NetXploreIt Syslog listens to standard network syslog messages, and able to parse different message formats (as generated by different models of Cisco devices). It also provides two levels of filtering, query time and display time filtering. 

To extract Syslogs, use the “list logs” command. Specifying an IP address using the “list logs ip x.x.x.x” command will extract the latest 2K messages filtered for that specified address.

“Time Filter”: To extract messages for a specified time period, set the “From” and “To” date/time selectors (see figure below). This will extract up to 2K messages starting at the “From” timestamp.

“Severity Filter”: To extract messages filtered for one or more severities, click on the “Severity Filter” icon (see figure below) and a dialogue box will appear with a list of standard Syslog severities. You can specify the required severities by selecting/un-selecting their corresponding check boxes. A maximum of 2K messages will be extracted when using this filter (or in combination with other filters).

To apply the “Time Filter” and/or the “Severity Filter”, select the “Filter selector” check box (see figure below).

Syslog displays: Timestamp – IP-Address – Severity – Facility – Cisco ID – Message, and you can filter on any of those fields (Except for the Timestamp where the “Time Filter” must be used).

“Cisco ID” or “MNEMONIC” is provided specifically for messages generated by Cisco devices, and it has the format similar to this example message “%LINK-3-UPDOWN”. If “Cisco ID” was not included in a received syslog message, a “na” will be displayed instead.

Logs timestamp is in local time zone. If client is in different timezone than the server, then the client will display times in its local timezone (e.g if on server: 03:00:00+0:00 & client is @+4:00, then client will display 07:00:00).

The Syslog database automatically removes messages older that 14 days.