I have NXLog shipping windows event logs to my logstash server. However, I'm finding that the original severity level in the windows event log, , is being replaced with "SeverityValue" and "Severity".
And what is the mapping? If Level is 4 for Information, 3 for Warning, 2 for Error and 1 for Critical, what is the NXLog output going to me?
And why does NXLog do this?
I couldn't find the answer in the docs, however, the source code had it. Going here: https://github.com/lamby/pkg-nxlog-ce/blob/master/src/common/error_debug.h#L16
We see where the loglevel is being set.
typedef enum nx_loglevel_t
{
NX_LOGLEVEL_DEBUG = 1,
NX_LOGLEVEL_INFO,
NX_LOGLEVEL_WARNING,
NX_LOGLEVEL_ERROR,
NX_LOGLEVEL_CRITICAL,
} nx_loglevel_t;
NXLog is effectively trying to baseline all log errors so that they are comparable no matter what the source.