Events on the Server (see p. Dr.Web Enterprise Server Logging) and the Agent are logged into a text file, where every line is a separate message.
The format of a message line is as follows:
<year><month><day>.<hour><minute><second>.<centisecond> <message_type> [<process_id>] <thread_name> [<message_source>] <message>
where:
◆<year><month><date>.<hour><minute><second>.<hundredth_of_second> – exact date of message entry to the log file.
◆<message_type> – log level:
•ftl (Fatal error) — instructs to inform only of the most severe errors;
•err (Error) — notify of operation errors;
•wrn (Warning) — warn about errors;
•ntc (Notice) — display important information messages;
•inf (Info) — display information messages;
•tr0..3 (Trace, Trace 1, Trace 2, Trace 3) — enable tracing events. The options are displayed in the ascending order according to the level of detail. Trace instructs to log in the minimum level of detail; Trace 3 instructs to log in the maximum level of detail;
•db0..3 (Debug, Debug 1, Debug 2, Debug 3) — instruct to log debugging events. The options are displayed in the ascending order according to the level of detail. Debug instructs to log in the minimum level of detail; Debug 3 instructs to log in the maximum level of detail.
|
The tr0..3 (trace) and db0..3 (debug) levels of detail are applicable for messsages for Dr. Web ESS developers only. |
◆[<process_id>] – unique numerical identifier of the process within which the thread that wrote the message to the log file was executed. Under certain OS [<process_id>] may be represented as [<process_id> <thread_id>].
◆<thread_name> – character representation of the thread within which the message was logged.
◆[<message_source>] – name of the system that initiated logging the message. The source is not always present.
◆<message> – text description according to the log level. It may include both a formal description of the event and the values of certain event-relevant variables.
For example,
1) 20081023.171700.74 inf [001316] mth:12 [Sch] Job "Purge unsent IS events" said OK
where:
◆20081023 – <year><month><date>,
◆171700 – <hour><minute><second>,
◆74 – <hundredth_of_second>,
◆inf – <message_type>,
◆[001316] – [<process_id>],
◆mth:12 – <thread_name>,
◆[Sch] – [<message_source>],
◆Job "Purge unsent IS events" said OK – <message> about the correct performance of the Purge unsent IS events job.
2) 20081028.135755.61 inf [001556] srv:0 tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193
where:
◆20081028 – <year><month><date>,
◆135755 – <hour><minute><second>,
◆61 – <hundredth_of_second>,
◆inf – <message_type>,
◆[001556] – [<process_id>],
◆srv:0 – <thread_name>,
◆tcp/10.3.0.55:3575/025D4F80:2: new connection at tcp/10.3.0.75:2193 – <message> about having established a new connection through the specified socket.