About Events
Note |
For detailed reference information about faults, events, errors, and system messages, see the Cisco ACI System Messages Reference Guide or the Cisco APIC Management Information Model Reference, which is a web-based application. |
-
The event is defined in the model as requiring notification.
-
The event follows a user action that is required to be auditable.
Event Objects and Logs
In the Cisco APIC Management Information Model Reference, the event package contains general event-related object classes, although some event types are found in other packages.
A loggable event is represented by an event record object, which is an immutable, stateless, and persistent MO created by the system to record the occurrence of a specific set of conditions at a given point in time. Although an event record MO is usually triggered by conditions in another MO, it is not contained by that MO but is contained in an event log.
Each new event record MO is added to one of three separate event logs, depending on the cause of the event:
-
Audit log—Holds objects that are records of user-initiated events such as logins and logouts (
aaa:SessionLR
) or configuration changes (aaa:ModLR
) that are required to be auditable. -
Health score log—Holds records of changes in the health score (
health:Record
) of the system or components. -
Event log—Holds records of other system-generated events (
event:Record
) such as link state transitions.
Each log collects and
retains event records. An event MO remains in the log until it is purged when
the log reaches capacity and space is needed for new event records. The
retention and purge behavior for each log is specified in a record retention
policy (event:ARetP
) object associated with each log.
The creation of an event record object can also trigger the export of record details to an external destination by syslog, SNMP trap, or other methods.
Event Properties
The system provides detailed information about each event object. This table describes the event properties:
Property | Description |
---|---|
code | The event code. |
id | The unique identifier assigned to the event. |
affected | The MO associated with the event. |
cause | The probable cause category (for example, transition). |
trigger | The generating activity for the event (for example, user, operation, or session). |
severity | The severity level of the event. Events are of severity level 'info.' |
created | The day and time when the event occurred. |
descr | The description of the event. |
Event Life Cycle
APIC event MOs are stateless. An event MO created by the APIC is never modified or cleared. An event MO is deleted by the rotation of the event log as newer events are added and log space is needed.