Loader

SYSLOG Messages

Syslog Message Format

The sylog message consists of the following fields.

Field

Description

PRI

Priority – The priority value is calculated by multiplying the Facility Level  by 8 and then adding the Severity Level.

Facility

Defines what part of the system has logged the event. Most systems all dynamic mapping of events to local use fields. The EMS and OLT support the capability to configure the Facility that is put into reported syslog events. The default is local7.

Severity

Indicates the severity level of the event in the system.

Version

Version of the syslog protocol. The version is 1, which reflects the RFC 5424 version of the protocol.

Timestamp

Timestamp of the syslog message. The timestamp reflects the time, within the local time zone of the OLT, the message was generated.

Hostname

Hostname of the syslog originator. This is the hostname of the OLT, if configured. If a hostname is not configured, the IP address of the ESU is used.

APP-NAME

Defines the device or application that originated the message. It has no semantics and is used as a filter on the collector.

PROCID

The procid is a value that is included in the messages, having no interoperable meaning except that a change in the value indicates a discontinuity in syslog reporting. Typically, it is used to give the process name of process ID. Any other relevant semantics can be used to relate the event to processes or transactions on the device.

MSGID

The message IF gives the type of message, typically used by devices like firewalls to indicate protocol and direction (TCPIN/TCPOUT). The MSGID is a string without further semantics and is intended for the filtering of messages on the collector.

STRUCTURED-DATA

Provides a mechanism to express information in a well-defined, easily parseable and interpretable data format. There are multiple usage scenarios. For example, it may express meta-information about the syslog message or application-specific information such as traffic counters or IP addresses.

SD-ELEMENT

An SD-ELEMENT consists of a name and parameter name-value pairs. The name-value pairs are referred to as “SD-PARAM”.

MSG

The MSG part contains a free-form message providing information about the event.

Note: The OLT supports a value of NIL for those fields where no values available are specified.

 

Example Syslog Messages

The following are some examples of typical messages reported to syslog.

Login Event

<38>1 2003-10-11T22:14:15.003Z 172.28.152.202 evntslog - 010001 BOM
%AUTH-INFO-LOGIN Login Successful from 192.168.122.200 for user admin

Logout Event

<38>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010002 BOM
%AUTH-INFO-LOGOUT Logout Successful from 192.168.122.200 for user admin

Login Failure

<38>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010003 BOM
%AUTH-INFO-LOGINFAILURE Login Failed from 192.168.122.200 for user joe

Debug Access

<38>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010004 BOM
%AUTH-INFO-DEBUGACCESS Debug Access Login from 192.168.122.200

Certificate Expiring

<36>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010005 BOM
%AUTH-WARN-CERTEXPIRING MDS1-6-2-4-MDU: Certificate /CN=729-EXPIRE-2HR expiring on May 15 21:31:30: 2013 CDT

Certificate Install

<36>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010006 BOM
%AUTH-INFO-CERTINSTALL MDS1-6-2-4-MDU: Trusted Anchor Certificate Installed Origin:URL.
Subject: /CN=ADMINCA1/O=EJBCA Sample/C=SE

Certificate Expired

<35>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010007 BOM
%AUTH-ERROR-CERTEXPIRED MDS1-6-2-4-MDU: Certificate Expired Origin:URL. Subject:
/CN=ADMINCA1/O=EJBCA Sample/C=SE

Certificate Invalid

<35>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 010008 BOM MDS1-6-2-4-MDU:

%AUTH-ERROR-CERTINVALID Download Device Certificate Invalid Origin:URL. Subject:

/CN=ADMINCA1/O=EJBCA Sample/C=SE

Software Download Initiated

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 020009 BOM %DNLD-INFO-SWDLINIT
Software Download Initiated to version FP27.1_015143

Software Download Completed

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 020010 BOM
%DNLD-INFO-SWDLCOMPLETE Software Download Completed of FP27.1_015044

Software Download Failed

<187>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 020011 BOM

%DNLD-ERROR-SWDLFAILED Software Download of FP27.1_015044 Failed due to XXXX

Software Switch Initiated

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 020012 BOM
%DNLD-INFO-SWSWITCH Software Switch from of FP27.1_015044 to of FP27.1_015045 Initiated

Software Switch Completed

<187>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 020013 BOM
%DNLD-INFO-SWITCHCMPLT Software Switch from of FP27.1_015044 to of FP27.1_015045 Completed

Cold Boot Initiated

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 030001 BOM
%PLATFM-INFO-COLDBOOTINIT Cold Boot of circuitpack at MDS1-X-Y-Z initiated from [EMS|CLI]

Restart

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 030001 BOM
%PLATFM-INFO-RESTART Restart of circuitpack at MDS1-X-Y-Z

CLI Command

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 035001 BOM %CLI-INFO-CLI User
XXYYZZ from x.y.z.q issued cli command show all ont

Alarm

<???>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - ID47 BOM %ALARM-WARN-ACPWRLOS
Alarm Description Text will go here

ONT Arrival

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 030003 BOM
%PLATFM-INFO-ONTARRIVE ONT Serial number XXXXXXX accepted on the PON

ONT Departure

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - 030004 BOM
%PLATFM-INFO-ONTDEPART ONT Serial number XXXXXXX is no longer ranged on the PON

Event Report

<190>1 2003-10-11T22:14:15.003CDT 172.28.152.202 evntslog - ID47 BOM ONT <Event
Description>

 

 

 

 

 

FEEDBACK: Are you happy with this material?
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.

On this page

light-box Image