Common Alert Payload to be Published via Syslog

The following table provides the common fields of an alert object that are sent over the Syslog channel:

Field SD-ID (Structured Data ID) Example Description
<###> N/A

116 =(14 * 8) + 4

Alert Range: 112-119

Priority Value: (Syslog Classifier * 8) + Syslog Severity

Syslog Classifier
14 log alert
Syslog Severity
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Version N/A 1 Version of syslog message
Timestamp N/A 2003-10-11T22:14:15.003Z Timestamp of syslog message
Hostname N/A efa.machine.com Hostname of EFA
App Name N/A EFAFaultManager Application generating syslog alerts
Proc ID N/A - Process ID
Msg ID N/A - Alert sub-type classification
Sequence ID meta 47 Tracks the sequence in which messages are submitted to the syslog transport.
IP origin 10.20.30.40 IP address (of EFA host)
Enterprise ID origin 1916 Extreme Networks Enterprise ID
Software origin EFA Software Name (of EFA host)
SW Version origin 3.1.0 Software Version (of EFA host)
Resource alert@1916 /App/System/Security/Certificate EFA Health Resource path associated to the Alert being sent.
Alert ID alert@1916 31000 ID identifying the EFA Alert
Cause alert@1916 keyExpired Reason for the Alert (Attempt to map to IANA standards)
Type alert@1916 securityServiceOrMechanismViolation Indicates the Category (Attempt to map to IANA standards)
Severity alert@1916 warning

Severity of the EFA Alert (Critical, Major, Minor, Warning, Info)

EFA Syslog Severity
Critical Alert (1)
Major Critical (2)
Minor Error (3)
Warning Warning (4)
Info Informational (6)
BOMText N/A The application server certificate on EFA will expire soon on “Sep 12 10:00:45 2022 GMT”. (Byte Order Mask) Textual description of the Alert
Map Alert to RELP/Syslog fields (RFC-5424)
<116>1 2003-10-11T22:14:15.003Z efa.machine.com EFAFaultManager - - 
   [meta sequenceId=”47”]
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”EFA” swVersion=”3.1.0”]
   [alert@1916  
    resource=”/App/System/Security/Certificate” 
    alertId=”31000”  	  
    cause=”keyExpired”  
    type=”securityServiceOrMechanismViolation”  
    severity=”warning”] 
   [alertData@1916  
    certifcateType=”App Server certificate”  
    expiryDate=”Sep 12 10:00:45 2022 GMT”] 
   BOMThe application server certificate on EFA will expire soon on “Sep 12 10:00:45 2022 GMT”.