[Oisf-users] EXTERNAL: Re: EVE-Log identity, facility, level

[Peter Manev]

On Mon, Jun 9, 2014 at 9:58 PM, Gofran, Paul <paul.gofran at lmco.com> wrote:
> Peter, I enabled the syslog section and did see the identity and facility change for my log messages.  The level still came out as "info" always though.  I tried the following options for level:  Debug, debug, "Debug", and "debug".   All came out as info.
>
> So correct me if I'm wrong but are there 3 related issues here?
> 1) The eve-log parameters identity, facility, and level don't effect anything.  It didn't matter if I made these the same as the syslog section or different, they didn't take effect.
> 2) The syslog section is not just for alerts and the identity, facility, and level parameters effect eve-log when it's in syslog mode.
> 3) The level parameter is not working
>
> I'll be happy to try out any other test configurations if you have any other ideas.  If these are actual issues let me know if you want me to submit a bug.  Thanks for the help.
>
> -Paul
>
>

Could you open a ticket for this one actually?
I think eve.json should be able to make those changes without being
dependent if syslog is enabled further down in the section.

thanks


-- 
Regards,
Peter Manev