Skip to main content
Versa Networks

Analytics Log Collector Log Types Overview

Versa-logo-release-icon.png For supported software information, click here.

The Analytics log collector exporter (LCE) program enables an Analytics node to collect logs in IPFIX format from multiple Versa Operating SystemTM (VOSTM) devices. You can configure the log collector exporter to export the logs in syslog format to one or more third-party collectors.

For information about configuring the log collector exporter, see Set Up Analytics in Perform Initial Software Configuration, and see Configure Log Collectors and Log Exporter Rules.

The following table summarizes the log messages and event types you can export from the Analytics log collector exporter. The table contains the following columns:

  • Exporter Rule Log Type—Name used for the log type when you are configuring exporter rules.
  • Syslog Identifier—Names of the syslog identifiers associated with the exporter rule log type. The syslog identifier is the label that VOS devices include in the syslog messages that they generate for a feature or service.
  • Description—Description of the information in the logs.
  • Supported Releases—VOS software releases in which the exporter rule log type is supported.

Exporter Rule
Log Type

Syslog Identifier Description Supported Releases

Access Circuits

access-circuit-log

sdwanAccCktInfoLog

SD-WAN WAN link information logs for access circuits.

For syslog message field descriptions, see SD-WAN WAN Link Information Logs.

Releases 21.1.1 and later

ADC

adc-log

adcL4Log

Application delivery controller (ADC) load balancer logs, which are part of ADC configuration.

To export from a VOS device, select a LEF profile when configuring an ADC service. See Configure an Application Delivery Controller.

For syslog message field descriptions, see ADC Logs.

Releases 21.1.1 and later

Alarms

alarm-log 

alarmLog 

Alarms generated by VOS devices.

For Releases 21.2 and earlier, VOS devices automatically export their alarm logs to the default LEF profile destination. For Releases 22.1.1 and later, you can designate a LEF profile to be used for alarms. If none is designated, then alarms are exported to the default LEF profile destination. See Configure a LEF Profile in Configure Log Export Functionality.

For syslog message field descriptions, see Alarm Logs.

Releases 20.2 and later

Antivirus

anti-virus-log

avLog

Antivirus logs.

To export from a VOS device, see Configure Antivirus (Malware) Threat Logging in Apply Log Export Functionality.

For syslog message field descriptions, see Antivirus Logs.

Releases 21.1.1 and later

ATP

sandbox-log

sandboxLog

Advanced threat protection (ATP) sandbox logs.

For syslog message field descriptions, see ATP Logs.

Releases 22.1.3 and later

Authentication

auth-log

 

authEventLog
authPolicyLog

Authentication event and policy logs. Authentication event logs are generated when a user is authenticated using LDAP or SAML. Authentication policy logs are generated when user traffic hits an authentication policy and an action is taken.

To export from a VOS device, select a LEF profile when configuring an authentication profile. See Configure User and Group Policy.

For syslog message field descriptions, see Authentication Event Logs and Authentication Policy Logs.

Releases 21.1.1 and later

SD-WAN Rule, Path, and Bandwidth Usage

bw-mon-log

bwMonLog

SD-WAN rule, path usage, and bandwidth logs per WAN link.

To export from a VOS device, see SD-WAN Traffic Monitoring Summary Logging.

For syslog message field descriptions, see SD-WAN Rule and Path Usage Monitoring Logs.

Releases 20.2 and later
 
intfUtilLog

WAN link interface utilization logs, which are generated by the tenant that owns the appliance.

VOS devices automatically export the logs to the default LEF profile destination.

For syslog message field descriptions, see WAN Interface Utilization Logs.

Releases 20.2 and later
 

CASB

casb-log

casbLog

Cloud access security broker (CASB) logs.

For syslog message field descriptions, see CASB Logs.

Releases 22.1.3 and later

CGNAT

cgnat-log

cgnatLog

NAT-44, NAT-66, port-exh, addr-exh, quota-exh, pba, and dslite logs.

To export from a VOS device, see Configure CGNAT Logging.

For syslog message field descriptions, see CGNAT Logs.

