Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hint to RFC 5424 in log.syslog.severity.name and log.syslog.severity.code #2291

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add hint to RFC 5424 in log.syslog.severity.name and log.syslog.severity.code #2291

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
aa69325
docs: update description of log.syslog.severity.name and log.syslog.s…
fgierlinger Oct 6, 2023
9173510
add artifacts
fgierlinger Oct 6, 2023
0b176b3
docs: update CHANGELOG
fgierlinger Oct 6, 2023
a7d104c
Merge branch 'main' into patch-2
fgierlinger Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.next.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ Thanks, you're awesome :-) -->

#### Improvements

Update description of `log.syslog.severity.name` and `log.syslog.severity.code` to list allowed values. #2291

#### Deprecated

### Tooling and Artifact Changes
Expand Down
4 changes: 2 additions & 2 deletions docs/fields/field-details.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5894,7 +5894,7 @@ example: `12345`

a| The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`.
If the event source publishing via Syslog provides a different numeric severity value than defined in RFC 5424 (0-7), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`.

type: long

Expand All @@ -5912,7 +5912,7 @@ example: `3`

a| The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.
If the event source publishing via Syslog provides a different severity value than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.

type: keyword

Expand Down
9 changes: 5 additions & 4 deletions experimental/generated/beats/fields.ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3957,9 +3957,9 @@
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `event.severity`.'
value than defined in RFC 5424 (0-7), your source''s numeric severity should
go to `event.severity`. If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.'
example: 3
- name: syslog.severity.name
level: extended
Expand All @@ -3968,7 +3968,8 @@
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value
(e.g. firewall, IDS), your source''s text severity should go to `log.level`.
than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug), your source''s text severity should go to `log.level`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `log.level`.'
example: Error
Expand Down
11 changes: 6 additions & 5 deletions experimental/generated/ecs/ecs_flat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6490,9 +6490,9 @@ log.syslog.severity.code:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`.
If the event source does not specify a distinct severity, you can optionally copy
the Syslog severity to `event.severity`.'
value than defined in RFC 5424 (0-7), your source''s numeric severity should go
to `event.severity`. If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.'
example: 3
flat_name: log.syslog.severity.code
level: extended
Expand All @@ -6505,8 +6505,9 @@ log.syslog.severity.name:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value
(e.g. firewall, IDS), your source''s text severity should go to `log.level`. If
the event source does not specify a distinct severity, you can optionally copy
than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug), your source''s text severity should go to `log.level`.
If the event source does not specify a distinct severity, you can optionally copy
the Syslog severity to `log.level`.'
example: Error
flat_name: log.syslog.severity.name
Expand Down
9 changes: 5 additions & 4 deletions experimental/generated/ecs/ecs_nested.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7978,9 +7978,9 @@ log:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `event.severity`.'
value than defined in RFC 5424 (0-7), your source''s numeric severity should
go to `event.severity`. If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.'
example: 3
flat_name: log.syslog.severity.code
level: extended
Expand All @@ -7993,7 +7993,8 @@ log:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value
(e.g. firewall, IDS), your source''s text severity should go to `log.level`.
than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug), your source''s text severity should go to `log.level`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `log.level`.'
example: Error
Expand Down
9 changes: 5 additions & 4 deletions generated/beats/fields.ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3907,9 +3907,9 @@
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `event.severity`.'
value than defined in RFC 5424 (0-7), your source''s numeric severity should
go to `event.severity`. If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.'
example: 3
- name: syslog.severity.name
level: extended
Expand All @@ -3918,7 +3918,8 @@
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value
(e.g. firewall, IDS), your source''s text severity should go to `log.level`.
than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug), your source''s text severity should go to `log.level`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `log.level`.'
example: Error
Expand Down
11 changes: 6 additions & 5 deletions generated/ecs/ecs_flat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6421,9 +6421,9 @@ log.syslog.severity.code:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`.
If the event source does not specify a distinct severity, you can optionally copy
the Syslog severity to `event.severity`.'
value than defined in RFC 5424 (0-7), your source''s numeric severity should go
to `event.severity`. If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.'
example: 3
flat_name: log.syslog.severity.code
level: extended
Expand All @@ -6436,8 +6436,9 @@ log.syslog.severity.name:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value
(e.g. firewall, IDS), your source''s text severity should go to `log.level`. If
the event source does not specify a distinct severity, you can optionally copy
than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug), your source''s text severity should go to `log.level`.
If the event source does not specify a distinct severity, you can optionally copy
the Syslog severity to `log.level`.'
example: Error
flat_name: log.syslog.severity.name
Expand Down
9 changes: 5 additions & 4 deletions generated/ecs/ecs_nested.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7898,9 +7898,9 @@ log:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `event.severity`.'
value than defined in RFC 5424 (0-7), your source''s numeric severity should
go to `event.severity`. If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.'
example: 3
flat_name: log.syslog.severity.code
level: extended
Expand All @@ -7913,7 +7913,8 @@ log:
description: 'The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity value
(e.g. firewall, IDS), your source''s text severity should go to `log.level`.
than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug), your source''s text severity should go to `log.level`.
If the event source does not specify a distinct severity, you can optionally
copy the Syslog severity to `log.level`.'
example: Error
Expand Down
7 changes: 5 additions & 2 deletions schemas/log.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@
The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different numeric severity
value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`.
value than defined in RFC 5424 (0-7), your source's numeric severity should
go to `event.severity`.
If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `event.severity`.

Expand All @@ -122,7 +123,9 @@
The Syslog numeric severity of the log event, if available.

If the event source publishing via Syslog provides a different severity
value (e.g. firewall, IDS), your source's text severity should go to `log.level`.
value than defined in RFC 5424 (Emergency, Alert, Critical, Error,
Warning, Notice, Informational, Debug), your source's text severity
should go to `log.level`.
If the event source does not specify a distinct severity,
you can optionally copy the Syslog severity to `log.level`.

Expand Down
Loading