Hi, The goal of the normalized Severity is to be able to use it in a uniform manner across all sources including windows eventlog and syslog. Severity: DEBUG 1 INFO 2 WARNING 3 ERROR 4 CRITICAL 5
SyslogSeverity: EMERG 0 ALERT 1 CRIT 2 ERR 3 WARNING 4 NOTICE 5 INFO 6 DEBUG 7 NONE 8 The values are mostly useful if you want to filter above/below a certain level, e.g.: if ($SeverityValue > 3) ... Otherwise using $Severity instead will make it more readable: if ($Severity == 'DEBUG') ... Regards, Botond On Mon, 22 Jul 2013 13:28:07 +0300 cagil ozturk <cagi...@gmail.com> wrote: > Hi All, > > What are the meanings of normalized SeverityValue's of SyslogSeverityValue. > I want to categorize logs with respect to severity values, I use the syslog > severity values however my configuration works in the opposite way. > > When I use SyslogSeverityValue instate of SeverityValue in the > configuration below; it makes nothing, none of the logs are dropped. > > # 0-emergency, 1-Alert, 2-Critical, 3-Error > <Input inLow> > Module im_mseventlog > Exec if ($SeverityValue == 0 or $SeverityValue == 1 or $SeverityValue == 2 > or $SeverityValue == 3) drop(); > </Input> > > # 4-Warn, 5-Notice, 6-Info, 7-Debug > <Input inHigh> > Module im_mseventlog > Exec if ($SeverityValue == 4 or $SeverityValue == 5 or $SeverityValue == 6 > or $SeverityValue == 7) drop(); > </Input> ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
