Facility and priority of syslog messages

The facility and priority of messages configured in the Guardium syslog can impact how they are consumed by the Security Incident Event Manager (SIEM).

You can send a few types of messages to the syslog:

Policy alerts and correlation alerts

When defining a policy or correlation alert, there are five levels of severity that can be picked from the drop down list:

  • info
  • low
  • none
  • med
  • high

The syslog messages are assigned a specific facility and priority for each configuration of severity:

Severity of Policy Rule Facility Priority
info daemon info
low daemon warning
none daemon warning
med daemon error
high daemon alert

Audit Process results

The Audit Process results are assigned the following facility and priority:

Severity of Policy Rule Facility Priority
NA user info