Cisco Cisco Security Manager 4.11 Guia De Especificaciones
Cisco Security Manager 4.4 API Specification (Version 1.1)
OL- 29074-01
Page 145
Figure 93: Event XML Schema
4.1.2.4 Syslog PlainText Event Notifications
The notifications in the native format will be sent using the syslog protocol if the registered filterEventFormat is
specified as plainText during event subscription.
specified as plainText during event subscription.
The following example shows a configuration change notification:
[Mon Aug 29 08:30:21 IST 2011]syslog-configChange-101:10.104.52.71 SUCCEEDED in job
admin_job_2011-08-29 08:30:12.148,10.104.52.71,00000000-0000-0000-0000-017179869189,NO DOMAIN
NAME DEFINED,ios,Device,NO_OOB.
admin_job_2011-08-29 08:30:12.148,10.104.52.71,00000000-0000-0000-0000-017179869189,NO DOMAIN
NAME DEFINED,ios,Device,NO_OOB.
The following example shows a Device Status change notification:
[Thu Jan 24 20:47:59 PST 2013]syslog-deviceStatus-102:,10.104.52.71,00000000-0000-0000-0000-
042949673287,default.domain.invalid,asa,DEVICE_DOWN
042949673287,default.domain.invalid,asa,DEVICE_DOWN
The standard format for this message is
[time-stamp]<eventType>-<eventCategory>-<subscriptionId>:{Comma separated list of event details –
<content>,<srcIp>,<srcGID>,<srcDNS>,<srcOSType>,<deploymentType>,<updateType>}
<content>,<srcIp>,<srcGID>,<srcDNS>,<srcOSType>,<deploymentType>,<updateType>}
The order of elements in the comma separated list is in the order of elements in the specific event type defined in the
XML schema. If the device does not have an IP address then the string “NO IP DEFINED” (srcIP) is contained in
the message and “NO DOMAIN NAME DEFINED” is used if there is no source DNS (srcDNS).
XML schema. If the device does not have an IP address then the string “NO IP DEFINED” (srcIP) is contained in
the message and “NO DOMAIN NAME DEFINED” is used if there is no source DNS (srcDNS).