Events on Dr.Web Server (see Administrator Manual, p. Dr.Web Server Log) and Dr.Web Agent are logged into a text file, where every line is a separate message.
The format of a message line is as follows:
<year><month><day>.<hour><minute><second>.<centisecond> <message_type> [<process_id>] <thread_name> [<message_source>] <message>
where:
•<year><month><date>.<hour><minute><second>.<hundredth_of_second>—exact date of message entry to the log file.
•<message_type>—log level:
▫ftl (Fatal error)—instructs to inform only of the most severe errors;
▫err (Error)—notify of operation errors;
▫wrn (Warning)—warn about errors;
▫ntc (Notice)—display important information messages;
▫inf (Info)—display information messages;
▫tr0..3 (trace0..3—tracing)—enable tracing events according to the level of detail. (Trace 3 instructs to log in the maximum level of detail);
▫db0..3 (debug0..3—debugging)—instruct to log debugging events according to the level of detail (Debug 3 instructs to log in the maximum level of detail).
|
The tr0..3 (trace) and db0..3 (debug) levels of detail are applicable for messages for Dr.Web Enterprise Security Suite developers only. |
•[<process_id>]—unique numerical identifier of the process within which the thread that wrote the message to the log file was executed. Under certain OS [<process_id>] may be represented as [<process_id> <thread_id>].
•<thread_name>—character representation of the thread within which the message was logged.
•[<message_source>]—name of the system that initiated logging the message. The source is not always present.
•<message>—text description according to the log level. It may include both a formal description of the event and the values of certain event-relevant variables.
For example:
1.20081023.171700.74 inf [001316] mth:12 [Sch] Job "Purge unsent IS events" said OK
where:
•20081023—<year><month><date>,
•171700—<hour><minute><second>,
•74—<hundredth_of_second>,
•inf—<message_type>,
•[001316]—[<process_id>],
•mth:12—<thread_name>,
•[Sch]—[<message_source>],
•Task "Purge unsent IS events" said OK—message about the correct performance of the Purge unsent events events task.
2.20081028.135755.61 inf [001556] srv:0 tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193
where:
•20081028—<year><month><date>,
•135755—<hour><minute><second>,
•61—<hundredth_of_second>,
•inf—<message_type>,
•[001556]—[<process_id>],
•srv:0—<thread_name>,
•tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193—message about having established a new connection through the specified socket.