Page 1 of 1

Syslog logging levels

Posted: 2018/06/11 12:34:37
by Aed
Hi when configuring Syslog logging to a remote server or SIEM tool can we please review what logging levels are available and what details are captured at each level - this can be very useful to explain in the context of use cases?

For example if logs are collected at Warn(ing) or above will this capture multiple failed login attempts against accounts as failed logins are treated as an Info(rmational) message.

Is this missed for normal user accounts? Suppose it was multiple failed attempts to access root accounts or sudo privileges .. are these handled differently?

Re: Syslog logging levels

Posted: 2018/06/13 05:04:40
by Whoever

Code: Select all

man rsyslog.conf