Syslog logging levels

Support for security such as Firewalls and securing linux
Post Reply
Aed
Posts: 1
Joined: 2018/06/11 12:15:34

Syslog logging levels

Post by Aed » 2018/06/11 12:34:37

Hi when configuring Syslog logging to a remote server or SIEM tool can we please review what logging levels are available and what details are captured at each level - this can be very useful to explain in the context of use cases?

For example if logs are collected at Warn(ing) or above will this capture multiple failed login attempts against accounts as failed logins are treated as an Info(rmational) message.

Is this missed for normal user accounts? Suppose it was multiple failed attempts to access root accounts or sudo privileges .. are these handled differently?

Whoever
Posts: 1009
Joined: 2013/09/06 03:12:10

Re: Syslog logging levels

Post by Whoever » 2018/06/13 05:04:40

Code: Select all

man rsyslog.conf

Post Reply