Log entries that are forwarded to a destination are formatted in a way that is appropriate for the specific destination; for example, whether it is to be recorded to a file or sent as an SNMP trap, but log event entries also have common elements or properties. All application-generated events have the following properties:
a timestamp in UTC or local time
the generating application
a unique event ID within the application
a router name identifying the VRF-ID that generated the event
a subject identifying the affected object
a short text description
The general format for an event in an event log with either a memory, console or file destination is as follows:
nnnn YYYY/MM/DD HH:MM:SS.SS <severity>:<application> # <event_id> <router-
name> <subject> descriptionThe following is an event log example:
475 2015/11/27 00:19:40.38 WARNING: SNMP #2008 Base 1/1/1
"interface 1/1/1 came up" The specific elements that make up the general format are described in Table: Log Entry Field Descriptions .
|
Label |
Description |
|---|---|
|
nnnn |
The log entry sequence number |
|
YYYY/MM/DD |
The UTC date stamp for the log entry YYYY — Year MM — Month DD — Day |
|
HH:MM:SS.SS |
The UTC timestamp for the event HH — Hours (24-hour format) MM — Minutes SS.SS — Seconds |
|
<severity> |
The severity level name of the event CLEARED — a cleared event (severity number 1) INFO — an indeterminate/informational severity event (severity level 2) CRITICAL — a critical severity event (severity level 3) MAJOR — a major severity event (severity level 4) MINOR — a minor severity event (severity level 5) WARNING — a warning severity event (severity 6) |
|
<application> |
The application generating the log message |
|
<event_id> |
The application's event ID number for the event |
|
<router> |
The router name representing the VRF-ID that generated the event |
|
<subject> |
The subject/affected object for the event |
|
<description> |
A text description of the event |