Differences

This shows you the differences between two versions of the page.

--- sysloganalyzer [2007/10/08 20:44] – faltin
+++ sysloganalyzer [2009/03/25 14:00] (current) – update cisco log structure description and add more examples morten
@@ Line 32: / Line 32: @@
 </code>
-For a given syslog message a description follow the message type giving further details. Also a time stamp is given and the device the message was received from. An example:
+For any given syslog message, the following are typically found after the syslog server's timestamp:
+  * The name of the originating device
+  * A timestamp
+  * The Cisco message type descriptor
+  * The text of the message being logged
+[[devel:database#the_logger_database|The NAV logger database]] models this structure.
+Some valid examples are:
 <code>
 May 27 08:32:58 mtfs-sw.ntnu.no 2002 May 27 08:32:53 MET +02:00 %CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 4/2
+Feb  8 12:58:40 158.38.0.51 316371: Feb  8 12:58:39.873 MET: %SEC-6-IPACCESSLOGDP: list 112 permitted icmp 158.38.60.10 -> 158.38.12.5 (0/0), 1 packet
+Mar 25 10:54:25 somedevice 72: AP:000b.adc0.ffee: *Mar 25 10:15:51.666: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
 </code>
-[[devel:database#the_logger_database|The NAV logger database]] models this structure.
+Incidentally, the log parsing engine has a bug in NAV versions prior to NAV 3.5.3, which cause it to crash if the following format is used (i.e. a year in the originating device's timestamp):
+<code>
+Mar 20 10:27:26 sw_1 607977: Mar 20 2009 10:20:06: %SEC-6-IPACCESSLOGP: list fraVLAN800 denied tcp x.x.x.x(1380) -> y.y.y.y(80), 2 packets
+</code>