What Information is in the System Logs?

System Log Fields:

Type

The purpose of the type field is to provide general categorization of events. This will typically be the feature that is related to the event (routing, vpn, ha, authentication, etc.)

Severity

Each event has an associated severity. The intent of the severity is to give the administrator an indication of the urgency and impact of the event. The following guidelines outline the intended meaning of each severity level:

• Critical: Indicates a failure and signals the need for immediate attention.
• High: Indicates an impending failure or condition that will impair the operation or security of the system.
• Medium: Indicates a condition that can escalate into a more serious problem.
• Low: Indication of something that might be a problem or is likely to become a problem.
• Informational: Requires no attention; provides useful information during normal operation of the system

Object

The purpose of the object field is to attach the event to any relevant configuration. For example, if there are events associated with a specific SSL-VPN portal, the object field would contain that object so that filtering could be done to quickly see all of the events related to that portal. This could be the interface, device (in the case of Panorama), the VR, etc.

Event

The event field captures the specific event that is occurring and is unique to that event.  It is very specific, but without any details of the objects and values involved in the event, which are captured by the object and description fields.

Description

The description of the event contains all of the pertinent details of the actual occurrence. This adds detail like the source IP address of a user that has authenticated, the filename of a file that was uploaded, etc. Specific events are listed by System Area in the attached file.

owner: panagent