This topic discusses the syslog reporting feature of the Delphix Engine, along with severity levels.
Syslog is a widely used standard for message logging. It permits the separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Delphix makes use of syslog as one of the standard mechanisms, along with SNMP and email, to distribute important user and system events, such as alerts, faults, and audits. In the case of Delphix, each Delphix Engine acts as a syslog client which propagates the events to a centralized syslog server.
Every syslog message is attached to a severity level. As the name suggests, the severity level describes the severity of the event in question.
Audit records are Informational syslog messages. If you would like to forward Audit records, choose Severity Level Informational.
Every syslog message is attached to a severity level number. Delphix defines the severity of syslog messages in accordance with RFC 3164. There are eight severity levels available, as follows:
Numerical Severity Code 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages
When setting up the syslog settings for your Delphix Engine, you have the ability to choose what alerts to report. The severity levels above are available for users to select. Once you select a severity level, the Delphix Engine will send messages of the same or higher severity (i.e., the same or lower number) to your syslog server. Therefore, there is no reason to select more than one severity. For example, if the "Notice" severity level is selected, all events less severe than Notice (Informational and Debug) will not be reported. If you want all events to be reported via syslog, the Debug severity level should be chosen.