When NXLog ships a Windows event, it appears to be changing the Windows original severity level, and replacing it with SeverityValue and Severity with different values.   What is the mapping of these values?  If Windows has severity values, with "Level" being 4 for Information, 3 for Warning, 2 for Error and 1 for Critical, what is the nxlog created SeverityValue?


Also, I couldn't find an explaination of why this value is changing.  

AskedMay 16, 2016 - 6:29pm

Answer (1)

$SeverityValue and $Severity contain normalized values. xm_syslog and other modules populate these wherever possible in order to provide a unified severity level.

Comments (3)