This provides the common fields of the APP_EVENTS object that would be sent over the Syslog channel.
Field | SD-ID (Structured Data ID) | Example | Description |
---|---|---|---|
<###> | N/A |
190 =(23 * 8) + 6
|
Priority Value: (Syslog Classifier * 8) + Syslog Informational message
Syslog Classifier: 23 Local7
Syslog Severity: 6 Informational: informational messages |
Version | N/A | 1 | Version of syslog message |
Timestamp | N/A | 2003-10-11T22:14:15.003Z | Timestamp of syslog message |
Hostname | N/A | efa.machine.com | Hostname of EFA |
App Name | N/A |
EFA-fabric |
Application generating syslog alerts. Possible values
|
Proc ID | N/A | - | Process ID |
Msg ID | N/A | - | |
IP | origin | 10.20.30.40 | IP address (of EFA host) |
Enterprise ID | origin | 1916 | Extreme Networks Enterprise ID |
Software | origin | EFA | Software Name (of EFA host) |
SW Version | origin | 3.1.0 | Software Version (of EFA host) |
Taskname | log@1916 | EFA-000001 |
Task name ranges are defined as follows: Fabric – EFA-000001 to EFA-001000 Tenant – EFA-001001 to EFA-002000 Inventory – EFA-002001 to EFA-003000 Policy – EFA-003001 to EFA-003059 |
Scope | log@1916 | user | Scope of the task “user” or “system”. Currently only user level scope is supported. |
Status | log@1916 | succeeded | Status of the task “started”, “succeeded” or “failed” |
DeviceIP | log@1916 | “” | Device IP involved in the user task |
Username | log@1916 | admin | User name |
Severity | log@1916 | Info | Severity is always “info” |
BOMText | N/A | (Byte Order Mask) Textual description of the Alert |
Map APP_EVENTS to RELP/Syslog fields (RFC-5424)
<190>1 2022-10-10T21:29:45-07:00 pasu-dev-server EFA-ts - - [origin ip="10.20.241.27" enterpriseId="1916" software="EFA" swVersion="3.1.0 "] [log@1916 taskname="EFA-001002" scope="user" status="succeeded" deviceip="" username="root" severity="info"] BOM Tenant create request success :request={"name":"ts"}