Reference: CEF message format - Adaptive Applications - BlueCat Gateway - 22.1

BlueCat Distributed DDNS Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.1
When configuring remote logging, the log files are sent in CEF format. The following represents the format of the CEF message:
Jan 18 11:07:54 host CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension]
Where each field represents the following:
  • Version—an integer value that identifies the version of the CEF format. The current CEF version is 0.
  • Device Vendor—a string that uniquely identifies the type of device sending the log message. The value is BCN.
  • Device Product—a string that uniquely identifies the type of device sending the log message. The value is D-DDNS.
  • Device Version—a string that uniquely identifies the type of device sending the log message. The value is 22.1.
  • Device Event Class ID—a string or integer that uniquely identifies the event-type. In Distributed DDNS, this value represents the type of container that sends the message. The value can be one of the following: DDNS_APP, DDNS_SERVICE, or DDNS_DATABASE.
  • Name—a string representing the description of the event. In Distributed DDNS, the name is provided with an event type of a program running on a specific container.
    If the Device Event Class ID is DDNS_APP, the value of Name is one of the following:
    • [app]: Application feature events.
    • [session]: Events that occur where there are requests to the application or Address Manager.
    • [auth]: Authorization events.
    • SCHEDULE_TASK: Events where the scheduler running is assigned tasks.
    • DO_REQUEST_TO_SC: Events that occur where there are requests to the services control.
    • DDNS_APP: Events related to the Distributed DDNS UI.
    If the Device Event Class ID is DDNS_SERVICE, the value of Name is one of the following:
    • DDNS_RECEIVER: Events related to the DDNS receiver service. It listens and processes the DNS update messages from the clients.
    • DDNS_PROCESSOR: Events related to the DDNS processor service. It receives the DNS update messages from the queue and sends them to the DNS service, and writes the information to the database.
    • QUEUE_SERVICE: Events related to the internal queue service used by the DDNS receiver and DDNS processor.
    • ZEBRA: Events related to the Anycast service.
    • BGP: Events related to Anycast BGP service.
    • OSPF: Events related to Anycast OSPF service.
    • OSPF6: Events related to Anycast OSPFv3 service.
    • SERVICE_CONTROL: Events related to the web server that received particular requests to perform set actions.
    • SYNC_DDNS_CONFIG: Events related to an internal program that synchronizes the DDNS configuration in the Memcached server with the DDNS configuration in the database.
    • MEMCACHED: Events related to the Memcached server. It is an internal program that stored cached data.
    If the Device Event Class ID is DDNS_DATABASE, the value of Name is one of the following:
    • SYNC_DATA: Events related to the service that synchronizes Address Manager data to the database.
    • DISK_MONITOR: Events related to the service that monitors disk space on the data node.
    • AUTO_BACKUP: Events related to the service that performs database backups.
    • AUTO_SCAVENGE: Events related to the service that scavenges stale records from the database and DNS server.
    • DATABASE_APP: Events related to the web server that received particular requests to perform set actions.
    • MARIADB; Events related to the database service.
  • Severity—a string or integer that reflects the importance of the event. The value can be one of the following: Low, Medium, High, and Very-High.
  • [Extension]—a field that contains a collection of key-value pairs. An event can contain multiple key-value pairs separated by spaces. The key name is as follows:
    • msg: An arbitrary message providing additional details about the event.