Cisco Cisco Firepower Management Center 4000
31-5
FireSIGHT System User Guide
Chapter 31 Configuring External Alerting for Intrusion Rules
Using Syslog Responses
The following table lists the facilities you can select when configuring syslog alerting. Be sure to
configure a facility that makes sense based on the configuration of the remote syslog server you use. The
configure a facility that makes sense based on the configuration of the remote syslog server you use. The
syslog.conf
file located on the remote system (if you are logging syslog messages to a UNIX- or
Linux-based system) indicates which facilities are saved to which log files on the server.
Select one of the following standard syslog priority levels to display on all notifications generated by
this alert:
this alert:
For more detailed information about how syslog works and how to configure it, refer to the
documentation that accompanies your system. If you are logging to a UNIX- or Linux-based system’s
syslog, the
documentation that accompanies your system. If you are logging to a UNIX- or Linux-based system’s
syslog, the
syslog.conf
man file (type
man syslog.conf
at the command line) and syslog man file (type
man syslog
at the command line) provide information about how syslog works and how to configure it.
Table 31-3
Available Syslog Facilities
Facility
Description
AUTH
A message associated with security and authorization.
AUTHPRIV
A restricted access message associated with security and authorization. On many
systems, these messages are forwarded to a secure file.
systems, these messages are forwarded to a secure file.
CRON
A message generated by the clock daemon.
DAEMON
A message generated by a system daemon.
FTP
A message generated by the FTP daemon.
KERN
A message generated by the kernel. On many systems, these messages are printed
to the console when they appear.
to the console when they appear.
LOCAL0-LOCA
L7
L7
A message generated by an internal process.
LPR
A message generated by the printing subsystem.
MAIL
A message generated by a mail system.
NEWS
A message generated by the network news subsystem.
SYSLOG
A message generated by the syslog daemon.
USER
A message generated by a user-level process.
UUCP
A message generated by the UUCP subsystem.
Table 31-4
Syslog Priority Levels
Level
Description
EMERG
A panic condition broadcast to all users
ALERT
A condition that should be corrected immediately
CRIT
A critical condition
ERR
An error condition
WARNING
Warning messages
NOTICE
Conditions that are not error conditions, but require attention
INFO
Informational messages
DEBUG
Messages that contain debug information