Setting severity with the set-severity() rewrite function

It is possible to configure the severity field with the set-severity() rewrite function. When configured, the set-severity() rewrite function will only rewrite the $SEVERITY field in the message to the first parameter value specified in the function.

Note If the parameter value is not a valid parameter value, the function ignores it and sends a debug message, but the AxoSyslog application still sends the message.

Declaration

   rewrite <name_of_the_rule> {
        set-severity("severity string or number");
    };

Parameters

The set-severity() rewrite function has a single, mandatory parameter that can be defined as follows:

   `set-severity( "parameter1" );`

Accepted values

The set-severity() rewrite function accepts numeric values, named values, and aliases. Aliases are available in AxoSyslog version 4.6 and later.

Numerical Code	Named Value	Alias
0	`emerg`	`SYSLOG_SEVERITY_CODE(0)`
0	`emergency`	`SYSLOG_SEVERITY_CODE(0)`
0	`panic`	`SYSLOG_SEVERITY_CODE(0)`
1	`alert`	`SYSLOG_SEVERITY_CODE(1)`
2	`crit`	`SYSLOG_SEVERITY_CODE(2)`
2	`critical`	`SYSLOG_SEVERITY_CODE(2)`
2	`fatal`	`SYSLOG_SEVERITY_CODE(2)`
3	`err`	`SYSLOG_SEVERITY_CODE(3)`
3	`error`	`SYSLOG_SEVERITY_CODE(3)`
4	`warning`	`SYSLOG_SEVERITY_CODE(4)`
4	`warn`	`SYSLOG_SEVERITY_CODE(4)`
5	`notice`	`SYSLOG_SEVERITY_CODE(5)`
6	`info`	`SYSLOG_SEVERITY_CODE(6)`
6	`log`	`SYSLOG_SEVERITY_CODE(6)`
7	`debug`	`SYSLOG_SEVERITY_CODE(7)`

Example usage for the set-severity() rewrite function

The following examples can be used in production for the set-severity() rewrite function.

Example using string:

   rewrite {
        set-severity("info");
    };

Example using numeric string:

   rewrite {
        set-severity("6");
    };

Example using template:

   rewrite {
        set-severity("${.json.severity}");
    };

Last modified March 21, 2025: Merge pull request #117 from axoflow/sync-to-r2 (6fb1861)