samhain will translate its own severities into syslog priorities as follows:
| Severity | Syslog priority |
|---|---|
| debug | LOG_DEBUG |
| info | LOG_INFO |
| notice | LOG_NOTICE |
| warn | LOG_WARNING |
| mark | LOG_ERR |
| err | LOG_ERR |
| crit | LOG_CRIT |
| alert | LOG_ALERT |
Messages larger than 959 chars will be split into several messages. By default, samhain will use the identity 'samhain', the syslog facility LOG_AUTHPRIV, and will log its PID (process identification number) in addition to the message.
The syslog facility can be modified via the directive
SyslogFacility=
LOG_xxx in the
Misc section of the configuration
file.
The syslog priority to be used for heartbeat messages
(timestamps) can be selected with the directive
SyslogMapStampTo=
LOG_xxx in the
Misc section of the configuration file.
The default is LOG_ERR.