User Guide for Cisco Secure Access Control System 5.4
Chapter19 Understanding Lo gging
About Logging
Table19-3 Remote Syslog Message Header Format
Field Description
pri_num Priority value of the message; a combination of the facility value and the
severity value of the message. Priority value = (facility value* 8) + severity
value. The facility code valid options are:
LOCAL0 (Code = 16)
LOCAL1 (Code = 17)
LOCAL2 (Code = 18)
LOCAL3 (Code = 19)
LOCAL4 (Code = 20)
LOCAL5 (Code = 21)
LOCAL6 (Code = 22; default)
LOCAL7 (Code = 23)
Severity value—See Table19-1 for severity values.
time Date of the message generation, according to the local clock of the
originating ACS, in the format YYYY Mmm DD hh:mm:ss. Possible values
YYYY = Numeric representation of the year.
Mmm = Representation of the month—Jan, Feb, Mar, Apr, May, Jun, Jul,
Aug, Sep, Oct, Nov, Dec.
DD = Numeric representation of the day of the month. For single-digit
days (1 to 9), a space precedes the number.
hh = The hour of the day—00 to 23.
mm = The minute of the hour—00 to 59.
ss = The second of the minute—00 to 59.
Some device send messages that specify a time zone in the format -/+hhmm,
where - and + identifies the directional offset from the ACS server’s time
zone, hh is the number of offset hours, and mm is the numbe r of minutes of
the offset hour.
For example, +02:00 indicates that the message occurred at the time indicated
by the time stamp, and on an ACS node that is two hours ahead of the ACS
server’s time zone.
xx:xx:xx:xx/host_name IP address of the originating ACS, or the hostname.
cat_name Logging category name preceded by the CSCOacs string.
msg_id Unique message ID; 1 to 4294967295. The message ID increases by 1 with
each new message. Message IDs restart at 1 each time the application is
total_seg Total number of segments in a log message. Long messages are divided into
more than one segment.
seg_num Segment sequence number within a message. Use this number to dete rmine
what segment of the message you are viewing.