Graylog and Windows log level does not match

Hi, I realise this may not be strictly a Graylog issue as I’m not sure where the level number is changing but it might be. I’m running nxlog on some Windows servers to send all logs to Graylog. I have some alerts and dashboards setup to highlight events with a level <3 (so errors and warnings). Nothing is showing up in the alerts or dashboards.

When I look at an error log details on the Windows server it has a level of 2. The same error is showing up in Graylog but it has a level of 3. I’m just wondering if anyone knows why the level number does not match?
Screen shot below of the same error.
Thanks for any help,

Log levels in Windows and Graylog do not use the same model.

For example Windows Event Log Level 2 means “Error” (see https://msdn.microsoft.com/en-us/library/microsoft.windowsazure.diagnostics.loglevel.aspx) while Graylog Log Level 2 means critical (see https://en.wikipedia.org/wiki/Syslog#Severity_level).

Since you probably want to use the same meaning and scale of “level” in all of your log messages, Graylog already did the right thing™ and translated Windows Event Log Level 2 (Error) to Graylog/Syslog Log Level 3 (Error).

Thanks jochen, so I will set my Graylog filters based on EventType or Severity to match the Windows logs.
Rgds

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.