Log file formats

 Top  Previous  Next

 

There are various standard formats available from the drop down list that will change the way the fields and message content are logged to the specified file. If the file format you want to use is not included, you can create your own format. Just add a new Custom File Format under the Formats option and then set the fields as desired. Then choose this new custom field from the drop down list in the Log to file action (the custom formats appear at the end of the list, after the standard and reserved formats.)

 

The following standard file formats are included with the program:

 

 

Kiwi format ISO yyyy-mm-dd (Tab delimited)

Format: DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 2002-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

 

Kiwi format ISO UTC yyyy-mm-dd (Tab delimited)

Format: UTC DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 2002-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

 

Kiwi format mm-dd-yyyy (Tab delimited)

Format: Date (MM-DD-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 07-22-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

 

Kiwi format dd-mm-yyyy (Tab delimited)

Format: Date (DD-MM-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 22-07-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

 

Kiwi format UTC mm-dd-yyyy (Tab delimited)

Format: UTC Date (MM-DD-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 07-22-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

 

Kiwi format UTC dd-mm-yyyy (Tab delimited)

Format: UTC Date (DD-MM-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 22-07-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

 

Comma Separated Values yyyy-mm-dd (CSV)

Format: DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text

 

Example: 2002-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64"

 

 

Comma Separated Values UTC yyyy-mm-dd (CSV)

Format: UTC DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text

 

Example: 2002-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64"

 

 

BSD Unix syslog format

Format: DateTime (Mmm DD HH:MM:SS) [SPACE] Host name [SPACE] Message text (PID tag followed by message content)

 

Example: Jul 22 12:34:56 [SPACE] firewall-inside [SPACE] amd[308]: key sys: No value component in "rw,intr"

 

 

XML tagged format

Format: <Message><DateTime> DateTime (YYYY-MM-DD HH:MM:SS) </DateTime><Priority> Priority (Facility.Level) </Priority><Source_Host> Host name </Source_Host><MessageText> Message Text </MessageText></Message>

 

Example: <Message><DateTime>2002-07-23 21:53:35</DateTime><Priority>Local7.Debug</Priority><Source_Host>firewall-inside</Source_Host><MessageText> prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64</MessageText></Message>

 

 

RnRsoft ReportGen format

Format: rnrsoft [TAB] Date (YYYY-MM-DD) [TAB] Time (HH:MM:SS) [TAB] Host name [TAB] Level (numeric 0-7) [TAB] Message text

 

Example: rnrsoft [TAB] 2002-07-23 [TAB] 22:02:51 [TAB] firewall-inside [TAB] 7 [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

More information on ReportGen for SonicWall, PIX, GNATbox and Netscreen can be found at: www.reportgen.com

 

 

WebTrends format

Format: WTsyslog [SPACE] Date (YYYY-MM-DD) [SPACE] Time (HH:MM:SS) [SPACE] ip=Host address (a.b.c.d) [SPACE] pri=Level (numeric 0-7) [SPACE] Message text

 

Example: WTsyslog [2001-11-12 12:44:45 ip=192.168.168.1 pri=6] <134>id=firewall time="2001-11-15 08:43:42" fw=192.168.1.1 pri=6 src=192.168.1.34 proto=http

 

More information on Webtrends firewall suite can be found at: http://www.netiq.com/products/fwr

 

 

Cisco PIX PFSS format (Raw logging)

Format: <Priority value (0-191)>Message text

 

Example: <191>Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391

 

 

3Com 3CDaemon format (BSD space delimited)

Format: DateTime (Mmm DD HH:MM:SS) [SPACE] Host address [SPACE] Message text

 

Example: Jul 22 12:34:56 [SPACE] 192.168.1.1 [SPACE] key sys: No value component in "rw,intr"

 

 

Raw - Message text only (no priority)

Format: Message text only

 

Example: Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391

 

 

Sawmill format ISO yyyy-mm-dd (Tab delimited)

Format: DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text

 

Example: 2002-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

 

More information on Sawmill log processing software can be found at: www.sawmill.net