Cisco ESA Syslog Structure

Cisco ESA appliances produce log messages based on the following format.

<Level>: <Module> : <Message text>

In order to correctly identify various log types, log messages should be prepended with a custom syslog header, like below.

Month Monthday Time Device_serial_logtype: <Level>: <Module> : <Message text>

Where logtype depends on the appliace module generating the log in compliance to the following table:

Appliance Module Logtype Content
Status STATUS Performance logs
Anti-Spam SPAM Anti-spam modules system logs
Update scheduler UPDATER System update logs
E-mail quarantine SPAMQUARANTINE Provisional quarantine logs

Log message texts are usually free-form text, but can vary depending on log type:

Logtype Message format
STATUS Space-separated/space-delimited key-value pairs
SPAM Free-form text
UPDATER Free-form text

For a complete list of possible log types and messages, please refer to (Cisco ESA) AsyncOS 9.7 for Email User Guide