Syslog Event Filtering via Log Collector

Question asked by KEVIN DIENST on Jan 24, 2018

Log Collection: Configure Event Filters for Log Collector 


I'm a bit confused. I read the above documentation but if for instance, I have kernel warning logs from Syslog, so facility is kernel but severity is 'warning' then what sort of format is the filter? I see one option is syslog.level but what exactly does that correspond to?

For instance in the raw log message, all I have is the MSG and content, no syslog priority. Sample log.

Jan 9 13:05:26 ldc: [ID 537229 kern.warning] WARNING: i_ldc_unreg_queues: (0xb) channel RX queue unconf failed