Syslog</code>. </p> <p>The available options for the facility are as follows: </p> <div> <ul><li>LOG_AUTH </li> <li>LOG_AUTHPRIV </li> <li>LOG_CRON </li> <li>LOG_DAEMON </li> <li>LOG_FTP </li> <li>LOG_KERN </li> <li>LOG_LOCAL0 </li> <li>LOG_LOCAL1 </li> <li>LOG_LOCAL2 </li> <li>LOG_LOCAL3 </li> <li>LOG_LOCAL4 </li> <li>LOG_LOCAL5 </li> <li>LOG_LOCAL6 </li> <li>LOG_LOCAL7 </li> <li>LOG_LPR </li> <li>LOG_MAIL </li> <li>LOG_NEWS </li> <li>LOG_SYSLOG </li> <li>LOG_USER </li> <li>LOG_UUCP </li> </ul></div> <p>The syslog priority is mapped from F-Secure Alert Severity as follows: </p> <div> <div><table><caption>Table 1. F-Secure Alert Severity Level Syslog Priority</caption><colgroup><col></col><col></col></colgroup><thead><tr><th>INFORMATIONAL (1) </th> <th>LOG_INFO </th> </tr></thead><tbody><tr><td headers="d767e145">WARNING (2) </td> <td headers="d767e148">LOG_WARNING </td> </tr><tr><td headers="d767e145">ERROR (3) </td> <td headers="d767e148">LOG_ERR </td> </tr><tr><td headers="d767e145">FATAL ERROR (4) </td> <td headers="d767e148">LOG_EMERG </td> </tr><tr><td headers="d767e145">SECURITY ALERT (5) </td> <td headers="d767e148">LOG_ALERT </td> </tr></tbody></table></div> </div> <p>Reading/changing the setting using <strong>chtest</strong> (standalone installation) </p> <p>Reading: </p><pre class="code codeBlock" spellcheck="false">/opt/f-secure/fsma/bin/chtest g 11.1.18.2.11.20</pre> <p>Changing: </p><pre class="code codeBlock" spellcheck="false">/opt/f-secure/fsma/bin/chtest ss 11.1.18.2.11.20 LOG_LOCAL0</pre> <p>Restart fsma after the change. </p> </article> </main>