Data Fields¶
A formatted text can include any number of fields enclosed in braces ({...}). A field name can be followed by one or more modifiers separated by vertical pipes (|).
Common Message Fields¶
RECEIVED¶
The timestamp the message was received by the Syslog Watcher server. There are 6 options available.
| Field | Description |
|---|---|
RECEIVED |
timestamp in microseconds, the storage timezone |
RECEIVED_UTC |
timestamp in microseconds, UTC |
RECEIVED_MS |
timestamp rounded to milliseconds, the storage timezone |
RECEIVED_MS_UTC |
timestamp rounded to milliseconds, UTC |
RECEIVED_S |
timestamp rounded to seconds, the storage timezone |
RECEIVED_S_UTC |
timestamp rounded to seconds, UTC |
RECEIVED- timestamp in microseconds, the storage timezone;RECEIVED_UTC- timestamp in microseconds, UTC;RECEIVED_MS- timestamp rounded to milliseconds, the storage timezone;RECEIVED_MS_UTC- timestamp rounded to milliseconds, UTC;RECEIVED_S- timestamp rounded to seconds, the storage timezone;RECEIVED_S_UTC- timestamp rounded to seconds, UTC.
ORIGINATOR¶
There are two fields associated with the message originator.
ORIGINATOR_ID | the originator's identification (ID) Example: 123 |
| `ORIGINATOR_NAME` | the originator's name |
ORIGINATOR_ID- the originator's identification (ID)ORIGINATOR_NAME- the originator's name
SEVERITY¶
SEVERITY- the message severity level in text form, e.g., EmergencySEVERITY_NUM- the message severity level in numeric form (0-7)
FACILITY¶
FACILITY- the message severity level in text form, e.g., EmergencyFACILITY_NUM- the message severity level in numeric form (0-7)
PRIORITY¶
The priority prefix is a number that equals FACILITY_NUM * 8 + SEVERITY_NUM.
It is usually necessary to form the correct syslog messages for forwarding.
RAW_MESSAGE¶
The entire message, as received, except for the priority prefix.
Example
To forward a syslog message in the same form as it was received without modification, use <{PRIORITY}>{RAW_MESSAGE}.
MESSAGE¶
The message body without any headers extracted by a parser.