Analytics Log Collector Log Types Overview
For supported software information, click here.
The Analytics log collector exporter (LCE) program enables an Analytics node to collect logs in IPFIX format from multiple Versa Operating SystemTM (VOSTM) devices. You can configure the log collector exporter to export the logs in syslog format to one or more third-party collectors.
For information about configuring the log collector exporter, see Set Up Analytics in Perform Initial Software Configuration, and see Configure Log Collectors and Log Exporter Rules.
The following table summarizes the log messages and event types you can export from the Analytics log collector exporter. The table contains the following columns:
- Exporter Rule Log Type—Name used for the log type when you are configuring exporter rules.
- Syslog Identifier—Names of the syslog identifiers associated with the exporter rule log type. The syslog identifier is the label that VOS devices include in the syslog messages that they generate for a feature or service.
- Description—Description of the information in the logs.
- Supported Releases—VOS software releases in which the exporter rule log type is supported.
Exporter Rule |
Syslog Identifier | Description | Supported Releases |
---|---|---|---|
Access Circuits access-circuit-log |
sdwanAccCktInfoLog |
SD-WAN WAN link information logs for access circuits. For syslog message field descriptions, see SD-WAN WAN Link Information Logs. |
Releases 21.1.1 and later |
ADC adc-log |
adcL4Log |
Application delivery controller (ADC) load balancer logs, which are part of ADC configuration. To export from a VOS device, select a LEF profile when configuring an ADC service. See Configure an Application Delivery Controller. For syslog message field descriptions, see ADC Logs. |
Releases 21.1.1 and later |
Alarms alarm-log |
alarmLog |
Alarms generated by VOS devices. For Releases 21.2 and earlier, VOS devices automatically export their alarm logs to the default LEF profile destination. For Releases 22.1.1 and later, you can designate a LEF profile to be used for alarms. If none is designated, then alarms are exported to the default LEF profile destination. See Configure a LEF Profile in Configure Log Export Functionality. For syslog message field descriptions, see Alarm Logs. |
Releases 20.2 and later |
Antivirus anti-virus-log |
avLog |
Antivirus logs. To export from a VOS device, see Configure Antivirus (Malware) Threat Logging in Apply Log Export Functionality. For syslog message field descriptions, see Antivirus Logs. |
Releases 21.1.1 and later |
ATP sandbox-log |
sandboxLog |
Advanced threat protection (ATP) sandbox logs. For syslog message field descriptions, see ATP Logs. |
Releases 22.1.3 and later |
Authentication auth-log
|
authEventLog authPolicyLog |
Authentication event and policy logs. Authentication event logs are generated when a user is authenticated using LDAP or SAML. Authentication policy logs are generated when user traffic hits an authentication policy and an action is taken. To export from a VOS device, select a LEF profile when configuring an authentication profile. See Configure User and Group Policy. For syslog message field descriptions, see Authentication Event Logs and Authentication Policy Logs. |
Releases 21.1.1 and later |
SD-WAN Rule, Path, and Bandwidth Usage bw-mon-log |
bwMonLog |
SD-WAN rule, path usage, and bandwidth logs per WAN link. To export from a VOS device, see SD-WAN Traffic Monitoring Summary Logging. For syslog message field descriptions, see SD-WAN Rule and Path Usage Monitoring Logs. |
Releases 20.2 and later |
intfUtilLog |
WAN link interface utilization logs, which are generated by the tenant that owns the appliance. VOS devices automatically export the logs to the default LEF profile destination. For syslog message field descriptions, see WAN Interface Utilization Logs. |
Releases 20.2 and later |
|
CASB casb-log |
casbLog |
Cloud access security broker (CASB) logs. For syslog message field descriptions, see CASB Logs. |
