Meraki

Shaun1387 · ‎Oct 26 2022

Hi All,

does anyone know what ' <134>1' means when it appears in a syslog message from an MX ?

I wondered if it was category or a code that donates 'Meraki' but i cant find anywhere which explains it.

Im working with some data ingestion engine rulesets and it would be useful to know what that signifies.

Cheers all !

Shaun

GreenMan · ‎Oct 26 2022

I believe this relates to priority (see the 134 entry in this matrix) https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-m...

Shaun1387 · ‎Oct 31 2022

Hi GreenMan,

thanks for the reply 👍

im confused about this then as <134>1 appears on all syslog messages.

I havent as yet seen any other marking on MX syslog output but in the example message below, its marked as <134>1 (whats the '1' ?) yet in the body its making the severity as '0' Emergency. Im inclined to believe that 134 is correct for this particular message as its just an info message.

I can see others such as VPN down, port down which should probably be 'Alert' or maybe 'Critial' marked the same as below. it looks like all messages are marked like this so im not sure whats going on here ?

Cheers

Shaun

"@version": "1",

"message": "<134>1 1666888028.631071690 XXXhostnameXXX events IDS: New rules installed",

"type": "syslog",

"event": {

"original": "<134>1 1666888028.631071690 XXXhostnameXXX events IDS: New rules installed" },

"@timestamp": "2022-10-27T16:27:08.639193004Z",

"log": {

"syslog": {

"facility": {

"code": 0,

"name": "kernel" },

"severity": {

"code": 0,

"name": "Emergency" },

"priority": 0

Meraki

Community

syslog message query

syslog message query