Cisco Cisco Firepower Management Center 4000

Page of 1844
 
31-5
FireSIGHT System User Guide
 
Chapter 31      Configuring External Alerting for Intrusion Rules
  Using Syslog Responses
The following table lists the facilities you can select when configuring syslog alerting. Be sure to 
configure a facility that makes sense based on the configuration of the remote syslog server you use. The 
syslog.conf
 file located on the remote system (if you are logging syslog messages to a UNIX- or 
Linux-based system) indicates which facilities are saved to which log files on the server.
Select one of the following standard syslog priority levels to display on all notifications generated by 
this alert:
For more detailed information about how syslog works and how to configure it, refer to the 
documentation that accompanies your system. If you are logging to a UNIX- or Linux-based system’s 
syslog, the 
syslog.conf
 man file (type 
man syslog.conf
 at the command line) and syslog man file (type 
man syslog
 at the command line) provide information about how syslog works and how to configure it.
Table 31-3
Available Syslog Facilities 
Facility
Description
AUTH
A message associated with security and authorization.
AUTHPRIV
A restricted access message associated with security and authorization. On many 
systems, these messages are forwarded to a secure file.
CRON
A message generated by the clock daemon.
DAEMON
A message generated by a system daemon.
FTP
A message generated by the FTP daemon.
KERN
A message generated by the kernel. On many systems, these messages are printed 
to the console when they appear.
LOCAL0-LOCA
L7
A message generated by an internal process.
LPR
A message generated by the printing subsystem.
MAIL
A message generated by a mail system.
NEWS
A message generated by the network news subsystem.
SYSLOG
A message generated by the syslog daemon.
USER
A message generated by a user-level process.
UUCP
A message generated by the UUCP subsystem.
Table 31-4
Syslog Priority Levels 
Level
Description
EMERG 
A panic condition broadcast to all users
ALERT
A condition that should be corrected immediately
CRIT
A critical condition
ERR
An error condition
WARNING
Warning messages
NOTICE
Conditions that are not error conditions, but require attention
INFO
Informational messages
DEBUG
Messages that contain debug information