Other events are logged besides packets and sessions. They are stored in an extended format. These other events arise from the following logging entities:
auth - Authentication logic (in various other agents)
edit - Configuration editor
ftpp - The FTP proxy
ha - The high-availability subsystem
httpp - The HTTP proxy
iked - The IKE daemon
log - The logger itself
smtpp - The SMTP proxy
telnetp - The Telnet proxy
Each entity has a LogSeverity variable which limits the extent of its logging of noteworthy events based on the severity level of those events.
In addition, there exist default limiters as catchallsl for unnamed entities:
name=LogSeverity - For all Screens
sys=Screen name=LogSeverity - Screen-specific
The LogSeverity variables take text strings as their value. The value functions as a not-more-detail-than limiter and is similar to the functionality of the Solaris syslog command. The text values are:
NONE
ALERT
CRIT
ERR
WARN
NOTE
INFO
DEBUG
These limiter variables operate with several levels of globality, within entities and/or Screens, and/or universally. The limiters serve to control logging situations where a particular rule is not yet known to the entity, or where no particular rule applies.
In addition, the effect of the per-rule DETAIL, SUMMARY, and SESSION attributes is overridden by some of these logging entities. This override allows for finer control over events that can be attributed to a particular rule. Specifically, any rule-specific event of a severity of INFO or greater is logged if that rule has packet or session logging enabled.