Releases 22.1.3 and later |
CGNAT cgnat-log |
cgnatLog |
NAT-44, NAT-66, port-exh, addr-exh, quota-exh, pba, and dslite logs. To export from a VOS device, see Configure CGNAT Logging. For syslog message field descriptions, see CGNAT Logs. |
Releases 20.2 and later |
QoS cos-log |
sdwanAccCktCosLog |
SD-WAN access circuit information logs, which is part of default logging during connection establishment. This is used in determining quality of service (QoS). To export from a VOS device, see Configure SD-WAN QoS Logging. For syslog message field descriptions, see Access Circuit CoS Logs. |
Releases 20.2 and later For Releases 22.1.1 and later, you can also export QoS status logs by forwarding class, which is the combination of traffic class and queue. |
DHCP dhcp-log |
dhcpRequestLog dhcpResourceLog |
DHCP protocol logs. To export from a VOS device, see Configure DHCP Logging. For syslog message field descriptions, see DHCP Logs. |
Releases 20.2 and later |
DLP dlp-log |
dlpLog |
Data loss prevention (DLP) logs. To export from a VOS device, see Configure DLP Logging. For syslog message field descriptions, see DLP Logs. |
Releases 22.1.3 and later |
DNS dns-log
|
dnsfLog dnsfTunnelLog
|
DNS-filtering logs. To export from a VOS device, see Configure DNS Filtering Logging in Apply Log Export Functionality. For syslog message field descriptions, see DNS Filtering Logs. |
Releases 21.1.1 and later
|
dnspChildSessLog dnspParentSessLog |
DNS proxy logs. To export from a VOS device, see Configure DNS Proxy Logging in Apply Log Export Functionality. |
Releases 21.1.1 and later |
|
DoS dos-log |
dosThreatLog |
Denial of service (DoS) protection logs. To export from a VOS device, select a LEF profile when configuring a DoS rule. See Configure DoS Protection. For syslog message field descriptions, see DoS Protection Logs. |
Releases 21.1.1 and later |
EIP eip-log |
eipUserProfLog |
Endpoint information profile (EIP) logs. To export from a VOS device, see Configure EIP Logging. |
Releases 22.1.3 and later |
Events event-log |
eventLog |
Aggregate of SD-WAN SLA status change and SD-WAN SLA violation events that occurred in the last five minute interval on a path. To export from a VOS device, see SD-WAN Traffic Monitoring Summary Logging For syslog message field descriptions, see Event Logs. |
Releases 20.2 and later |
File Filtering file-filter-log |
fileFilterLog |
File-filtering logs. To export from a VOS device, see Configure File-Filtering Logging in Apply Log Export Functionality. For syslog message field descriptions, see File-Filtering Logs. |
Releases 21.1.1 and later |
Firewall firewall-log
|
accessLog |
NGFW firewall access logs. To export from a VOS device, see Configure Firewall Logging. For syslog message field descriptions, see Access Logs. |
Releases 20.2 and later |
denyLog sfwAccessLog |
Stateful firewall and NGFW firewall deny logs. To export from a VOS device, see Configure Firewall Logging. |
Releases 21.1.1 and later | |
Firewall Summary mon-log |
monStatsLog |
Monitoring statistics for various categories of SD-WAN and security traffic usage. To export from a VOS device, see Configure Firewall Summary Logging in Apply Log Export Functionality. For syslog message field descriptions, see Monitoring Statistics Logs. |
Releases 20.2 and later |
Flow flow-log |
flowIdLog |
Flow (session) metadata logs. To export from a VOS device, select a LEF profile on the Enforce tab when configuring traffic-monitoring policy rules. See Configure SD-WAN Traffic and Web-Monitoring Logging. For syslog message field descriptions, see Flow Logs. |
Releases 20.2 and later
|
flowMonDNSLog |
DNS monitoring logs. To from a VOS device, see Configure DNS Monitoring Logging. For syslog message field descriptions, see Flow Logs. |
Releases 22.1.1 and later support | |
Guest VNS guest-vnf-log |
guestVNFEventLog guestVNFInfStatsLog guestVNFSysLoadLog guestVNFTopologyLog |
Statistics and status related to guest VNFs (uCPEs). VOS devices automatically export these logs to the default LEF profile destination.
