feat(zen): add rule for syslog messages #515

New issue

Open

opened 2026-03-28 04:25:16 +00:00 by mfreeman451 · 0 comments

mfreeman451 commented

2026-03-28 04:25:16 +00:00

Owner

Imported from GitHub.

Original GitHub issue: #1524
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/1524
Original created: 2025-08-16T03:41:56Z

We should be setting the severity based on the level

{
  "specversion": "1.0",
  "id": "aafe1c8f-5004-4c9a-a052-417a29db9c9b",
  "type": "cef_severity",
  "source": "nats://events/events.syslog",
  "datacontenttype": "application/json",
  "data": {
    "_remote_addr": "default:216.17.46.98",
    "host": "tonka01",
    "level": 6,
    "severity": "Unknown",
    "short_message": "tonka01 bgpd[2510]: [HZN6M-XRM1G] %NOTIFICATION: received from neighbor 2605:8400:ff:142:: 6/1 (Cease/Maximum Number of Prefixes Reached) 0 bytes",
    "timestamp": 1755297534,
    "version": "1.1"
  }
}

Imported from GitHub. Original GitHub issue: #1524 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/1524 Original created: 2025-08-16T03:41:56Z --- We should be setting the severity based on the `level` ```json { "specversion": "1.0", "id": "aafe1c8f-5004-4c9a-a052-417a29db9c9b", "type": "cef_severity", "source": "nats://events/events.syslog", "datacontenttype": "application/json", "data": { "_remote_addr": "default:216.17.46.98", "host": "tonka01", "level": 6, "severity": "Unknown", "short_message": "tonka01 bgpd[2510]: [HZN6M-XRM1G] %NOTIFICATION: received from neighbor 2605:8400:ff:142:: 6/1 (Cease/Maximum Number of Prefixes Reached) 0 bytes", "timestamp": 1755297534, "version": "1.1" } } ```

Rows
Columns