Appendix K. Log Files Format |
Events on the Server (see , p. Dr.Web Server Logging) and the Agent are logged into a text file, where every line is a separate message. The format of a message line is as follows: <year><month><day>.<hour><minute><second>.<centisecond> <message_type> [<process_id>] <thread_name> [<message_source>] <message> where: •<year><month><date>.<hour><minute><second>.<hundredth_of_second>—exact date of message entry to the log file. •<message_type>—log level: ▫ ()—instructs to inform only of the most severe errors; ▫ ()—notify of operation errors; ▫ ()—warn about errors; ▫ ()—display important information messages; ▫ ()—display information messages; ▫ (, , , )—enable tracing events. The options are displayed in the ascending order according to the level of detail. Trace instructs to log in the minimum level of detail; instructs to log in the maximum level of detail; ▫ (, , , )—instruct to log debugging events. The options are displayed in the ascending order according to the level of detail. Debug instructs to log in the minimum level of detail; instructs to log in the maximum level of detail.
•[<process_id>]—unique numerical identifier of the process within which the thread that wrote the message to the log file was executed. Under certain OS [<process_id>] may be represented as [<process_id> <thread_id>]. •<thread_name>—character representation of the thread within which the message was logged. •[<message_source>]—name of the system that initiated logging the message. The source is not always present. •<message>—text description according to the log level. It may include both a formal description of the event and the values of certain event-relevant variables. For example 20081023.171700.74 inf [001316] mth:12 [Sch] Job "Purge unsent IS events" said OK where: •20081023—<year><month><date>, •171700—<hour><minute><second>, •74—<hundredth_of_second>, •inf—<message_type>, •[001316]—[<process_id>], •mth:12—<thread_name>, •[Sch]—[<message_source>], •Task "Purge unsent IS events" said OK—<message> about the correct performance of the events task. 20081028.135755.61 inf [001556] srv:0 tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193 where: •20081028—<year><month><date>, •135755—<hour><minute><second>, •61—<hundredth_of_second>, •inf—<message_type>, •[001556]—[<process_id>], •srv:0—<thread_name>, •tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193—<message> about having established a new connection through the specified socket.
|