|
Releases 20.2 and later |
IDP idp-log |
idpLog |
Intrusion detection and prevention (IDP) logs. To export from a VOS device, select a LEF profile when configuring a vulnerability profile. See Configure Intrusion Detection and Prevention. For syslog message field descriptions, see IDP Logs. |
Releases 20.2 and later |
IP Filtering ipf-log |
ipfLog |
IP-filtering logs. To export from a VOS device, see Configure IP Threats Logging. |
Releases 21.1.1 and later |
LTE lte-log |
lteEventLog lteStatsLog |
LTE summary logs. VOS devices automatically export these logs to the default LEF profile destination. |
Releases 21.1.1 and later |
Malformed Packets malformed-packet-log |
malformedPktLog |
Malformed packet logs. |
Releases 21.1.1 and later |
MOS mos-log |
sdwanPathMosLog |
Mean opinion score (MOS) logs for an SD-WAN path. To export from a VOS device, see Configure SD-WAN MOS Summary Logging. |
Releases 21.1.1 and later |
Packet Capture packet-capture-log |
pcapLog |
Packet capture logs, which are sent if enabled for traffic monitoring policy rules, access policy rules for NGFW, or IDP vulnerability profile rules. To export from a VOS device, see Configure Packet Capture Logging. |
Releases 21.1.1 and later |
Path Conditioning path-cond-log |
sdwanPathCondLog |
SD-WAN traffic conditioning logs. VOS devices automatically export these logs to the default LEF profile destination. |
Releases 20.2 and later |
sdwanTraffCondStatsLog |
SD-WAN traffic conditioning logs. VOS devices automatically export these logs to the default LEF profile destination. |
Releases 21.1.1, 21.1.2, and 21.1.3 only | |
RBI rbi-log |
rbiLog |
Remote browser isolation (RBI) logs.
|
Releases 22.1.3 and later. |
SaaS Applications active-appmon-log |
activeAppMonLog |
Active application performance monitoring (APM) information for SaaS application monitors, referred to as Active APM on Analytics dashboards. To export from a VOS device, select a LEF profile when configuring a SaaS application monitor. See Configure SaaS Application Monitoring. For syslog message field descriptions, see Active Application Performance Monitoring Logs. |
Releases 22.1.1 and later |
SASE for SIM (Private Mobility) priv-mobility-log |
priMobActivityLog |
SASE-for-SIM logs. For Releases 21.2, 21.3, 22.1, 22.2, and 22.3, these are called private mobility logs. SASE-for-SIM logs are generated by VMS clusters. To export from a VMS cluster, see Configure SASE for SIM Logging in Apply Log Export Functionality. |
Releases 21.2 and later |
IAEEntitlementLog | Logs for the Versa Networks identity and authentication engine (IAE). | Releases 22.1.4 and later | |
SASE Web sase-web-log |
saseWebLog |
SASE web-monitoring logs. To export from a VOS device, see Configure SASE Web-Monitoring Logging. For syslog message field descriptions, see SASE Web Logs. |
Releases 22.1.1 and later |
SD-WAN Health sdwan-health-log |
sdwanHealthLog |
Appliance health information such as up and down paths and site connectivity. For syslog message field descriptions, see SD-WAN Health Information Logs. |
Releases 21.2.1 and later |
Secure Access secure-access-log |
secAccGlobalStatsLog secAccUserStatsLog |
Secure access statistics. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see Secure Access Logs. |
Releases 21.1.1 and later |
secAccUserConnEventLog |
Remote access user’s connectivity events. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see Secure Access Logs. |
Releases 22.1.1 and later |
|
secAccUserRegEventLog |
Registration event when a user registers with the secure access gateway for the first time. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see Secure Access Logs. |
Releases 21.2.1 and later | |
Site Information site-info-log |
sdwanBranchInfoLog |
SD-WAN site information logs. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see SD-WAN Branch Branch Information Logs. |
Releases 21.1.1 and later |
Site List site-list-log |
sdwanSiteListLog |
Logs sent by Controller nodes to provide a list of connected devices. VOS devices automatically export these logs to the default LEF profile destination. |
Releases 21.1.1 and later |
Site Status site-status-log |
sdwanSiteStatusLog |
SD-WAN site status Up/Down event logs sent by Controller nodes. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see Site Availabilty Logs. |
Releases 20.2 and later |
SLA Violations sla-path-violation-log |
sdwanSlaPathViolLog |
