The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
|
Use this option to define user-created QAUDJRN journal entries. When a user application sends an entry to the security journal QAUDJRN a user-defined journal entry type is used. This is a two-character value and is different than the journal entry types that are created by i5/OS. In order to report these events you need to define them with this option and provide text and severity values.
| Attribute | Description |
|---|---|
| Description | Enter a description for this journal entry type |
| Type | The type indicates whether the event is a system provided event or a user defined event. This is an output field only. |
| Security text | Enter the text to be used with the log message. This text should be a brief description of the event type. |
| Syslog severity | Enter a value for the severity of this event type. The lower the value higher the severity level of the message. |
| Syslog facility | Enter a facility ID for this event type. See the documentation in RFC 3164 for information on facility Ids. Since the priority of an event is the result of adding the severity by the facility, the lower the facility number the higher the severity of the message. |
| CEF severity | If you are reporting log events in the Common Event Format enter the CEF severity level. The higher the severity number the more severe the event. |
| CEF signature | Enter a signature number for this event type. Alliance uses signature values from 1000 to 1999 so you should avoid signature values in this range. |
| Send to log server | Enter 1 for Yes to send this type of event to a log server. Enter 2 for No to suppress sending this event type to the log server. The default is Yes. |
Table 6.2. Parameters of user-created journal entries
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com
