When configuring remote logging, the log files are sent in CEF format. The following
represents the format of the CEF
message:
Jan 18 11:07:54 host CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension]
Where each field represents the following:
- Version—an integer value that identifies the version of the CEF format. The current CEF version is 0.
- Device Vendor—a string that uniquely identifies the type of device sending the log message. The value is BCN.
- Device Product—a string that uniquely identifies the type of device sending the log message. The value is D-DDNS.
- Device Version—a string that uniquely identifies the type of device sending the log message. The value is 22.1.
- Device Event Class ID—a string or integer that uniquely identifies the event-type. In Distributed DDNS, this value represents the type of container that sends the message. The value can be one of the following: DDNS_APP, DDNS_SERVICE, or DDNS_DATABASE.
- Name—a string representing the description of the event. In
Distributed DDNS, the name is provided with an event type of a program running
on a specific container.If the Device Event Class ID is DDNS_APP, the value of Name is one of the following:
- [app]: Application feature events.
- [session]: Events that occur where there are requests to the application or Address Manager.
- [auth]: Authorization events.
- SCHEDULE_TASK: Events where the scheduler running is assigned tasks.
- DO_REQUEST_TO_SC: Events that occur where there are requests to the services control.
- DDNS_APP: Events related to the Distributed DDNS UI.
If the Device Event Class ID is DDNS_SERVICE, the value of Name is one of the following:- DDNS_RECEIVER: Events related to the DDNS receiver service. It listens and processes the DNS update messages from the clients.
- DDNS_PROCESSOR: Events related to the DDNS processor service. It receives the DNS update messages from the queue and sends them to the DNS service, and writes the information to the database.
- QUEUE_SERVICE: Events related to the internal queue service used by the DDNS receiver and DDNS processor.
- ZEBRA: Events related to the Anycast service.
- BGP: Events related to Anycast BGP service.
- OSPF: Events related to Anycast OSPF service.
- OSPF6: Events related to Anycast OSPFv3 service.
- SERVICE_CONTROL: Events related to the web server that received particular requests to perform set actions.
- SYNC_DDNS_CONFIG: Events related to an internal program that synchronizes the DDNS configuration in the Memcached server with the DDNS configuration in the database.
- MEMCACHED: Events related to the Memcached server. It is an internal program that stored cached data.
If the Device Event Class ID is DDNS_DATABASE, the value of Name is one of the following:- SYNC_DATA: Events related to the service that synchronizes Address Manager data to the database.
- DISK_MONITOR: Events related to the service that monitors disk space on the data node.
- AUTO_BACKUP: Events related to the service that performs database backups.
- AUTO_SCAVENGE: Events related to the service that scavenges stale records from the database and DNS server.
- DATABASE_APP: Events related to the web server that received particular requests to perform set actions.
- MARIADB; Events related to the database service.
- Severity—a string or integer that reflects the importance of the event. The value can be one of the following: Low, Medium, High, and Very-High.
- [Extension]—a field that contains a collection of key-value
pairs. An event can contain multiple key-value pairs separated by spaces. The
key name is as follows:
- msg: An arbitrary message providing additional details about the event.