Javascript is required for MOREAL Online Documentation to function properly. Please enable Javascript by adjusting your browser settings.

Cisco ESA Syslog Structure

Cisco ESA appliances produce log messages based on the following format.

<Level>: <Module> : <Message text>

In order to correctly identify various log types, log messages should be prepended with a custom syslog header, like below.

Month Monthday Time Device_serial_logtype: <Level>: <Module> : <Message text>

Where logtype depends on the appliace module generating the log in compliance to the following table:

Appliance Module Logtype Content
Status STATUS Performance logs
Anti-Spam SPAM Anti-spam modules system logs
Update scheduler UPDATER System update logs
E-mail quarantine SPAMQUARANTINE Provisional quarantine logs

Log message texts are usually free-form text, but can vary depending on log type:

Logtype Message format
STATUS Space-separated/space-delimited key-value pairs
SPAM Free-form text
UPDATER Free-form text

For a complete list of possible log types and messages, please refer to (Cisco ESA) AsyncOS 9.7 for Email User Guide