[x]

Overview > Log formats

 

 Next

Log formats

The format of logs varies by output destinations. Table 28 shows the original format of log information, which might be different from what you see. The actual format varies by the log resolution tool used.

Table 28: Log formats

Output destination

Format

Example

Console, monitor terminal, log buffer, or log file

Prefix Timestamp Sysname Module/Level/Mnemonic: Content

%Nov 24 14:21:43:502 2010 Sysname SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.26

Log host

<PRI>Timestamp Sysname %%vvModule/Level/Mnemonic: Source; Content

Standard format:
<190>Nov 24 16:22:21 2010 Sysname %%10 SHELL/5/SHELL_LOGIN: -DevIP=1.1.1.1; VTY logged in from 192.168.1.26

Table 29 describes the fields in a log message.

Table 29: Log field description

Field

Description

Prefix (information type)

A log to a destination other than the log host has an identifier in front of the timestamp:

  • An identifier of percent sign (%) indicates a log with a level equal to or higher than informational.

  • An identifier of asterisk (*) indicates a debug log or a trace log.

  • An identifier of caret (^) indicates a diagnostic log.

PRI (priority)

A log destined to the log host has a priority identifier in front of the timestamp. The priority is calculated by using this formula: facility*8+level, where:

  • facility is the facility name. Facility names local0 through local7 correspond to values 16 through 23. The facility name can be configured using the info-center loghost command. It is used to identify log sources on the log host, and to query and filter the logs from specific log sources.

  • level is in the range of 0 to 7. See Table 22 for more information about severity levels.

Timestamp

Records the time when the log was generated.

Logs sent to the log host and those sent to the other destinations have different timestamp precisions, and their timestamp formats are configured with different commands. For more information, see Table 30 and Table 31.

Sysname (host name or host IP address)

The sysname is the host name or IP address of the device that generated the log. You can use the sysname command to modify the name of the device.

%% (vendor ID)

Identifies the vendor of the device that generated the log.

This field exists only in logs sent to the log host.

vv (version information)

Identifies the version of the log. Its value is 10.

This field exists only in logs that are sent to the log host.

Module

Specifies the name of the module that generated the log. You can enter the info-center source ? command in system view to view the module list.

Level

Identifies the level of the log. See Table 22 for more information about severity levels.

Mnemonic

Describes the content of the log. It contains a string of up to 32 characters.

Source

Optional field that identifies the source of the log. The value contains an IRF member device ID and the IP address of the log sender.

Content

Provides the content of the log.

Table 30: Timestamp precisions and configuration commands

Item

Destined to the log host

Destined to the console, monitor terminal, log buffer, and log file

Precision

Seconds

Milliseconds

Command used to set the timestamp format

info-center timestamp loghost

info-center timestamp

Table 31: Description of the timestamp parameters

Timestamp parameters

Description

Example

boot

Time that has elapsed since system startup, in the format of xxx.yyy. xxx represents the higher 32 bits, and yyy represents the lower 32 bits, of milliseconds elapsed.

Logs that are sent to all destinations other than a log host support this parameter.

%0.109391473 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully.

0.109391473 is a timestamp in the boot format.

date

Current date and time, in the format of mmm dd hh:mm:ss yyy for logs that are output to a log host, or MMM DD hh:mm:ss:xxx YYYY for logs that are output to other destinations.

All logs support this parameter.

%May 30 05:36:29:579 2003 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully.

May 30 05:36:29:579 2003 is a timestamp in the date format.

iso

Timestamp format stipulated in ISO 8601.

Only logs that are sent to a log host support this parameter.

<189>2003-05-30T06:42:44 Sysname %%10FTPD/5/FTPD_LOGIN(l): User ftp (192.168.1.23) has logged in successfully.

2003-05-30T06:42:44 is a timestamp in the iso format.

none

No timestamp is included.

All logs support this parameter.

% Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully.

No timestamp is included.

no-year-date

Current date and time without year information, in the format of MMM DD hh:mm:ss:xxx.

Only logs that are sent to a log host support this parameter.

<189>May 30 06:44:22 Sysname %%10FTPD/5/FTPD_LOGIN(l): User ftp (192.168.1.23) has logged in successfully.

May 30 06:44:22 is a timestamp in the no-year-date format.

prev

 

up

 next

Default output rules for trace logs 

home

 FIPS compliance

© Copyright 2017 Hewlett Packard Enterprise Development LP