All Log Central messages use a common format. This appendix discusses the following topics:

• Message Format

• Message Attributes at the Agent

• Attributes in the Message Definition

Message Format

A message consists of the following components:

• Header, containing predetermined fields of data.

• Body, containing information defined by application developers.

• Attributes in the message type definition. The message type definition is stored in the Log Central relational database.

The Header and Body are the message components that are available at the data collection agent. When data collection agents extract information from messages flowing into logs on the managed node, the content of each message header is determined by the mapping of log messages into Log Central message format. Each message is uniquely identified by two of the attributes in the header: Subsystem Name and a Message ID within that subsystem.

In addition to the attributes in the header, additional attributes are attached to a log message at the Central Collector. These additional attributes are those contained in the message definition, which is stored in the Log Central database. These additional attributes include the following:

• Severity

• Description

• Recommendation

• Trap Generation

• Trap ID

• Summary

• Automatic Acknowledgment Flag

• Execute on DB Upload

Message Attributes at the Agent

The following attributes are included in the log message as sent by a data collection agent.

Log ID

The log ID uses a string of up to three characters to distinguish one set of log messages from another. For example, the IDs IRX and DCS might distinguish messages logged by a drug claim system from those logged by a document control system. This enables logically separate log information to be maintained in a single database.

The use of this field in Log Central messages is optional.

Logging Le1vel

This attribute consists of a single character. The possible values and their recommended interpretation are as follows:

• N-Normal message

• D-Debug message

• V-Verbose message

• S-Special message

Date and Time

This string indicates the date and time on the host where the message originated (not the date and time on the host where the log file resides). The format (showing month, day, hour, minute, second, and year) is:

Mmm dd hh:mm:ss yyyy

This string is the component of the system that logs the message. The subsystem name field presupposes that your software is functionally divided into subsystems. The subsystem name must be unique throughout the entire network to identify a functional group.

Message ID

The Message ID is a number in the range of 1 to 99999. This attribute identifies the type of message within a subsystem (i.e., it is unique within a subsystem, and two subsystems may include the same message ID). The message ID and the Subsystem Name together uniquely identify a message. The convention for message ID assignments is as follows.

Host Name

This is the name of the network host where the message originated.

Process ID

This is the numeric process identifier (PID) of the process that issued the message.

User ID

This is the user ID of the process that issued the message.

Function Name

This attribute is optional. This is the name-up to 40 characters in length-of the internal function that issued the message. If this attribute is included, the recommended convention is:

• Function name if logged by a library function

• Process name if in a main process function

Transaction ID

This optional 21-character string attribute helps to correlate a message with other error messages logged during the same transaction, or with data saved in another relational database supporting an OLTP system. This field is relevant only in a case in which the application process was operating in the context of a transaction.

Log Central represents a nonexistent transaction ID with a 0 value.

Body

The message body contains free-format information in a text format. The content of this string is determined by the developer of the application that logs the message. The maximum length of a message body is 2000 characters.

Attributes in the Message Definition

The following are attributes of the message definition. The message definition can be modified using the Message Definition Editor. For more information, refer to Chapter 9, "Using the Log Central Console."

Severity

Definitions of message types stored in the Log Central database include a message classification. The categories used to classify messages are defined by the application developer but a typical use is to categorize messages by severity.

The severity of a message is a rating used to represent the importance or impact of an event. For example, a message that indicates high usage of a print spooler reports a less severe event than a message telling you that an application server has crashed. The Log Central Central Collector assigns a severity to messages as it saves the message in the Log Central database or to generate SNMP traps. The Central Collector uses the severity classification that has been included in the message definition. By default, Log Central messages use the standard ISO severities, described in the following table.

Summary

This field gives a summary of the information in the Description field.

Description

This attribute is a description of the condition or event that the message is reporting, such as the probable cause of a problem. The message description is contained in the message definition, not in the message header. This attribute can be modified using the Log Central Message Definition Editor.

Recommendation

This attribute is the recommended action to be taken when this message occurs, that is, an action that probably solves the problem. This attribute is contained in the message definition, not in the message packet that is generated by the data collection agents. You can modify this attribute, based on your past experience and particular configuration, to provide enhanced advice for future situations when the same message recurs. Use the Message Definition Editor to modify the recommendation field. For more information on using the Log Central Console, refer to Chapter 9, "Using the Log Central Console."

Trap Generation

The value of this attribute is either YES or NO. The Basic Trap Configuration window of the Log Central Console allows you to instruct the Central Collector to generate SNMP trap notifications. If you specify that the message definition is to be used to select which messages trigger a trap, traps are generated if the value of this attribute is set to YES For more information on using the Log Central Console, refer to Chapter 9, "Using the Log Central Console."

Trap ID

You can use the Basic Trap Configuration window of the Log Central Console to configure the Central Collector to generate SNMP trap notifications. If you specify that the message definition is to be used to select which messages trigger a trap, the value of the Trap ID attribute is used as the Specific Trap value in the enterprise-specific SNMP trap packet that is generated. For more information on using the Log Central Console, refer to Chapter 9, "Using the Log Central Console."

Automatic Acknowledgment Flag

When messages arrive at the Central Collector, they are, by default, not acknowledged. You can change the value to acknowledged from the Message Browser. A typical use for this attribute is to chart which system problems are currently being resolved or actively investigated. If the automatic acknowledgment flag is set to YES, messages are automatically marked as acknowledged. Possible values are NO or YES.

Execute on DB Upload

If a value is set for this field, the specified program or script is executed when the live message is saved into the database.