Question & Answer
Question
What is the facility and priority of the messages written to Guardium syslog?
Answer
There are 3 types of messages you can configure Guardium to send to syslog; Policy Alerts, Correlation Alerts, and Audit Process results
Policy and Correlation Alerts
When defining a policy rule to send to syslog there are 5 options for severity (GUI > Protect > Security Policies > Policy Builder for Data > Create/Edit Policy):
And the same for Correlation alerts (GUI > Protect > Database Intrusion Detection > Alert Builder > Create/Edit an alert):
The "Severity" of these alerts matches up to the following syslog Priority used for the remotelog:
Severity of Policy Rule | Facility | Priority |
info | daemon | info |
low | daemon | warning |
none | daemon | warning |
medium | daemon | error |
high | daemon | alert |
Audit Process results
All Audit process results get the following:
Severity of Policy Rule | Facility | Priority |
NA | user | info |
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22010848