Log entries that are forwarded to a destination are formatted in a way appropriate for the specific destination whether it be recorded to a file or sent as an SNMP trap, but log event entries have common elements or properties. All application generated events have the following properties:
a time stamp in UTC or local time
the generating application
a unique event ID within the application
a router name identifying the VRF-ID that generated the event
a subject identifying the affected object
a short text description
The general format for an event in an event log with either a memory, console or file destination is as follows.
nnnn YYYY/MM/DD HH:MM:SS.SS <severity>:<application> # <event_id> <router-
name> <subject> description
The following is an event log example:
475 2006/11/27 00:19:40.38 WARNING: SNMP #2007 Base 1/1/1
"interface 1/1/1 came up"
The specific elements that compose the general format are described in the following table.
Label |
Description |
|---|---|
nnnn |
The log entry sequence number. |
YYYY/MM/DD |
The UTC date stamp for the log entry. YYYY — year MM — month DD — date |
HH:MM:SS.SS |
The UTC time stamp for the event. HH — hours (24 hour format) MM — minutes SS.SS — seconds |
<severity> |
The severity level name of the event. CLEARED — a cleared event (severity number 1) INFO — an indeterminate/informational severity event (severity level 2) CRITICAL — a critical severity event (severity level 3) MAJOR — a major severity event (severity level 4) MINOR — a minor severity event (severity level 5) WARNING — a warning severity event (severity 6) |
<application> |
The application generating the log message. |
<event_id> |
The application’s event ID number for the event. |
<router> |
The router name representing the VRF-ID that generated the event. |
<subject> |
The subject/affected object for the event. |
<description> |
A text description of the event. |