Syslog Message Classes
Note | This topic does not apply to messages for security events (connection, intrusion, etc.) |
You can use syslog message classes in two ways:
-
Specify an output location for an entire category of syslog messages.
-
Create a message list that specifies the message class.
The syslog message class provides a method of categorizing syslog messages by type, equivalent to a feature or function of the device. For example, the rip class denotes RIP routing.
All syslog messages in a particular class share the same initial three digits in their syslog message ID numbers. For example, all syslog message IDs that begin with the digits 611 are associated with the vpnc (VPN client) class. Syslog messages associated with the VPN client feature range from 611101 to 611323.
In addition, most of the ISAKMP syslog messages have a common set of prepended objects to help identify the tunnel. These objects precede the descriptive text of a syslog message when available. If the object is not known at the time that the syslog message is generated, the specific heading = value combination does not appear.
The objects are prefixed as follows:
Group = groupname, Username = user, IP = IP_address
Where the group is the tunnel-group, the username is the username from the local database or AAA server, and the IP address is the public IP address of the remote access client or Layer 2 peer.
The following table lists the message classes and the range of message IDs in each class.
|
Class |
Definition |
Syslog Message ID Numbers |
|---|---|---|
|
access-list* |
Access Lists |
106 |
|
application-firewall* |
Application Firewall |
415 |
|
auth |
User Authentication |
109, 113 |
|
botnet-traffic-filtering* |
Botnet Traffic Filtering |
338 |
|
bridge |
Transparent Firewall |
110, 220 |
|
ca |
PKI Certification Authority |
717 |
|
card-management* |
Card Management |
323 |
|
citrix |
Citrix Client |
723 |
|
clustering* |
Clustering |
747 |
|
config |
Command Interface |
111, 112, 208, 308 |
|
csd |
Secure Desktop |
724 |
|
cts |
Cisco TrustSec |
776 |
|
dap |
Dynamic Access Policies |
734 |
|
eap, eapoudp |
EAP or EAPoUDP for Network Admission Control |
333, 334 |
|
eigrp |
EIGRP Routing |
336 |
|
|
E-mail Proxy |
719 |
|
environment-monitoring* |
Environment Monitoring |
735 |
|
ha |
Failover |
101, 102, 103, 104, 105, 210, 311, 709 |
|
identity-based-firewall* |
Identity-based Firewall |
746 |
|
ids |
Intrusion Detection System |
400, 733 |
|
ikev2-toolkit* |
IKEv2 Toolkit |
750, 751, 752 |
|
ip |
IP Stack |
209, 215, 313, 317, 408 |
|
ipaa |
IP Address Assignment |
735 |
|
ips |
Intrusion Protection System |
400, 401, 420 |
|
ipv6* |
IPv6 |
325 |
|
licensing* |
Licensing |
444 |
|
mdm-proxy |
MDM Proxy |
802 |
|
nac |
Network Admission Control |
731, 732 |
|
nacpolicy |
NAC Policy |
731 |
|
nacsettings |
NAC Settings to apply NAC Policy |
732 |
|
nat-and-pat* |
NAT and PAT |
305 |
|
network-access-point* |
Network Access Point |
713 |
|
np |
Network Processor |
319 |
|
np-ssl* |
NP SSL |
725 |
|
ospf |
OSPF Routing |
318, 409, 503, 613 |
|
password-encryption* |
Password Encryption |
742 |
|
phone-proxy* |
Phone Proxy |
337 |
|
rip |
RIP Routing |
107, 312 |
|
rm |
Resource Manager |
321 |
|
scansafe* |
ScanSafe |
775 |
|
session |
User Session |
106, 108, 201, 202, 204, 302, 303, 304, 305, 314, 405, 406, 407, 500, 502, 607, 608, 609, 616, 620, 703, 710 |
|
smart-call-home* |
Smart Call Home |
120 |
|
snmp |
SNMP |
212 |
|
ssl |
SSL Stack |
725 |
|
svc |
SSL VPN Client |
722 |
|
sys |
System |
199, 211, 214, 216, 306, 307, 315, 414, 604, 605, 606, 610, 612, 614, 615,701, 711, 741 |
|
tag-switching |
Service Tag Switching |
779 |
|
threat-detection* |
Threat Detection |
733 |
|
transactional-rule-engine-tre* |
Transactional Rule Engine |
780 |
|
uc-ims* |
UC-IMS |
339 |
|
vm |
VLAN Mapping |
730 |
|
vpdn |
PPTP and L2TP Sessions |
213, 403, 603 |
|
vpn |
IKE and IPsec |
316, 320, 402, 404, 501, 602, 702, 713, 714, 715 |
|
vpnc |
VPN Client |
611 |
|
vpnfo |
VPN Failover |
720 |
|
vpnlb |
VPN Load Balancing |
718 |
|
vxlan* |
VXLAN |
778 |
|
webfo |
WebVPN Failover |
721 |
|
webvpn |
WebVPN and Secure Client |
716 |
*These classes are provisioned in the management center web interface to facilitate creation of event lists. These classes are not displayed on the device console.