19-4
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter19 U nderstanding Logging
About Logging
Each log message contains the following information:
Event code—A unique message code.
Logging category—Identifies the category to which a log message bel ongs.
Severity level—Identifies the level of severity for diagnostics. See Log Message Severity Levels,
page 19-4 for more information.
Message class—Identifies groups of messages of similar context, for example, RADIUS, policy, or
EAP-related context.
Message text—Brief English language explanatory text.
Description—English language text that describes log message reasons, troubleshooting
information (if applicable), and external links for mor e information.
Failure reason (optional)—Indicates whether a log message is associated with a failure reason.
Passwords are not logged, encrypted or not.
Global and Per-Instance Logging Categories
By default, a single log category configuration applies to all servers in a de ployment. For each log
category, the threshold severity of messages to be logged, whether messages are to be logged to the local
target, and the remote syslog targets to which the messages are to be sent to, are defined.
The log categories are organized in a hierarchical struc ture so that any configuration changes you make
to a parent category are applied to all the child categories. However, the administrator can apply different
configurations to the individual servers in a deployment.
For example, you can apply more intensive diagnostic logging on one server in the deployment. The
per-instance logging category configuration displays all servers in a deployment and indicate s whether
they are configured to utilize the global logging configuration or have their own custom configuration.
To define a custom configuration for a server, you must first select the Override option, and then
configure the specific log category definitions for that server.
You can use the Log Message Catalog to display all possible log messages that can be generated, each
with its corresponding category and severity. This information can be useful when configuring the
logging category definitions.
Log Message Severity Levels
You can configure logs of a certain severity level, and higher, to be logged for a specific logging category
and add this as a configuration element to further limit or expand the number of messages that you want
to save, view, and export.
For example, if you configure logs of severity level WARNING to be logged for a specific logging
category, log messages for that logging category of severity level WARNING and those of a higher
priority levels (ERROR and FATAL) are sent to any configured locations. Table19-1 describes the
severity levels and their associated priority levels.