Set the severity field
It is possible to configure the severity field with the set-severity() rewrite function. When configured, the set-severity() rewrite function will only rewrite the $SEVERITY field in the message to the first parameter value specified in the function.
Note
If the parameter value is not a valid parameter value, the function ignores it and sends a debug message, but the AxoSyslog application still sends the message.
Declaration
rewrite <name_of_the_rule> {
set-severity("severity string or number");
};
Parameters
The set-severity() rewrite function has a single, mandatory parameter that can be defined as follows:
set-severity( "parameter1" );
Accepted values
The set-severity() rewrite function accepts numeric values, named values, and aliases. Aliases are available in AxoSyslog version 4.6 and later.
| Numerical Code | Named Value | Alias |
|---|---|---|
| 0 | emerg |
SYSLOG_SEVERITY_CODE(0) |
| 0 | emergency |
SYSLOG_SEVERITY_CODE(0) |
| 0 | panic |
SYSLOG_SEVERITY_CODE(0) |
| 1 | alert |
SYSLOG_SEVERITY_CODE(1) |
| 2 | crit |
SYSLOG_SEVERITY_CODE(2) |
| 2 | critical |
SYSLOG_SEVERITY_CODE(2) |
| 2 | fatal |
SYSLOG_SEVERITY_CODE(2) |
| 3 | err |
SYSLOG_SEVERITY_CODE(3) |
| 3 | error |
SYSLOG_SEVERITY_CODE(3) |
| 4 | warning |
SYSLOG_SEVERITY_CODE(4) |
| 4 | warn |
SYSLOG_SEVERITY_CODE(4) |
| 5 | notice |
SYSLOG_SEVERITY_CODE(5) |
| 6 | info |
SYSLOG_SEVERITY_CODE(6) |
| 6 | log |
SYSLOG_SEVERITY_CODE(6) |
| 7 | debug |
SYSLOG_SEVERITY_CODE(7) |
Example usage for the set-severity() rewrite function
The following examples use the set-severity() rewrite function.
Using a named value:
rewrite {
set-severity("info");
};
Using a numeric value:
rewrite {
set-severity("6");
};
Using a template:
rewrite {
set-severity("${.json.severity}");
};
Last modified April 9, 2025: Rewrite-related formatting fixes and title shortenings (07c928a)