EcoStruxure IT forum
Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz
Posted: 2020-11-16 03:23 AM
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-11-16 03:23 AM
Hello,
I am currently working on the Syslog severity of the Rack Monitor NetBotz 250 and after reading the User Manual and the Configuraiton file (.ini), I have questions regarding the Severity level of my syslog.
[NetworkSYSLOG]
Syslog=enabled
Facility=User
Server1=0.0.0.0
Server2=0.0.0.0
Server3=0.0.0.0
Server4=0.0.0.0
Port1=514
Port2=514
Port3=514
Port4=514
Protocol1=1
Protocol2=0
Protocol3=0
Protocol4=0
Language1=enUs
Language2=enUs
Language3=enUs
Language4=enUs
SyslogMapCritical=Info
SyslogMapWarning=Warning
SyslogMapInformational=Info
What are the differences between SyslogMapCritical, SyslogMapWarning and SyslogMapInformational.
If I want to have a Debugging severity level, where should I input the value ?
Thank you in advance.
Best Regards,
Raphaël
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-11-17 04:08 AM . Last Modified: 2020-11-17 04:12 AM
Raphael you may refer to RFC to get more deep Syslog description.
Each Syslog message have PRI field which comes after header and means emergency level of the message.
The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. For example, a kernel message (Facility=0) with a Severity of Emergency (Severity=0) would have a Priority value of 0. Also, a "local use 4" message (Facility=20) with a Severity of Notice (Severity=5) would have a Priority value of 165. In the PRI of a syslog message, these values would be placed between the angle brackets as <0> and <165> respectively.
I'm not sure what exact Facility code Netbotz use for Syslog messages.
Let's imagine that it will "local use 4" as in example above with Facility=20.
Then we map our Netbotz messages to Syslog Severity:
SyslogMapCritical=Critical
SyslogMapWarning=Warning
SyslogMapInformational=Info
As per FRC table
Numerical Severity Code 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages
SyslogMapCritical=Critical => 2
SyslogMapWarning=Warning => 4
SyslogMapInformational=Info => 6
So you will receive PRIVAL=162 (Facility*8+Severity = 20*8+2) in case of Critical Netbotz alert, PRIVAL=164 (Facility*8+Severity = 20*8+4) in case of Warning alert and PRIVAL=166 (Facility*8+Severity = 20*8+6) for Informational events.
Considering this numbers you can work with messages on your Syslog server.
If you set
SyslogMapCritical=Info => 6
SyslogMapWarning=Info => 6
SyslogMapInformational=Info => 6
All messages from Netbotz will have equal priority level PRIVAL=166 (Facility*8+Severity = 20*8+6) for syslog server.
If you would like to receive Debugging severity level for all events from Netbotz, you should set this level for all alert types^
SyslogMapCritical=Debug
SyslogMapWarning=Debug
SyslogMapInformational=Debug
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-11-17 12:11 AM
Hi Raphael!
Netbotz have three levels of severity - Informational, Warning and Critical.
In described section you can map Netboz levels to desired Syslog levels.
As per RFC3164 there are eight levels:
Numerical Severity Code 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages
In your example when Netbotz register Warning alarm, you will receive syslog message with "warning" severity level, in other two cases you will receive messages with "informational" severity level.
It is just a way to prioritize messages from Netboz on your Syslog server.
You will not receive more detailed message if you set "debug" level there.
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-11-17 01:54 AM
Hi Valentin,
Thank you for your reply.
I understand that there are only three severity level for the NetBotz.
However, I still have difficulties to understand what the three parameters are about:
Thank you in advance.
Best Regards,
Raphaël
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-11-17 04:08 AM . Last Modified: 2020-11-17 04:12 AM
Raphael you may refer to RFC to get more deep Syslog description.
Each Syslog message have PRI field which comes after header and means emergency level of the message.
The Priority value is calculated by first multiplying the Facility number by 8 and then adding the numerical value of the Severity. For example, a kernel message (Facility=0) with a Severity of Emergency (Severity=0) would have a Priority value of 0. Also, a "local use 4" message (Facility=20) with a Severity of Notice (Severity=5) would have a Priority value of 165. In the PRI of a syslog message, these values would be placed between the angle brackets as <0> and <165> respectively.
I'm not sure what exact Facility code Netbotz use for Syslog messages.
Let's imagine that it will "local use 4" as in example above with Facility=20.
Then we map our Netbotz messages to Syslog Severity:
SyslogMapCritical=Critical
SyslogMapWarning=Warning
SyslogMapInformational=Info
As per FRC table
Numerical Severity Code 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages
SyslogMapCritical=Critical => 2
SyslogMapWarning=Warning => 4
SyslogMapInformational=Info => 6
So you will receive PRIVAL=162 (Facility*8+Severity = 20*8+2) in case of Critical Netbotz alert, PRIVAL=164 (Facility*8+Severity = 20*8+4) in case of Warning alert and PRIVAL=166 (Facility*8+Severity = 20*8+6) for Informational events.
Considering this numbers you can work with messages on your Syslog server.
If you set
SyslogMapCritical=Info => 6
SyslogMapWarning=Info => 6
SyslogMapInformational=Info => 6
All messages from Netbotz will have equal priority level PRIVAL=166 (Facility*8+Severity = 20*8+6) for syslog server.
If you would like to receive Debugging severity level for all events from Netbotz, you should set this level for all alert types^
SyslogMapCritical=Debug
SyslogMapWarning=Debug
SyslogMapInformational=Debug
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.