All Log Central messages use a common format. This appendix discusses the following topics:
A message consists of the following components:
Message Format
The Header and Body are the message components that are available at the data collection agent. When data collection agents extract information from messages flowing into logs on the managed node, the content of each message header is determined by the mapping of log messages into Log Central message format. Each message is uniquely identified by two of the attributes in the header: Subsystem Name and a Message ID within that subsystem.
In addition to the attributes in the header, additional attributes are attached to a log message at the Central Collector. These additional attributes are those contained in the message definition, which is stored in the Log Central database. These additional attributes include the following:
The following attributes are included in the log message as sent by a data collection agent.
The log ID uses a string of up to three characters to distinguish one set of log messages from another. For example, the IDs The use of this field in Log Central messages is optional.
This attribute consists of a single character. The possible values and their recommended interpretation are as follows:
Message Attributes at the Agent
Log ID
IRX
and DCS
might distinguish messages logged by a drug claim system from those logged by a document control system. This enables logically separate log information to be maintained in a single database.
Logging Le1vel
N
-Normal message
This string indicates the date and time on the host where the message originated (not the date and time on the host where the log file resides). The format (showing month, day, hour, minute, second, and year) is:
This string is the component of the system that logs the message. The subsystem name field presupposes that your software is functionally divided into subsystems. The subsystem name must be unique throughout the entire network to identify a functional group.
The Message ID is a number in the range of 1 to 99999. This attribute identifies the type of message within a subsystem (i.e., it is unique within a subsystem, and two subsystems may include the same message ID). The message ID and the Subsystem Name together uniquely identify a message. The convention for message ID assignments is as follows.
This is the name of the network host where the message originated.
This is the numeric process identifier (PID) of the process that issued the message.
This is the user ID of the process that issued the message.
This attribute is optional. This is the name-up to 40 characters in length-of the internal function that issued the message. If this attribute is included, the recommended convention is:
Date and Time
Mmm
dd
hh
:mm
:ss
yyyy
Subsystem Name
Message ID
Host Name
Process ID
User ID
Function Name
This optional 21-character string attribute helps to correlate a message with other error messages logged during the same transaction, or with data saved in another relational database supporting an OLTP system. This field is relevant only in a case in which the application process was operating in the context of a transaction.
Log Central represents a nonexistent transaction ID with a 0 value.
The message body contains free-format information in a text format. The content of this string is determined by the developer of the application that logs the message. The maximum length of a message body is 2000 characters.
The following are attributes of the message definition. The message definition can be modified using the Message Definition Editor. For more information, refer to Chapter 9, "Using the Log Central Console."
Definitions of message types stored in the Log Central database include a message classification. The categories used to classify messages are defined by the application developer but a typical use is to categorize messages by severity.
The severity of a message is a rating used to represent the importance or impact of an event. For example, a message that indicates high usage of a print spooler reports a less severe event than a message telling you that an application server has crashed. The Log Central Central Collector assigns a severity to messages as it saves the message in the Log Central database or to generate SNMP traps. The Central Collector uses the severity classification that has been included in the message definition. By default, Log Central messages use the standard ISO severities, described in the following table.
This field gives a summary of the information in the Description field.
This attribute is a description of the condition or event that the message is reporting, such as the probable cause of a problem. The message description is contained in the message definition, not in the message header. This attribute can be modified using the Log Central Message Definition Editor.
This attribute is the recommended action to be taken when this message occurs, that is, an action that probably solves the problem. This attribute is contained in the message definition, not in the message packet that is generated by the data collection agents. You can modify this attribute, based on your past experience and particular configuration, to provide enhanced advice for future situations when the same message recurs. Use the Message Definition Editor to modify the recommendation field. For more information on using the Log Central Console, refer to Chapter 9, "Using the Log Central Console."
The value of this attribute is either You can use the Basic Trap Configuration window of the Log Central Console to configure the Central Collector to generate SNMP trap notifications. If you specify that the message definition is to be used to select which messages trigger a trap, the value of the Trap ID attribute is used as the Specific Trap value in the enterprise-specific SNMP trap packet that is generated. For more information on using the Log Central Console, refer to Chapter 9, "Using the Log Central Console."
When messages arrive at the Central Collector, they are, by default, not acknowledged. You can change the value to If a value is set for this field, the specified program or script is executed when the live message is saved into the database.
Transaction ID
Body
Attributes in the Message Definition
Severity
Summary
Description
Recommendation
Trap Generation
YES
or NO
. The Basic Trap Configuration window of the Log Central Console allows you to instruct the Central Collector to generate SNMP trap notifications. If you specify that the message definition is to be used to select which messages trigger a trap, traps are generated if the value of this attribute is set to YES
For more information on using the Log Central Console, refer to Chapter 9, "Using the Log Central Console."
Trap ID
Automatic Acknowledgment Flag
acknowledged
from the Message Browser. A typical use for this attribute is to chart which system problems are currently being resolved or actively investigated. If the automatic acknowledgment flag is set to YES
, messages are automatically marked as acknowledged. Possible values are NO
or YES
.
Execute on DB Upload