SD-WAN SLA per-flow path violation logs. To export these logs from a VOS device, see Configure SD-WAN SLA Violations Logging. For syslog message fields descriptions, see SD-WAN SLA Violation Logs. |
Releases 21.1.1 and later |
SLA Metrics slam-log |
sdwanB2BSlamLog |
Path-level SD-WAN SLA branch-to-branch metrics logs. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see SD-WAN Branch-to-Branch SLA Measurement Logs. |
Releases 20.2 and later |
Service Node Groups sng-log |
sngLog |
Service node group statistics. VOS devices automatically export these logs to the default LEF profile destination. |
Releases 20.2 and later |
SSL ssl-log |
sslSessionLog vsfProfileLog |
SSL decryption and SSL proxy logs. |
Releases 21.1.1 and later |
System Load system-load-log |
systemLoadLog |
Device health monitoring logs. VOS devices automatically export these logs to the default LEF profile destination. For syslog message field descriptions, see System Load Logs. |
Releases 20.2 and later |
TCP Application Monitoring tcp-appmon-log
|
tcpAppMonLog |
TCP application performance monitoring (APM) logs, referred to as passive APM on Analytics dashboards. For Releases 22.1.1 and later, logs can include APM information for non-TCP applications. To export these logs from a VOS device, select a LEF profile for performance monitoring when you configure traffic monitoring policy. See Configure Historical APM. For syslog message field descriptions, see Passive Application Performance Monitoring Logs. |
Releases 20.2 and later
|
Traffic Detection tdf-log |
tdfPeakBwLog tdfTcpPerfLog tdfUsageReport |
Traffic detection function logs. |
Releases 21.1.1 and later |
Threats threat-log |
avLog idpLog ipfLog urlfLog |
Antivirus, intrusion detection and prevention (IDP), IP-filtering, and URL-filtering logs. To export from a VOS device, see Configure Threat Logging in Apply Log Export Functionality. For syslog message field descriptions, see Flow Logs. |
Releases 20.2 and later |
dosThreatLog |
Denial-of-service (DoS) threat logs. To export from a VOS device, see Configure DDoS Threats Logging in Apply Log Export Functionality. For syslog message field descriptions, see DoS Protection Logs. |
Releases 20.2 and later | |
Traffic Conditioning traffic-cond-log |
sdwanTraffCondStatsLog |
SD-WAN traffic-conditioning logs. |
Releases 21.1.1 and later |
TWAMP twamp-log |
twampSenderSessLog |
Two-way Active Measurement Protocol (TWAMP) logs. To export from a VOS device, see Configure TWAMP Logging. For syslog message field descriptions, see TWAMP Logs. |
Releases 21.2.1 and later |
URL Filtering urlf-log |
urlfLog |
URL-filtering logs. To export these logs from a VOS device, see Configure URL-Filtering Threats Logging in Apply Log Export Functionality. For syslog message field descriptions, see URL-Filtering Logs. |
Releases 21.1.1 and later |
WiFi wifi-log |
wifiClientStatsLog |
WiFi logs. To export from a VOS device, click Default LEF Profile when you configure WLAN. See Configure the WLAN in Configure WiFi. For syslog message field descriptions, see WiFi Logs. |
Releases 21.2.1 and later |
Supported Software Information
Releases 20.2 and later support all content described in this article, except:
- Release 21.1.1 adds support for a number of log types, as listed in the table above.
- Release 21.2.1 adds support for a number of log types, as listed in the table above.
- Release 22.1.1 adds support for a number of log types, as listed in the table above; SD-WAN APM logs can include information for non-TCP applications. You can designate a LEF profile to be used for alarm logs.
- Release 22.1.3 adds support for a number of log types, as listed in the table above.
- Release 22.1.4 adds support for a number of log types, as listed in the table above.
Additional Information
Active Application Performance Monitoring Logs
Alarm Logs
Apply Log Export Functionality
Configure an Application Delivery Controller
Configure Application Performance Monitoring
Configure DoS Protection
Configure Intrusion Detection and Prevention
Configure Log Collectors and Log Exporter Rules
Configure Log Export Functionality
Configure SaaS Application Monitoring
Configure WiFi
Configure Zones and Zone Protection Profiles
DoS Protection Logs
Event Logs
Flow Logs
Monitoring Statistics Logs
Passive Application Performance Monitoring Logs
Perform Initial Software Configuration
SD-WAN Logs
Secure Access Logs
TWAMP Logs
WAN Interface Utilization Logs
WiFi Logs