There are various standard formats available from the drop down list that will change the way the fields and message content are logged to the specified file. If the file format you want to use is not included, you can create your own format. Just add a new Custom File Format under the Formats option and then set the fields as desired. Then choose this new custom field from the drop down list in the Log to file action (the custom formats appear at the end of the list, after the standard and reserved formats.)
The following standard file formats are included with the program:
Kiwi format ISO yyyy-mm-dd (Tab delimited)
Format: DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 2002-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
Kiwi format ISO UTC yyyy-mm-dd (Tab delimited)
Format: UTC DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 2002-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
Kiwi format mm-dd-yyyy (Tab delimited)
Format: Date (MM-DD-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 07-22-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
Kiwi format dd-mm-yyyy (Tab delimited)
Format: Date (DD-MM-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 22-07-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
Kiwi format UTC mm-dd-yyyy (Tab delimited)
Format: UTC Date (MM-DD-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 07-22-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
Kiwi format UTC dd-mm-yyyy (Tab delimited)
Format: UTC Date (DD-MM-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 22-07-2002 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
Comma Separated Values yyyy-mm-dd (CSV)
Format: DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text
Example: 2002-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64"
Comma Separated Values UTC yyyy-mm-dd (CSV)
Format: UTC DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text
Example: 2002-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64"
BSD Unix syslog format
Format: DateTime (Mmm DD HH:MM:SS) [SPACE] Host name [SPACE] Message text (PID tag followed by message content)
Example: Jul 22 12:34:56 [SPACE] firewall-inside [SPACE] amd[308]: key sys: No value component in "rw,intr"
XML tagged format
Format: <Message><DateTime> DateTime (YYYY-MM-DD HH:MM:SS) </DateTime><Priority> Priority (Facility.Level) </Priority><Source_Host> Host name </Source_Host><MessageText> Message Text </MessageText></Message>
Example: <Message><DateTime>2002-07-23 21:53:35</DateTime><Priority>Local7.Debug</Priority><Source_Host>firewall-inside</Source_Host><MessageText> prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64</MessageText></Message>
RnRsoft ReportGen format
Format: rnrsoft [TAB] Date (YYYY-MM-DD) [TAB] Time (HH:MM:SS) [TAB] Host name [TAB] Level (numeric 0-7) [TAB] Message text
Example: rnrsoft [TAB] 2002-07-23 [TAB] 22:02:51 [TAB] firewall-inside [TAB] 7 [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
More information on ReportGen for SonicWall, PIX, GNATbox and Netscreen can be found at: www.reportgen.com
WebTrends format
Format: WTsyslog [SPACE] Date (YYYY-MM-DD) [SPACE] Time (HH:MM:SS) [SPACE] ip=Host address (a.b.c.d) [SPACE] pri=Level (numeric 0-7) [SPACE] Message text
Example: WTsyslog [2001-11-12 12:44:45 ip=192.168.168.1 pri=6] <134>id=firewall time="2001-11-15 08:43:42" fw=192.168.1.1 pri=6 src=192.168.1.34 proto=http
More information on Webtrends firewall suite can be found at: http://www.netiq.com/products/fwr
Cisco PIX PFSS format (Raw logging)
Format: <Priority value (0-191)>Message text
Example: <191>Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391
3Com 3CDaemon format (BSD space delimited)
Format: DateTime (Mmm DD HH:MM:SS) [SPACE] Host address [SPACE] Message text
Example: Jul 22 12:34:56 [SPACE] 192.168.1.1 [SPACE] key sys: No value component in "rw,intr"
Raw - Message text only (no priority)
Format: Message text only
Example: Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391
Sawmill format ISO yyyy-mm-dd (Tab delimited)
Format: DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example: 2002-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
More information on Sawmill log processing software can be found at: www.sawmill.net