Do you know how Palo Alto interpret the standard Syslog protocol severity;
RFC 5424 The Syslog Protocol
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
The syslog severity is based on the log type and contents. Below are the details
Log Type Severity Syslog Severity
THREAT/SYSTEM –Informational INFO
THREAT/SYSTEM – Low NOTICE
THREAT/SYSTEM – Medium WARNING
THREAT/SYSTEM – High ERROR
THREAT/SYSTEM – Critical CRITICAL
Hope that helps.
Note: Please mark any helpful or correct answers.
I would say it's sort of a correlation between them which is helpful in the UNIX environment.
Just checked Splunk and the severity levels are identical.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!