Syslog Audit Event Handler Properties

UI Label / Textaudit.json File LabelDescription
protocolprotocolTransport protocol for Syslog messages; may be TCP or UDP
hosthostHost name or IP address of the receiving Syslog server
portportThe TCP/IP port number of the receiving Syslog server
connectTimeoutconnectTimeoutTimeout for connecting to the Syslog server (seconds)
facilityfacilityOptions shown in the Admin UI, KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, CRON, AUTPRIV, FTP, NTP, LOGAUDIT, LOGALERT, CLOCKD, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7 correspond directly to facility values shown in RFC 5424, The Syslog Protocol.
SeverityFieldMappingsseverityFieldMappingsSets the correspondence between audit event fields and Syslog severity values
topictopicSeverity Field Mappings: the audit event topic to which the mapping applies
fieldfieldSeverity Field Mappings: the audit event field to which the mapping applies; taken from the JSON schema for the audit event content
Value MappingsvalueMappingsSeverity Field Mappings: The map of audit event values to Syslog severities. Syslog severities may be: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, or DEBUG, in descending order of importance
BufferingbufferingDisabled by default; all messages written immediately to the log
Read a different version of :