VIP Enterprise Gateway

The logging facility command tells the Syslog server where to put the log message. The Facility value is a way of determining which process of the machine created the message. Since the Syslog protocol was originally written on BSD Unix, the Facilities reflect the names of Unix processes and Daemons.

The priority value is calculated using the following formula: Priority = Facility * 8 + Level
 
The list of Facilities available:
 
0             kernel messages
1             user-level messages
2             mail system
3             system daemons
4             security/authorization messages
5             messages generated internally by syslogd
6             line printer subsystem
7             network news subsystem
8             UUCP subsystem
9             clock daemon
10            security/authorization messages
11            FTP daemon
12            NTP subsystem
13            log audit
14            log alert
15            clock daemon
16            local use 0  (local0)
17            local use 1  (local1)
18            local use 2  (local2)
19            local use 3  (local3)
20            local use 4  (local4)
21            local use 5  (local5)
22            local use 6  (local6)
23            local use 7  (local7)
 
If you are receiving messages from a Unix system, try using the 'User' Facility as your first choice. Local0 through to Local7 are not used by Unix and are traditionally used by networking equipment. Cisco routers, for example, use Local6 or Local7.

For Syslog Facility keywords, refer to this Wiki link
 

Some SIEM systems require logs be sent in the (CEF) Common Event Format, which can be configured on the Gateway under the Logs tab and then Log Format Configuration link.