Releases 20.2 and later

QoS

cos-log

sdwanAccCktCosLog

SD-WAN access circuit information logs, which is part of default logging during connection establishment. This is used in determining quality of service (QoS).

To export from a VOS device, see Configure SD-WAN QoS Logging.

For syslog message field descriptions, see Access Circuit CoS Logs.

Releases 20.2 and later

For Releases 22.1.1 and later, you can also export QoS status logs by forwarding class, which is the combination of traffic class and queue.

DHCP

dhcp-log

dhcpRequestLog
dhcpResourceLog

DHCP protocol logs.

To export from a VOS device, see Configure DHCP Logging.

For syslog message field descriptions, see DHCP Logs.

Releases 20.2 and later

DLP

dlp-log

dlpLog

Data loss prevention (DLP) logs.

To export from a VOS device, see Configure DLP Logging.

For syslog message field descriptions, see DLP Logs.

Releases 22.1.3 and later

DNS

dns-log

 

dnsfLog

dnsfTunnelLog

 

DNS-filtering logs.

To export from a VOS device, see Configure DNS Filtering Logging in Apply Log Export Functionality.

For syslog message field descriptions, see DNS Filtering Logs.

Releases 21.1.1 and later

 

dnspChildSessLog
dnspParentSessLog

DNS proxy logs.

To export from a VOS device, see Configure DNS Proxy Logging in Apply Log Export Functionality.

Releases 21.1.1 and later

DoS

dos-log

dosThreatLog

Denial of service (DoS) protection logs.

To export from a VOS device, select a LEF profile when configuring a DoS rule. See Configure DoS Protection.

For syslog message field descriptions, see DoS Protection Logs.

Releases 21.1.1 and later

EIP

eip-log

eipUserProfLog

Endpoint information profile (EIP) logs.

To export from a VOS device, see Configure EIP Logging.

Releases 22.1.3 and later

Events

event-log

eventLog

Aggregate of SD-WAN SLA status change and SD-WAN SLA violation events that occurred in the last five minute interval on a path.

To export from a VOS device, see SD-WAN Traffic Monitoring Summary Logging

For syslog message field descriptions, see Event Logs.

Releases 20.2 and later

File Filtering

file-filter-log

fileFilterLog

File-filtering logs.

To export from a VOS device, see Configure File-Filtering Logging in Apply Log Export Functionality.

For syslog message field descriptions, see File-Filtering Logs.

Releases 21.1.1 and later

Firewall

firewall-log

 

accessLog

NGFW firewall access logs.

To export from a VOS device, see Configure Firewall Logging.

For syslog message field descriptions, see Access Logs.

Releases 20.2 and later
denyLog
sfwAccessLog

Stateful firewall and NGFW firewall deny logs.

To export from a VOS device, see Configure Firewall Logging.

Releases 21.1.1 and later

Firewall Summary

mon-log

monStatsLog

Monitoring statistics for various categories of SD-WAN and security traffic usage.

To export from a VOS device, see Configure Firewall Summary Logging in Apply Log Export Functionality.

For syslog message field descriptions, see Monitoring Statistics Logs.

Releases 20.2 and later

Flow

flow-log

flowIdLog
flowMonHttpLog
flowMonLog

Flow (session) metadata logs.

To export from a VOS device, select a LEF profile on the Enforce tab when configuring traffic-monitoring policy rules. See Configure SD-WAN Traffic and Web-Monitoring Logging.

For syslog message field descriptions, see Flow Logs.

Releases 20.2 and later

 

 

  flowMonDNSLog

DNS monitoring logs.

To from a VOS device, see Configure DNS Monitoring Logging.

For syslog message field descriptions, see Flow Logs.

Releases 22.1.1 and later support

Guest VNS

guest-vnf-log

guestVNFEventLog
guestVNFInfStatsLog
guestVNFSysLoadLog
guestVNFTopologyLog

Statistics and status related to guest VNFs (uCPEs).

VOS devices automatically export these logs to the default LEF profile destination.

