SYSLOGs
SYSLOG Rules are used to consolidate CISCO SYSLOG events.
SYSLOG is an event logging protocol (IETF standard http://www.ietf.org/html.charters/syslog-charter.html) running over the network.
Argent acts as a SYSLOG server by listening for the incoming SYSLOG messages on UDP 514, and consolidates them into the central databases you’ve defined.
The SYSLOG of a network device is a critical control facility allowing auditors to check the correct operation AND SECURITY of the production network device
From the SYSLOG archived in Argent, critical audit reports can automatically generated and sent listing such essential details critical errors
This Rule automates alerting Cisco SYSLOG for messages of severity type ‘Critical Condition’
Cisco SYSLOGs have different severity levels for messages, as follows:
0 System Unusable 1 Take Action Immediately 2 Critical Condition 3 Error 4 Warning 5 Normal, But Significant 6 Informational 7 Debug Information