When NXLog ships a Windows event, it appears to be changing the Windows original severity level, and replacing it with SeverityValue and Severity with different values.   What is the mapping of these values?  If Windows has severity values, with "Level" being 4 for Information, 3 for Warning, 2 for Error and 1 for Critical, what is the nxlog created SeverityValue?


Also, I couldn't find an explaination of why this value is changing.  

AskedMay 16, 2016 - 6:29pm

Answer (1)

$SeverityValue and $Severity contain normalized values. xm_syslog and other modules populate these wherever possible in order to provide a unified severity level.

AnsweredMay 17, 2016 - 9:14am

Comments (3)

  • cybergoof's picture

    So, what are the values?   I seriously couldn't find the information anywhere

    May 17, 2016 - 1:57pm
  • cybergoof's picture

    Thanks. I highly recommend that this be part of the documentation.

    May 17, 2016 - 7:01pm