history output-format

Sets the output format for history log records.

Syntax

[no] history <instance> output-format <template>

Syntax Description

Keyword
Description

no

(Optional) Reverts to the default output format.

instance

The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.

template

The history output format template, described below.

Defaults

The default output format is: "%d? %12t?? sub=%s?? mac=%m?? ip=%21ys?? dest=%21yd?? proto=%L?? policy=%P(%p)?? category=%C(%c)?? group=%G(%g)?? rule=%U(%u)?? button=%b?? count=%n?? stage=%S?? waited=%w?? rxbytes=%xr?? txbytes=%xt?? desc=%E?? ident=%I?? comment=%O?? host=%ah?? country=%N?? cat=%Mh?? flags=%f?? method=%am?? path=%ap?? version=%av?? timeOffset=%J?"

Note that the default format includes fields which are not used in the current product.

Usage Guidelines

The output format template consists of arbitrary text containing field substitutions. These substitutions begin with a percent sign ("%"). The list of valid substitutions is shown in the table below.

The percent sign may optionally be followed by a decimal minimum field width. The field value will be left-justified within the specified width.

A substitution, along with any surrounding text, may optionally be enclosed in question mark characters. This will cause all text between the question marks to be suppressed if no substitution is made.

The contextual help for this command may include subsitutions for fields that are not used in the current product. Only the currently supported subsitutions are included in this table.

Subsitution
Description

%d[(format)]

Date and time formatted using strftime. The default format is "%Y/%m/%d %T".

%D

Date and time formatted as "yyyy-mm-ddThh:mm:ss.xxx(Z|+/-HH:MM)".

%f

Event flags

%h

Destination host name

%H

Island host name

%i

Source IP addres

%m

Source MAC address

%Mh

Destination host category list

%N

Country code

%O

Comment

%rn

Interface name

%R

Constant random number

%t

Event type

%xr

Bytes received

%xt

Bytes transmitted

%%

Percent sign

Predefined formats:

all

All attributes in "tag=value" format

csv

All attributes in CSV format

syslog

Structured syslog

usyslog

Unstructured syslog

json

JSON

raw

Raw binary

Examples

history output-format json
history output-format "%d type=%12t mac=%m? host=%60h?? category=%Mh?"

Related Commands

Previoushistory intervalNexthistory rename

Last updated