Table 9. default syslog facilities – Allied Telesis AT-S63 User Manual

Chapter 15: Event Log and Syslog Server Commands

232

Section II: Advanced Operations

The FACILITY parameter adds a numerical code to the entries as they are
sent to the syslog server. You can use this code to group entries on the
syslog server according to the management module or switch that
produced them. This is of particular value when a syslog server is
collecting events from several difference network devices. You can specify
only one facility level for a syslog server definition.

There are two approaches to using this parameter. The first is to use the
DEFAULT option. At this setting, the code is based on the functional
groupings defined in the RFC 3164 standard. The codes that are
applicable to the AT-S63 management software and its modules are
shown in Table 9.

For example, the setting of DEFAULT assigns port mirroring events a
code of 22 and encryption key events a code of 4.

Another option is to assign all events from a switch the same numerical
code using the LOCAL1 to LOCAL2 options. Each option represents a
predefined RFC 3164 numerical code. The code mappings are listed in
Table 10.

Table 9. Default Syslog Facilities

Facility

Number

Syslog Protocol

Definition

Mapped Event Log Modules and

Events

4

Security/
authorization
messages

Security and authorization
messages from the following
modules: DOS, ENCO, PACCESS
(802.1x), PKI, PSEC (port security),
RADIUS, SSH, SSL, TACACS+,
and system events such as user
login and logout.

9

Clock daemon

Time-based activities and events
from the following modules: TIME,
SNTP, and RTC.

16

Local use 0

All other modules and events.

22

Local use 6

Physical interface and data link
events from the following modules:
PCFG (port configuration), PMIRR
(port mirroring), PTRUNK (port
trunking), STP, and VLANs.

23

Local use 7

System events related to major
exceptions.