Rack Monitor Netbotz 250 : Syslog Severity Configuration

rf2019 · ‎2020-11-16

Hello,

I am currently working on the Syslog severity of the Rack Monitor NetBotz 250 and after reading the User Manual and the Configuraiton file (.ini), I have questions regarding the Severity level of my syslog.

[NetworkSYSLOG]
Syslog=enabled
Facility=User
Server1=0.0.0.0
Server2=0.0.0.0
Server3=0.0.0.0
Server4=0.0.0.0
Port1=514
Port2=514
Port3=514
Port4=514
Protocol1=1
Protocol2=0
Protocol3=0
Protocol4=0
Language1=enUs
Language2=enUs
Language3=enUs
Language4=enUs
SyslogMapCritical=Info
SyslogMapWarning=Warning
SyslogMapInformational=Info

What are the differences between SyslogMapCritical, SyslogMapWarning and SyslogMapInformational.

If I want to have a Debugging severity level, where should I input the value ?

Thank you in advance.

Best Regards,

Raphaël

Valentin_Kozlov · ‎2020-11-17

Raphael you may refer to RFC to get more deep Syslog description.

Each Syslog message have PRI field which comes after header and means emergency level of the message.

The Priority value is calculated by first multiplying the Facility
   number by 8 and then adding the numerical value of the Severity.  For
   example, a kernel message (Facility=0) with a Severity of Emergency
   (Severity=0) would have a Priority value of 0.  Also, a "local use 4"
   message (Facility=20) with a Severity of Notice (Severity=5) would
   have a Priority value of 165.  In the PRI of a syslog message, these
   values would be placed between the angle brackets as <0> and <165>
   respectively.

I'm not sure what exact Facility code Netbotz use for Syslog messages.

Let's imagine that it will "local use 4" as in example above with Facility=20.

Then we map our Netbotz messages to Syslog Severity:

SyslogMapCritical=Critical

SyslogMapWarning=Warning

SyslogMapInformational=Info

As per FRC table

       Numerical         Severity
             Code

              0       Emergency: system is unusable
              1       Alert: action must be taken immediately
              2       Critical: critical conditions
              3       Error: error conditions
              4       Warning: warning conditions
              5       Notice: normal but significant condition
              6       Informational: informational messages
              7       Debug: debug-level messages

SyslogMapCritical=Critical => 2

SyslogMapWarning=Warning => 4

SyslogMapInformational=Info => 6

So you will receive PRIVAL=162 (Facility*8+Severity = 20*8+2) in case of Critical Netbotz alert, PRIVAL=164 (Facility*8+Severity = 20*8+4) in case of Warning alert and PRIVAL=166 (Facility*8+Severity = 20*8+6) for Informational events.

Considering this numbers you can work with messages on your Syslog server.

If you set

SyslogMapCritical=Info => 6

SyslogMapWarning=Info => 6

SyslogMapInformational=Info => 6

All messages from Netbotz will have equal priority level PRIVAL=166 (Facility*8+Severity = 20*8+6) for syslog server.

If you would like to receive Debugging severity level for all events from Netbotz, you should set this level for all alert types^

SyslogMapCritical=Debug

SyslogMapWarning=Debug

SyslogMapInformational=Debug

See Answer In Context

Valentin_Kozlov · ‎2020-11-17

Hi Raphael!

Netbotz have three levels of severity - Informational, Warning and Critical.

In described section you can map Netboz levels to desired Syslog levels.

As per RFC3164 there are eight levels:

        Numerical         Severity
          Code

           0       Emergency: system is unusable
           1       Alert: action must be taken immediately
           2       Critical: critical conditions
           3       Error: error conditions
           4       Warning: warning conditions
           5       Notice: normal but significant condition
           6       Informational: informational messages
           7       Debug: debug-level messages

In your example when Netbotz register Warning alarm, you will receive syslog message with "warning" severity level, in other two cases you will receive messages with "informational" severity level.

It is just a way to prioritize messages from Netboz on your Syslog server.

You will not receive more detailed message if you set "debug" level there.

rf2019 · ‎2020-11-17

Hi Valentin,

Thank you for your reply.

I understand that there are only three severity level for the NetBotz.

However, I still have difficulties to understand what the three parameters are about:

SyslogMapCritical
SyslogMapWarning
SyslogMapInformational

Thank you in advance.

Best Regards,

Raphaël

Valentin_Kozlov · ‎2020-11-17

Raphael you may refer to RFC to get more deep Syslog description.

Each Syslog message have PRI field which comes after header and means emergency level of the message.

The Priority value is calculated by first multiplying the Facility
   number by 8 and then adding the numerical value of the Severity.  For
   example, a kernel message (Facility=0) with a Severity of Emergency
   (Severity=0) would have a Priority value of 0.  Also, a "local use 4"
   message (Facility=20) with a Severity of Notice (Severity=5) would
   have a Priority value of 165.  In the PRI of a syslog message, these
   values would be placed between the angle brackets as <0> and <165>
   respectively.

I'm not sure what exact Facility code Netbotz use for Syslog messages.

Let's imagine that it will "local use 4" as in example above with Facility=20.

Then we map our Netbotz messages to Syslog Severity:

SyslogMapCritical=Critical

SyslogMapWarning=Warning

SyslogMapInformational=Info

As per FRC table

       Numerical         Severity
             Code

              0       Emergency: system is unusable
              1       Alert: action must be taken immediately
              2       Critical: critical conditions
              3       Error: error conditions
              4       Warning: warning conditions
              5       Notice: normal but significant condition
              6       Informational: informational messages
              7       Debug: debug-level messages

SyslogMapCritical=Critical => 2

SyslogMapWarning=Warning => 4

SyslogMapInformational=Info => 6

So you will receive PRIVAL=162 (Facility*8+Severity = 20*8+2) in case of Critical Netbotz alert, PRIVAL=164 (Facility*8+Severity = 20*8+4) in case of Warning alert and PRIVAL=166 (Facility*8+Severity = 20*8+6) for Informational events.

Considering this numbers you can work with messages on your Syslog server.

If you set

SyslogMapCritical=Info => 6

SyslogMapWarning=Info => 6

SyslogMapInformational=Info => 6

All messages from Netbotz will have equal priority level PRIVAL=166 (Facility*8+Severity = 20*8+6) for syslog server.

If you would like to receive Debugging severity level for all events from Netbotz, you should set this level for all alert types^

SyslogMapCritical=Debug

SyslogMapWarning=Debug

SyslogMapInformational=Debug

rf2019 · ‎2020-11-17

Thank you for your explanations 🙂

Best Regards,

Raphaël