MonitorWare Knowledge Base

Hello all,

is it true that we have a fix mapping of event types to syslog priorities ?

AUDIT_SUCCESS = NOTICE Priority
AUDIT_FAILURE = WARNING Priority
INFORMATION = NOTICE Priority
WARNING = WARNING Priority
ERROR = ERR Priority

Or is there any possibility to change this like in the NTsyslog tool ?

Thanks in advance


Rgds

Uli

Hello Uli,

this mapping is fixed:

EVENTLOG_AUDIT_SUCCESS: NOTICE;
EVENTLOG_INFORMATION_TYPE: LOG_NOTICE;
EVENTLOG_AUDIT_FAILURE: LOG_WARNING;
EVENTLOG_WARNING_TYPE: LOG_WARNING;
EVENTLOG_ERROR_TYPE: LOG_ERR;

Do you have a need to configure it differently? If so, we could probably add some option to do this.

Rainer

Hello Rainer,


this would be a great feature. Because without this adjustment and a centralized logging on a UNIX syslog Server you have the problem that windows events can't reach the highest priorities in syslog (emerg, alert, crit).


Thanks in advance

Uli

Hello Uli,

I see - let me talk to our folks, I guess this is a quick change. I'll keep you posted.

Rainer

Oh, by the way. The current EventReporter can actually do this, but only via the rule engine and with a lot of configuration. Its far from being straightforward. But if you need somethin immediately, I can probably provide it to you. If you can wait a little bit, the enhanced version is a much better way to go...

Rainer

Hello Rainer,


thanks for your fast support. I will wait for the adjusted release.

Thanks


Uli

For the records: this feature is now implemented in the most recent build.

Rainer