Reset Search
 

 

Article

KB40143 - Syslog format changes in 8.0, 8.1, 8.2 and 8.3

« Go Back

Information

 
Last Modified Date3/20/2018 5:35 AM
Synopsis
The article describes an issue where syslog format changes in 8.0, 8.1, and 8.2.
Problem or Goal
Cause
Solution
The table below describes the changes made to the syslog format in the 8.0, 8.1 and 8.2 maintenance releases to ensure that the logs conformed to syslog standards.
 

PCS release versions

Format of the syslog message

Changes
8.0R7 and below<SYSLOG HEADER> <IVE MESSAGE>
<SYSLOG HEADER> :=
“ Juniper:”
Ex:
Juniper: 2018-09-22 16:09:19 - ive -[XX.XX.XX.XXX]admin(Admin Users)[.Administrators] - Syslog server XX.XX.XX.XXX (facility LOCAL0, filter Standard) added for Admin Access logs
 
8.0R7 and above

8.1R1 to 8.1R5
 <SYSLOG HEADER> <IVE MESSAGE>
<SYSLOG HEADER> :=
“<DATE (standard format)> :”
Ex:
2014-12-26T13:13:32+05:30 : id=firewall time="2014-12-26 13:13:32" pri=6 fw=XX.XX.XX.XXX vpn=ive user=test realm="Admin Users" roles=".Administrators" type=mgmt msg="ADM24413: SOAP logout from XX.XX.XX.XXX"
The string, "Juniper" was removed from the syslog message header and timestamp was added in the correct format in the syslog header. 

This change was made to ensure that the message adhered to the syslog standard.
8.1R6 and above<SYSLOG HEADER> <IVE MESSAGE>
<SYSLOG HEADER> :=
“<DATE (standard format)> PulseSecure:”
 
Ex:
2014-12-26T13:13:32+05:30  PulseSecure: id=firewall time="2014-12-26 13:13:32" pri=6 fw=XX.XX.XX.XXX vpn=ive user=test realm="Admin Users" roles=".Administrators" type=mgmt msg="ADM24413: SOAP logout from XX.XX.XX.XXX"
"Pulse Secure:" was added to the syslog header. 

This change was made to provide an application name in the syslog header to help identify messages that originate from a PCS device
8.2R5 and above<SYSLOG HEADER> <IVE MESSAGE>
<SYSLOG HEADER> :=
“<DATE (standard format)> HOSTNAME PulseSecure: ”

Ex:
2014-12-26T13:13:32+05:30 test.pulsesecure.net PulseSecure: id=firewall time="2016-12-26 13:13:32" pri=6 fw=XX.XX.XX.XXX vpn=ive user=test realm="Admin Users" roles=".Administrators" type=mgmt msg="ADM24413: SOAP logout from XX.XX.XX.XXX"
Hostname added.
8.3R4 and above

<SYSLOG HEADER> <IVE MESSAGE>
<SYSLOG HEADER> :=
“<DATE (standard format)> HOSTNAME PulseSecure: ”
Ex:

2017-09-22T04:55:57-04:00 test.pulsesecure.net PulseSecure: - - - id=firewall time="2017-09-22 04:55:57" pri=6 fw=10.204.53.143 vpn=ive user=admindb realm="Admin Users" roles=".Administrators" type=mgmt msg="ADM24480: Changed Major log traps in SNMP trap settings from off to on  "

 

Support RFC5424
Related Links
Attachment 1 
Created ByK. Kitajima

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255