NXLog SeverityValue for Windows Events

Tags: windows events

#1 cybergoof 7 years ago

When NXLog ships a Windows event, it appears to be changing the Windows original severity level, and replacing it with SeverityValue and Severity with different values. What is the mapping of these values? If Windows has severity values, with "Level" being 4 for Information, 3 for Warning, 2 for Error and 1 for Critical, what is the nxlog created SeverityValue?

Also, I couldn't find an explaination of why this value is changing.

Permalink

#2 adm Nxlog ✓ 7 years ago

#1 cybergoof

When NXLog ships a Windows event, it appears to be changing the Windows original severity level, and replacing it with SeverityValue and Severity with different values. What is the mapping of these values? If Windows has severity values, with "Level" being 4 for Information, 3 for Warning, 2 for Error and 1 for Critical, what is the nxlog created SeverityValue? Also, I couldn't find an explaination of why this value is changing.

$SeverityValue and $Severity contain normalized values. xm_syslog and other modules populate these wherever possible in order to provide a unified severity level.

Login to see more