 

Releases 20.2 and later

IDP

idp-log

idpLog

Intrusion detection and prevention (IDP) logs.

To export from a VOS device, select a LEF profile when configuring a vulnerability profile. See Configure Intrusion Detection and Prevention.

For syslog message field descriptions, see IDP Logs.

Releases 20.2 and later

IP Filtering

ipf-log

ipfLog

IP-filtering logs.

To export from a VOS device, see Configure IP Threats Logging.

Releases 21.1.1 and later

LTE

lte-log

lteEventLog

lteStatsLog

LTE summary logs.

VOS devices automatically export these logs to the default LEF profile destination.

Releases 21.1.1 and later

Malformed Packets

malformed-packet-log

malformedPktLog

Malformed packet logs.

Releases 21.1.1 and later

MOS

mos-log

sdwanPathMosLog

Mean opinion score (MOS) logs for an SD-WAN path.

To export from a VOS device, see Configure SD-WAN MOS Summary Logging.

Releases 21.1.1 and later

Packet Capture

packet-capture-log

pcapLog

Packet capture logs, which are sent if enabled for traffic monitoring policy rules, access policy rules for NGFW, or IDP vulnerability profile rules.

To export from a VOS device, see Configure Packet Capture Logging.

Releases 21.1.1 and later

Path Conditioning

path-cond-log

sdwanPathCondLog

SD-WAN traffic conditioning logs.

VOS devices automatically export these logs to the default LEF profile destination.

Releases 20.2 and later

sdwanTraffCondStatsLog

SD-WAN traffic conditioning logs.

VOS devices automatically export these logs to the default LEF profile destination.

Releases 21.1.1, 21.1.2, and 21.1.3 only

RBI

rbi-log

rbiLog

Remote browser isolation (RBI) logs.

 

Releases 22.1.3 and later.

SaaS Applications

active-appmon-log

activeAppMonLog

Active application performance monitoring (APM) information for SaaS application monitors, referred to as Active APM on Analytics dashboards.

To export from a VOS device, select a LEF profile when configuring a SaaS application monitor. See Configure SaaS Application Monitoring.

For syslog message field descriptions, see Active Application Performance Monitoring Logs.

Releases 22.1.1 and later

SASE for SIM (Private Mobility)

priv-mobility-log

priMobActivityLog
priMobExceptionLog

SASE-for-SIM logs. For Releases 21.2, 21.3, 22.1, 22.2, and 22.3, these are called private mobility logs.

SASE-for-SIM logs are generated by VMS clusters. To export from a VMS cluster, see Configure SASE for SIM Logging in Apply Log Export Functionality.

Releases 21.2 and later
IAEEntitlementLog Logs for the  Versa Networks identity and authentication engine (IAE). Releases 22.1.4 and later

SASE Web

sase-web-log

saseWebLog

SASE web-monitoring logs.

To export from a VOS device, see Configure SASE Web-Monitoring Logging.

For syslog message field descriptions, see SASE Web Logs.

Releases 22.1.1 and later

SD-WAN Health

sdwan-health-log

sdwanHealthLog

Appliance health information such as up and down paths and site connectivity.

For syslog message field descriptions, see SD-WAN Health Information Logs.

Releases 21.2.1 and later

Secure Access

secure-access-log

secAccGlobalStatsLog
secAccUserStatsLog

Secure access statistics.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see Secure Access Logs.

Releases 21.1.1 and later

secAccUserConnEventLog

Remote access user’s connectivity events.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see Secure Access Logs.

Releases 22.1.1 and later

secAccUserRegEventLog

Registration event when a user registers with the secure access gateway for the first time.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see Secure Access Logs.

Releases 21.2.1 and later

Site Information

site-info-log

sdwanBranchInfoLog

SD-WAN site information logs.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see SD-WAN Branch Branch Information Logs.

Releases 21.1.1 and later

Site List

site-list-log

sdwanSiteListLog

Logs sent by Controller nodes to provide a list of connected devices.

VOS devices automatically export these logs to the default LEF profile destination.

Releases 21.1.1 and later

Site Status

site-status-log

sdwanSiteStatusLog

SD-WAN site status Up/Down event logs sent by Controller nodes.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see Site Availabilty Logs.

Releases 20.2 and later

SLA Violations

sla-path-violation-log

sdwanSlaPathViolLog

SD-WAN SLA per-flow path violation logs.

To export these logs from a VOS device, see Configure SD-WAN SLA Violations Logging.

For syslog message fields descriptions, see SD-WAN SLA Violation Logs.

Releases 21.1.1 and later

SLA Metrics

slam-log

sdwanB2BSlamLog

Path-level SD-WAN SLA branch-to-branch metrics logs.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see SD-WAN Branch-to-Branch SLA Measurement Logs.

Releases 20.2 and later

Service Node Groups

sng-log

sngLog

Service node group statistics.

VOS devices automatically export these logs to the default LEF profile destination.

Releases 20.2 and later

SSL

ssl-log

sslSessionLog
vsfProfileLog

SSL decryption and SSL proxy logs.

Releases 21.1.1 and later

System Load

system-load-log

systemLoadLog

Device health monitoring logs.

VOS devices automatically export these logs to the default LEF profile destination.

For syslog message field descriptions, see System Load Logs.

Releases 20.2 and later

TCP Application Monitoring

tcp-appmon-log

 

 

tcpAppMonLog

TCP application performance monitoring (APM) logs, referred to as passive APM on Analytics dashboards. For Releases 22.1.1 and later, logs can include APM information for non-TCP applications.

To export these logs from a VOS device, select a LEF profile for performance monitoring when you configure traffic monitoring policy. See Configure Historical APM.

For syslog message field descriptions, see Passive Application Performance Monitoring Logs.

Releases 20.2 and later

 

Traffic Detection

tdf-log

tdfPeakBwLog
tdfTcpPerfLog
tdfUsageReport

Traffic detection function logs.

Releases 21.1.1 and later

Threats

threat-log

avLog

idpLog

ipfLog

urlfLog

Antivirus, intrusion detection and prevention (IDP), IP-filtering, and URL-filtering logs.

To export from a VOS device, see Configure Threat Logging in Apply Log Export Functionality.

For syslog message field descriptions, see Flow Logs.

Releases 20.2 and later
dosThreatLog

Denial-of-service (DoS) threat logs.

To export from a VOS device, see Configure DDoS Threats Logging in Apply Log Export Functionality.

For syslog message field descriptions, see DoS Protection Logs.

Releases 20.2 and later

Traffic Conditioning

traffic-cond-log

sdwanTraffCondStatsLog

SD-WAN traffic-conditioning logs.

Releases 21.1.1 and later

TWAMP

twamp-log

twampSenderSessLog

Two-way Active Measurement Protocol (TWAMP) logs.

To export from a VOS device, see Configure TWAMP Logging.

For syslog message field descriptions, see TWAMP Logs.

Releases 21.2.1 and later

URL Filtering

urlf-log

urlfLog

URL-filtering logs.

To export these logs from a VOS device, see Configure URL-Filtering Threats Logging in Apply Log Export Functionality.

For syslog message field descriptions, see URL-Filtering Logs.

Releases 21.1.1 and later

WiFi

wifi-log

wifiClientStatsLog

WiFi logs.

To export from a VOS device, click Default LEF Profile when you configure WLAN. See Configure the WLAN in Configure WiFi.

For syslog message field descriptions, see WiFi Logs.

Releases 21.2.1 and later

 

Supported Software Information

Releases 20.2 and later support all content described in this article, except:

  • Release 21.1.1 adds support for a number of log types, as listed in the table above.
  • Release 21.2.1 adds support for a number of log types, as listed in the table above.
  • Release 22.1.1 adds support for a number of log types, as listed in the table above; SD-WAN APM logs can include information for non-TCP applications. You can designate a LEF profile to be used for alarm logs.
  • Release 22.1.3 adds support for a number of log types, as listed in the table above.
  • Release 22.1.4 adds support for a number of log types, as listed in the table above.
  • Was this article helpful?