|Precise timestamp||This timestamp indicates when the message was generated by the service (Web
proxy, network tunnel, network proxy, or policy). This is a more accurate timestamp
than the one generated by syslog because the logging system buffers messages
before sending them to syslog.|
This name can be changed on the Network Settings page in AMC (on the Configure
Basic Network Settings page).
Process ID (PID)
Every application that is running is assigned a process ID. This PID identifies the
application that generated the log entry.
Identifies the server process that generated the message. The possible IDs are:
ap (API server)
cp (SMA distributed cache client: policy server, client credential storage)
dc (SMA distributed cache server: policy server, client credential storage)
ev (network tunnel service—kernel component)
ew (Web proxy service)
fm (failover monitor)
kp (network tunnel kernel mode policy server interface)
ks (network tunnel kernel mode interface to SSL daemon)
kt (kernel tunnel component)
ls (log server)
ps (policy service) (Also see Auditing Access Policy Decisions)
pt (ping/traceroute tools)
up (network tunnel policy server daemon)
us (network tunnel user space SSL daemon)
The context ID is a unique value used to tie related logs from all four services (Web
proxy, network tunnel, network proxy, policy, and WorkPlace) together. You can use
the context ID to search for all messages related to a single user session. If a message
is not tied to a particular user session, it is assigned a number lower than
The first digit of this ID indicates which service originally generated the session:
0 (policy service)
1 (Web proxy service)
3 (WorkPlace service)
The message severity levels are:
Error—A problem caused the server to shut down or fail to communicate with another component. A name resolution problem at startup is logged at this level.
Warning—Something unexpected occurred that does not adversely affect the operation of the server. For example, a single failed attempt to access a RADIUS server is logged at the Info level, but if all attempts fail, an entry is added to the log file at the Warning level.
Info—A normal event that you might want to track; for example, a specific user has logged in, or has matched a given access control rule.
Verbose—Like an Info message, this level identifies normal operations, but includes the steps in a process. For example, when processing access control rules a message for each non-match is at the Verbose level, while a matched rule is identified as Info.
Indicates what part of the server logged the message.
CFG Pool Init STATIC/NAT id=1 name='HQ-pool2' gid='AV1160554493976A' ndns=2 nwins=2 nsuffix=0
|Message text||The text following all the identifying information is the message itself.
See Auditing Access Policy Decisions for an explanation of the message text for access