TIBCO LogLogic LMI - How to calculate the syslog Facility and Severity from the Priority number
Article ID: KB0079267
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Log Management Intelligence | All |
Description
When a syslog message is collected the Severity and Facility number can be calculated using the Priority number. The mathematical operations used in this article are per RFC3164.
Issue/Introduction
Sometimes when troubleshooting or for information purposes you may wish to know the Severity and Facility of a syslog message.
Resolution
Here is a sample syslog message:
<190>13075: 013091: *May 21 14:39:22.782 UTC: %SEC_LOGIN-4-25:
The Priority is <190> so in order to work out the facility you need to apply the below:
Divide the PRI number by 8.
190/8 = 23.75
The whole number (rounding down) is the facility so based on 23.75 the integer is 23.
To get the Severity:
Take the whole number (23) and multiply by 8. This will equal 184. Now subtract 184 from the PRI number (190) to leave you with the severity which will be 6:
190 - (23 * 8 )= 6
To sum this all up the final values will be Facility 23 and Severity 6.
To work backwards to check the calculations you can do:
23*8 = 184 + 6 = 190
<190>13075: 013091: *May 21 14:39:22.782 UTC: %SEC_LOGIN-4-25:
The Priority is <190> so in order to work out the facility you need to apply the below:
Divide the PRI number by 8.
190/8 = 23.75
The whole number (rounding down) is the facility so based on 23.75 the integer is 23.
To get the Severity:
Take the whole number (23) and multiply by 8. This will equal 184. Now subtract 184 from the PRI number (190) to leave you with the severity which will be 6:
190 - (23 * 8 )= 6
To sum this all up the final values will be Facility 23 and Severity 6.
To work backwards to check the calculations you can do:
23*8 = 184 + 6 = 190
Feedback
Yes
No
Powered by
