This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
sysloganalyzer [2007/10/08 20:44] faltin |
sysloganalyzer [2009/03/25 14:00] (current) morten update cisco log structure description and add more examples |
||
---|---|---|---|
Line 32: | Line 32: | ||
</code> | </code> | ||
- | For a given syslog message a description follow the message type giving further details. Also a time stamp is given and the device the message was received from. An example: | + | For any given syslog message, the following are typically found after the syslog server's timestamp: |
+ | * The name of the originating device | ||
+ | * A timestamp | ||
+ | * The Cisco message type descriptor | ||
+ | * The text of the message being logged | ||
+ | |||
+ | [[devel:database#the_logger_database|The NAV logger database]] models this structure. | ||
+ | |||
+ | Some valid examples are: | ||
<code> | <code> | ||
May 27 08:32:58 mtfs-sw.ntnu.no 2002 May 27 08:32:53 MET +02:00 %CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 4/2 | May 27 08:32:58 mtfs-sw.ntnu.no 2002 May 27 08:32:53 MET +02:00 %CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 4/2 | ||
+ | Feb 8 12:58:40 158.38.0.51 316371: Feb 8 12:58:39.873 MET: %SEC-6-IPACCESSLOGDP: list 112 permitted icmp 158.38.60.10 -> 158.38.12.5 (0/0), 1 packet | ||
+ | Mar 25 10:54:25 somedevice 72: AP:000b.adc0.ffee: *Mar 25 10:15:51.666: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up | ||
</code> | </code> | ||
- | [[devel:database#the_logger_database|The NAV logger database]] models this structure. | + | Incidentally, the log parsing engine has a bug in NAV versions prior to NAV 3.5.3, which cause it to crash if the following format is used (i.e. a year in the originating device's timestamp): |
+ | <code> | ||
+ | Mar 20 10:27:26 sw_1 607977: Mar 20 2009 10:20:06: %SEC-6-IPACCESSLOGP: list fraVLAN800 denied tcp x.x.x.x(1380) -> y.y.y.y(80), 2 packets | ||
+ | </code> | ||