The Cisco Log Message Format
The Cisco Log message format is:
<PRI>SEQNUM: HOST: MONTH DAY YEAR HOUR:MINUTES:SECONDS.MILLISECONDS TIMEZONE: %APPNAME-SEVERITY-MSGID:
%TAGS: MESSAGE
An example of a CiscoLog formatted syslog event follows. An entry displays on a single line.
<134>25: host-w3k: Feb 13 2007 18:23:21.408 +0000: %ICM_Router_CallRouter-6-10500FF:
[comp=Router-A][pname=rtr][iid=acme1][mid=10500FF][sev=info]: Side A rtr process is OK.
The following table describes the Cisco Log message fields:
Field |
Description |
---|---|
PRI |
Encodes syslog message severity and syslog facility. Messages are sent to a single syslog facility (that is, RFC-3164 facilities local0 through local7). For more information, see RFC-3164. |
SEQNUM |
Number used to order messages in the time sequence order when multiple messages occur with the same time stamp by the same process. Sequence number begins at zero for the first message fired by a process since the last startup. |
HOST |
Fully qualified domain name (FQDN), hostname, or IP address of the originating system. |
MONTH |
Current month represented in MMM format (for example, "Jan" for January) |
DAY |
Current day represented in DD format. Range is 01 to 31. |
YEAR |
Current year represented in YYYY format. |
HOUR |
Hour of the timestamp as two digits in 24-hour format; range is 00 to 23. |
MINUTE |
Minute of the timestamp as two digits; range is 00 to 59. |
SECOND |
Second of the timestamp as two digits; range is 00 to 59. |
MILLISECONDS |
Milliseconds of the timestamp as three digits; range is 000 to 999. |
TIMEZONE |
Abbreviated time zone offset, set to +/-#### (+/- HHMM from GMT). |
APPNAME |
Name of the application that generated the event. APPNAME field values are: PRODUCT_COMPONENT_SUBCOMPONENT PRODUCT – such as ICM COMPONENT – such as Router SUBCOMPONENT – such as CallRouter |
SEVERITY |
Supported severity values are: 3 (Error) 4 (Warning) 6 (Informational) 7 (Debug) |
MSGID |
Hexadecimal message id that uniquely identifies the message, such as 10500FF. |
TAGS |
(Optional) Supported tags are: [comp=%s] - component name including side, such as Router-A [pname=%s] - process name, such as rtr [iid=%s] - instance name, such as acme1 [mid=%d] - message id, such as 10500FF [sev=%s] – severity, such as info |
MESSAGE |
A descriptive message about the event. |