Common Alert Payload to be Published via Syslog

The following table provides the common fields of an alert object that are sent over the Syslog channel:

Field SD-ID (Structured Data ID) Example Description
<###> N/A

116 =(14 * 8) + 4

Alert Range: 112-119

Priority Value: (Syslog Classifier * 8) + Syslog Severity

Syslog Classifier
14 log alert
Syslog Severity
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Version N/A 1 Version of syslog message
Timestamp N/A 2003-10-11T22:14:15.003Z Timestamp of syslog message
Hostname N/A xco.machine.com Hostname of XCO
App Name N/A faultmanager Application generating syslog alerts
Proc ID N/A - Process ID
Msg ID N/A - Alert sub-type classification
Sequence ID meta 47 Tracks the sequence in which messages are submitted to the syslog transport.
IP origin 10.20.30.40 IP address (of XCO host)
Enterprise ID origin 1916 Extreme Networks Enterprise ID
Software origin XCO Software Name (of XCO host)
SW Version origin 3.3.0 Software Version (of XCO host)
Resource alert@1916 /App/System/Security/Certificate?type=app_server_cert XCO Health Resource path associated to the Alert being sent.
Alert ID alert@1916 31000 ID identifying the XCO Alert
Cause alert@1916 keyExpired Reason for the Alert (Attempt to map to IANA standards)
Type alert@1916 securityServiceOrMechanismViolation Indicates the Category (Attempt to map to IANA standards)
Severity alert@1916 warning

Severity of the XCO Alert (Critical, Major, Minor, Warning, Info)

XCO Alert Syslog Severity
Critical Alert (1)
Major Critical (2)
Minor Error (3)
Warning Warning (4)
Info Informational (6)
BOMText N/A The application server certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”. (Byte Order Mask) Textual description of the Alert
The following example maps alerts to RELP or Syslog fields:
<116>1 2003-10-11T22:14:15.003Z xco.machine.com faultmanager - - 
   [meta sequenceId=”47”]
   [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.3.0”]
   [alert@1916  
    resource=”/App/System/Security/Certificate?type=app_server_cert” 
    alertId=”31000”  	  
    cause=”keyExpired”  
    type=”securityServiceOrMechanismViolation”  
    severity=”warning”] 
   [alertData@1916  
    type="app_server_cert"
    expiry_data="Sep 12 10:00:45 2022 GMT"]  
   BOMThe application server certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”.