Log file formats available in KSS NG
When you add an action to log messages to a file, you can choose any of the following standard log file formats.
You can also create a custom log file format.
Kiwi format ISO yyyy-mm-dd (Tab delimited)
| Format |
DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
2017-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64 |
Kiwi format ISO UTC yyyy-mm-dd (Tab delimited)
| Format |
UTC DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
2017-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64 |
Kiwi format mm-dd-yyyy (Tab delimited)
| Format |
Date (MM-DD-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
07-22-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64 |
Kiwi format dd-mm-yyyy (Tab delimited)
| Format |
Date (DD-MM-YYYY) [TAB] Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
22-07-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64 |
Kiwi format UTC mm-dd-yyyy (Tab delimited)
| Format |
UTC Date (MM-DD-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
07-22-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64 |
Kiwi format UTC dd-mm-yyyy (Tab delimited)
| Format |
UTC Date (DD-MM-YYYY) [TAB] UTC Time (HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
22-07-2017 [TAB] 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64 |
Comma Separated Values yyyy-mm-dd (CSV)
| Format |
DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text |
| Example |
2017-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64" |
Comma Separated Values UTC yyyy-mm-dd (CSV)
| Format |
UTC DateTime (YYYY-MM-DD HH:MM:SS),Priority (Facility.Level),Host name,Message text |
| Example |
2017-07-22 12:34:56,Local5.Debug,firewall-inside,"prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64" |
BSD Unix syslog format
| Format |
DateTime (Mmm DD HH:MM:SS) [SPACE] Host name [SPACE] Message text (PID tag followed by message content) |
| Example |
Jul 22 12:34:56 [SPACE] firewall-inside [SPACE] amd[308]: key sys: No value component in "rw,intr" |
XML tagged format
| Format |
<Message><DateTime> DateTime (YYYY-MM-DD HH:MM:SS) </DateTime><Priority> Priority (Facility. Level) </Priority><Source_Host> Host name </Source_Host><MessageText> Message Text </MessageText></Message> |
| Example |
<Message><DateTime>2017-07-23 21:53:35</DateTime><Priority>Local7.Debug</Priority><Source_Host>firewall-inside</Source_Host><MessageText> prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64</MessageText></Message> |
RnRsoft ReportGen format
| Format |
rnrsoft [TAB] Date (YYYY-MM-DD) [TAB] Time (HH:MM:SS) [TAB] Host name [TAB] Level (numeric 0-7) [TAB] Message text
|
| Example |
rnrsoft [TAB] 2017-07-23 [TAB] 22:02:51 [TAB] firewall-inside [TAB] 7 [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
|
More information on ReportGen for SonicWall, PIX, GNATbox and Netscreen can be found on their website.
WebTrends format
| Format |
WTsyslog [SPACE] Date (YYYY-MM-DD) [SPACE] Time (HH:MM:SS) [SPACE] ip=Host address (a.b.c.d) [SPACE] pri=Level (numeric 0-7) [SPACE] Message text |
| Example |
WTsyslog [2017-11-12 12:44:45 ip=192.168.168.1 pri=6] <134>id=firewall time="2017-11-15 08:43:42" fw=192.168.1.1 pri=6 src=192.168.1.34 proto=http |
More information on Webtrends firewall suite can be found on their website.
Cisco PIX PFSS format (Raw logging)
| Format |
<Priority value (0-191)>Message text |
| Example |
<191>Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391 |
3Com 3CDaemon format (BSD space delimited)
| Format |
DateTime (Mmm DD HH:MM:SS) [SPACE] Host address [SPACE] Message text |
| Example |
Jul 22 12:34:56 [SPACE] 192.168.1.1 [SPACE] key sys: No value component in "rw,intr" |
Raw - Message text only (no priority)
| Format |
Message text only |
| Example |
Built outbound TCP connection 12004 for faddr grc.com/80 gaddr 192.168.2.2/4120 laddr 192.168.1.1/4391
|
Sawmill format ISO yyyy-mm-dd (Tab delimited)
| Format |
DateTime (YYYY-MM-DD HH:MM:SS) [TAB] Priority (Facility.Level) [TAB] Host name [TAB] Message text |
| Example |
2017-07-22 12:34:56 [TAB] Local5.Debug [TAB] firewall-inside [TAB] prot=UDP port=53 dst=203.25.36.47 src=192.168.1.2 bytes=64
|
More information on Sawmill log processing software can be found on Sawmill website.
