Documentation forKiwi Syslog Server

Log file formats available in Kiwi Syslog Server — Legacy

This snippet is used for legacy 9.8.3 topics that link to a KSS NG topic of the same name.

When you add an action to log messages to a file, you can choose any of the following standard log file formats.

You can also create a custom log file format.

Kiwi format ISO yyyy-mm-dd (Tab delimited)

Format DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example 2017-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

Kiwi format ISO UTC yyyy-mm-dd (Tab delimited)

Format UTC DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example 2017-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

Kiwi format mm-dd-yyyy (Tab delimited)

Format Date (MM-DD-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example 07-22-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

Kiwi format dd-mm-yyyy (Tab delimited)

Format Date (DD-MM-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example 22-07-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

Kiwi format UTC mm-dd-yyyy (Tab delimited)

Format UTC Date (MM-DD-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example 07-22-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

Kiwi format UTC dd-mm-yyyy (Tab delimited)

Format UTC Date (DD-MM-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example 22-07-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

Comma Separated Values yyyy-mm-dd (CSV)

Format DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text
Example 2017-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64"

Comma Separated Values UTC yyyy-mm-dd (CSV)

Format UTC DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text
Example 2017-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64"

BSD Unix syslog format

Format DateTime (Mmm DD HH:MM:SS) [SPACE] Host name [SPACE] Message text (PID tag followed by message content)
Example Jul 22 12:34:56 [SPACE] firewall-inside [SPACE] amd[308]: key sys: No value component in "rw,intr"

XML tagged format

Format <Message><DateTime> DateTime (YYYY-MM-DD HH:MM:SS) </DateTime><Priority> Priority (Facility. Level) </Priority><Source_Host> Host name </Source_Host><MessageText> Message Text </MessageText></Message>
Example <Message><DateTime>2017-07-23 21:53:35</DateTime><Priority>Local7.Debug</Priority><Source_Host>firewall-inside</Source_Host><MessageText> prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64</MessageText></Message>

RnRsoft ReportGen format

Format

rnrsoft [TAB] Date (YYYY-MM-DD) [TAB] Time (HH:MM:SS) [TAB] Host name [TAB] Level (numeric 0-7) [TAB] Message text

Example

rnrsoft [TAB] 2017-07-23 [TAB] 22:02:51 [TAB] firewall-inside [TAB] 7 [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

More information on ReportGen for SonicWall, PIX, GNATbox and Netscreen can be found on their website.

WebTrends format

Format WTsyslog [SPACE] Date (YYYY-MM-DD) [SPACE] Time (HH:MM:SS) [SPACE] ip=Host address (a.b.c.d) [SPACE] pri=Level (numeric 0-7) [SPACE] Message text
Example WTsyslog [2017-11-12 12:44:45 ip=192.168.168.1 pri=6] <134>id=firewall time="2017-11-15 08:43:42" fw=192.168.1.1 pri=6 src=192.168.1.34 proto=http

More information on Webtrends firewall suite can be found on their website.

Cisco PIX PFSS format (Raw logging)

Format <Priority value (0-191)>Message text
Example <191>Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391

3Com 3CDaemon format (BSD space delimited)

Format DateTime (Mmm DD HH:MM:SS) [SPACE] Host address [SPACE] Message text
Example Jul 22 12:34:56 [SPACE] 192.168.1.1 [SPACE] key sys: No value component in "rw,intr"

Raw - Message text only (no priority)

Format Message text only
Example

Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391

Sawmill format ISO yyyy-mm-dd (Tab delimited)

Format DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text
Example

2017-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64

More information on Sawmill log processing software can be found on Sawmill website.