Configuring syslog facility and priority This article provides information about Linux syslog-related information for configuring the F-Secure Management Agent Alert forwarding.
What is the default syslog facility used by F-Secure Client/Server Security and how does the syslog priority map to the F-Secure Alert severity?
The default syslog facility is "daemon", and the syslog facility can be configured and changed by using F-Secure Policy Manager Console (PMC):
F-Secure Management Agent Settings Alerting Alert Agents System logger, syslog
Review also the Alert Forwarding settings in PMC at F-Secure Management Agent // Settings // Alerting // Alert Fordwarding // System Logger, Syslog.
The available options for the facility are as follows:
- LOG_AUTH
- LOG_AUTHPRIV
- LOG_CRON
- LOG_DAEMON
- LOG_FTP
- LOG_KERN
- LOG_LOCAL0
- LOG_LOCAL1
- LOG_LOCAL2
- LOG_LOCAL3
- LOG_LOCAL4
- LOG_LOCAL5
- LOG_LOCAL6
- LOG_LOCAL7
- LOG_LPR
- LOG_MAIL
- LOG_NEWS
- LOG_SYSLOG
- LOG_USER
- LOG_UUCP
The syslog priority is mapped from F-Secure Alert Severity as follows:
Table 1. F-Secure Alert Severity Level Syslog Priority| INFORMATIONAL (1) | LOG_INFO |
|---|
| WARNING (2) | LOG_WARNING |
| ERROR (3) | LOG_ERR |
| FATAL ERROR (4) | LOG_EMERG |
| SECURITY ALERT (5) | LOG_ALERT |
Reading/changing the setting using chtest (standalone installation)
Reading:
/opt/f-secure/fsma/bin/chtest g 11.1.18.2.11.20
Changing:
/opt/f-secure/fsma/bin/chtest ss 11.1.18.2.11.20 LOG_LOCAL0
Restart fsma after the change.