Configuring syslog facility and priority

This article provides information about Linux syslog-related information for configuring the F-Secure Management Agent Alert forwarding.

What is the default syslog facility used by F-Secure Client/Server Security and how does the syslog priority map to the F-Secure Alert severity?

The default syslog facility is "daemon", and the syslog facility can be configured and changed by using F-Secure Policy Manager Console (PMC):

F-Secure Management Agent
    Settings
        Alerting
            Alert Agents
                System logger, syslog

Review also the Alert Forwarding settings in PMC at F-Secure Management Agent // Settings // Alerting // Alert Fordwarding // System Logger, Syslog.

The available options for the facility are as follows:

  • LOG_AUTH
  • LOG_AUTHPRIV
  • LOG_CRON
  • LOG_DAEMON
  • LOG_FTP
  • LOG_KERN
  • LOG_LOCAL0
  • LOG_LOCAL1
  • LOG_LOCAL2
  • LOG_LOCAL3
  • LOG_LOCAL4
  • LOG_LOCAL5
  • LOG_LOCAL6
  • LOG_LOCAL7
  • LOG_LPR
  • LOG_MAIL
  • LOG_NEWS
  • LOG_SYSLOG
  • LOG_USER
  • LOG_UUCP

The syslog priority is mapped from F-Secure Alert Severity as follows:

Table 1. F-Secure Alert Severity Level Syslog Priority
INFORMATIONAL (1) LOG_INFO
WARNING (2) LOG_WARNING
ERROR (3) LOG_ERR
FATAL ERROR (4) LOG_EMERG
SECURITY ALERT (5) LOG_ALERT

Reading/changing the setting using chtest (standalone installation)

Reading:

/opt/f-secure/fsma/bin/chtest g 11.1.18.2.11.20

Changing:

/opt/f-secure/fsma/bin/chtest ss 11.1.18.2.11.20 LOG_LOCAL0

Restart fsma after the change.

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
8 of 8
Last update:
Tuesday
Updated by: