Syslog alert responses

A syslog alert response is a connection to an external syslog server. It enables you to send alerts triggered by various events detected by Firewall Management Center.

Syslog messages are transmitted over either UDP or TCP, depending on the configuration of the syslog server.

Tip	For more information about syslog and configuration steps, see the documentation for your system. If you use UNIX, review the `man` pages for `syslog` and `syslog.conf` for conceptual and configuration information.

Facility and severity

When configuring a syslog alert response, you can specify the facility and severity associated with the syslog messages to ensure that they are processed properly by the syslog server.

Facility specifies the subsystem that creates the syslog message. Severity defines the severity of the syslog message.
The actual syslog message does not display facility and severity. The system that receives the syslog message uses these values to categorize the message.
You can choose any type of facility when creating a syslog alert response. However, you should choose one compatible with your syslog server, since not all syslog servers support all facilities. For UNIX syslog servers, the syslog.conf file should indicate which facilities are saved to which log files on the server.

The facility and severity values in the syslog messages are not used to filter event types.