Syslog Message Format

When the Network Time Protocol (NTP) is enabled, a timestamp string [hour:minutes:seconds.msec] is added to all Syslog messages, for example (in bold):

10:44:11.299 10.15.77.55 local0.notice [S=511941] [SID=50dcb2:31:12079] (N 483455) ReleaseAddress. IPv4IF=1 IPv6IF=-1 Port=7500 [Time:10-09@09:42:56.938]

The device that generated the Syslog message, defined by IP address.

Each Syslog message is generated with a severity level in the format <FacilityCode.Severity>, for example:

10:44:11.299 10.15.77.55 local0.notice [S=511941] [SID=50dcb2:31:12079] (N 483455) ReleaseAddress. IPv4IF=1 IPv6IF=-1 Port=7500 [Time:10-09@09:42:56.938]

The severity level can be one of the following:

Note:

By default, Syslog messages are sequentially numbered in the format [S=<number>], for example, "[S=538399]". A skip in the number sequence of messages indicates a loss in message packets. The following example of a Syslog shows two missing messages (S=538402 and S=538403):

12:11:42.709 10.15.77.55 local0.notice [S=538399] [SID=50dcb2:31:12754] (N 508552) CAC: Remove SBC Outgoing Other, IPG 2 (Teams): 0, SRD 0 (DefaultSRD): 0, SipIF 1 (Teams): 0 [Time:10-09@11:10:28.848]

12:11:42.709 10.15.77.55 local0.notice [S=538400] [SID=50dcb2:31:12754] (N 508553) States: (#2698)SBCCall[Deallocated] [Time:10-09@11:10:28.848]

12:11:42.709 10.15.77.55 local0.notice [S=538401] [SID=50dcb2:31:12754] (N 508554) CAC: Remove SBC Incoming Other, IPG 2 (Teams): 0, SRD 0 (DefaultSRD): 0, SipIF 1 (Teams): 0 [Time:10-09@11:10:28.848]

12:11:42.710 10.15.77.55 local0.notice [S=538404] [SID=50dcb2:31:12754] (N 508555) States: (#2699)SBCCall[Deallocated] [Time:10-09@11:10:28.848]

Note: To exclude the message sequence number from Syslog messages, configure the 'CDR Syslog Sequence Number' parameter to Disable (see Configuring Syslog).

The SID is a unique SIP call session and device identifier. The device identifier facilitates debugging by clearly identifying the specific device that sent the log message, which is especially useful in deployments consisting of multiple devices. In addition, the benefit of unique numbering is that it enables you to filter information (such as SIP, Syslog, and media) according to device or session ID.

The syntax of the session and device identifiers is as follows:

[SID=<last 6 characters (3 lower bytes) of MAC address>:<number of times device has reset>:<unique SID counter indicating the call session, which increments consecutively for each new session and resets to 1 after a device reset>]

For example:

10:44:11.299 10.15.77.55 local0.notice [S=511941] [SID=50dcb2:31:12079] (N 483455) ReleaseAddress. IPv4IF=1 IPv6IF=-1 Port=7500 [Time:10-09@09:42:56.938]

Where:

The BID is a unique non-SIP session related (e.g., device reset or a Trunk alarm) and device identifier. The BID value is similar to the SID (above), except that it doesn't contain the session ID. The device identifier facilitates debugging by clearly identifying the specific device that sent the log message, which is especially useful in deployments consisting of multiple devices. In addition, the benefit of unique numbering is that it enables you to filter information according to device.

The syntax of the BID is as follows:

[BID=<last 6 characters (3 lower bytes) of MAC address >:<number of times device has reset>]

For example:

11:58:30.820 10.15.77.55 local0.notice [S=534370] [BID=50dcb2:31] Activity Log: WEB: User logout. User: Admin. Session: WEB (10.15.77.100) [Time:10-09@10:57:16.360]

Where: