You wish to send your syslog messages in XML format.
To enable XML-formatted syslog messages, use the following commands:
Router2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#logging console xml Router2(config)#logging monitor xml Router2(config)#logging buffered xml Router2(config)#logging host 172.25.1.1 xml Router2(config)#end Router2#
Beginning with IOS Version 12.2(15)T, Cisco introduced Extensible Markup Language (XML) formatted logging of system events and errors. XML provides a method of standardizing and consistently formatting messages, which can easily be utilized by third-party applications to extract data. When XML logging is enabled, system log messages are tagged using a standardized format. Detailed information regarding the message tagging is contained in Table 18-4.
XML tagging can be enabled on all logging facilities, including console, monitor, buffer, or remote syslog servers. However, XML tagged system messages are not as easily read or understood by humans, which means XML tagged messages are most likely sent to a remote syslog server for processing. For example, here is a typical system message created by a router in normal syslog format:
Jul 15 20:37:17.277 EDT: %SYS-5-CONFIG_I: Configured from console by ijbrown on vty0 (172.25.1.1)
The following is the same system message with XML tagging enabled:
SYS5CONFIG_IJul 15 20:37:17.277 EDTconsoleijbrown on vty0 (172.25.1.1)
As you can see, the XML tagged system message is difficult to decipher for us humans; however, the consistent tagging structure is perfectly suited for external monitoring programs to extract data. The following table breaks down the various XML tags used by Cisco to encode system messages.
|Tag applied||Item delimited|
|Entire syslog message.|
|The facility name of the log message (e.g., SYS).|
|The severity level of the message from 0 to 7, with 0 the most severe (e.g., 5).|
|The error or event message type (e.g., CONFIG_I).|
|The message sequence number.|
|The timestamp of the message, including the time and date (e.g., Jul 15 20:37:27.277 EDT).|
|The variables contained within the human readable test. Note that the full human readable is not kept. Only the individual arguments are formatted and retained. See the next section.|
|The specific arguments that are embedded within the human readable test. These arguments are sequentially numbered starting from 0 (e.g., Arg0 = console Arg1= ijbrown on vty0 (172.25.1.1) ).|
If you are unfamiliar with XML, we recommend XML Pocket Reference by Simon St.Laurent and Michael Fitzgerald (O'Reilly). A simple description of XML is that it uses special tags that define objects. One tag defines the start of an object, and a second tag defines the end of that object. For example, in Table 18-4, we indicated that the entire log message begins with the tag and ends with the same tag, but with a slash in it (). You can then nest other objects inside this object, with each object surrounded by a similar pair of tags. However, as we mentioned earlier, XML is not really intended to be human-readable.
It's possible to enable both normal system log buffering and XML tagged log buffering concurrently. To view the XML buffered log on a router, use the show log xml command:
Router2#show logging xml enabledenabled enableddisabled disableddisabled vty6(35) enableddisabled enableddisabled disableddisabled CLEAR5COUNTERSJul 16 10:09:43.832 EDTallinterfacesijbrown on vty0 (172.25.1.1) Router2#
It is also possible to send standard system log messages to one host and XML-tagged log messages to another host; however you must specify a different IP address. You cannot send both standard and XML system messages to the same host concurrently:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#logging host 172.25.1.1 xml Router2(config)#logging host 172.25.1.3 Router2(config)#end Router2#
In this example, the router is configured to send XML-tagged system messages to host 172.25.1.1, and standard system log messages to host 172.25.1.3.
Recipe 18.5; XML Pocket Reference by Simon St.Laurent and Michael Fitzgerald (O'Reilly)
Router Configuration and File Management
User Access and Privilege Levels
Handling Queuing and Congestion
Tunnels and VPNs
NTP and Time
Router Interfaces and Media
Simple Network Management Protocol
First Hop Redundancy Protocols
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications