What facility . priority are Guardium syslog messages?

Question & Answer

Question

What is the facility and priority of the messages written to Guardium syslog?

Answer

There are 3 types of messages you can configure Guardium to send to syslog; Policy Alerts, Correlation Alerts, and Audit Process results

Policy and Correlation Alerts

When defining a policy rule to send to syslog there are 5 options for severity (GUI > Protect > Security Policies > Policy Builder for Data > Create/Edit Policy):

And the same for Correlation alerts (GUI > Protect > Database Intrusion Detection > Alert Builder > Create/Edit an alert):

The "Severity" of these alerts matches up to the following syslog Priority used for the remotelog:

Severity of Policy Rule	Facility	Priority
info	daemon	info
low	daemon	warning
none	daemon	warning
medium	daemon	error
high	daemon	alert

Audit Process results

All Audit process results get the following:

Severity of Policy Rule	Facility	Priority
NA	user	info

Related Information

Shipping Guardium Syslog to Remote Server

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Documentation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;10.0.1;10.1;10.1.2;10.1.3","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

What facility . priority are Guardium syslog messages?

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?