Appendix K. Log Files Format

Top  Previous  Next

Events on the Server (see Administrator Manual, p. Dr.Web Server Logging) and the Agent are logged into a text file, where every line is a separate message.

The format of a message line is as follows:

<year><month><day>.<hour><minute><second>.<centisecond> <message_type> [<process_id>] <thread_name> [<message_source>] <message>

where:

<year><month><date>.<hour><minute><second>.<hundredth_of_second>—exact date of message entry to the log file.

<message_type>—log level:

ftl (Fatal error)—instructs to inform only of the most severe errors;

err (Error)—notify of operation errors;

wrn (Warning)—warn about errors;

ntc (Notice)—display important information messages;

inf (Info)—display information messages;

tr0..3 (Trace, Trace 1, Trace 2, Trace 3)—enable tracing events. The options are displayed in the ascending order according to the level of detail. Trace instructs to log in the minimum level of detail; Trace 3 instructs to log in the maximum level of detail;

db0..3 (Debug, Debug 1, Debug 2, Debug 3)—instruct to log debugging events. The options are displayed in the ascending order according to the level of detail. Debug instructs to log in the minimum level of detail; Debug 3 instructs to log in the maximum level of detail.

info

The tr0..3 (trace) and db0..3 (debug) levels of detail are applicable for messsages for Dr. Web Enterprise Security Suite developers only.

[<process_id>]—unique numerical identifier of the process within which the thread that wrote the message to the log file was executed. Under certain OS [<process_id>] may be represented as [<process_id> <thread_id>].

<thread_name>—character representation of the thread within which the message was logged.

[<message_source>]—name of the system that initiated logging the message. The source is not always present.

<message>—text description according to the log level. It may include both a formal description of the event and the values of certain event-relevant variables.

For example

1) 20081023.171700.74 inf [001316] mth:12 [Sch] Job "Purge unsent IS events" said OK

where:

20081023<year><month><date>,

171700<hour><minute><second>,

74<hundredth_of_second>,

inf<message_type>,

[001316][<process_id>],

mth:12<thread_name>,

[Sch][<message_source>],

Task "Purge unsent IS events" said OK<message> about the correct performance of the Purge unsent events events task.

2) 20081028.135755.61 inf [001556] srv:0 tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193

where:

20081028<year><month><date>,

135755<hour><minute><second>,

61<hundredth_of_second>,

inf<message_type>,

[001556][<process_id>],

srv:0<thread_name>,

tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193<message> about having established a new connection through the specified socket.