Log format of Conduit, Brightmail Client, Brightmail Engine, JLU Controller, and IM Relay for remote syslog

Article Id: 179467
Status: Published
Updated On: 30-01-2010 02:41
Legacy Id: HOWTO15284
Products:
Messaging Gateway
Issue/Introduction:

 

Resolution:

Log format of Conduit, Brightmail Client, Brightmail Engine, JLU Controller, and IM Relay for remote syslog

You can configure Symantec Brightmail Gateway to send Scanner log data to a remote syslog. All log messages that are sent to a remote syslog have the same prefix text.

See Standard prefix for Scanner logs sent to remote syslog.

The following table contains sample log messages for the following components in the same order listed:

  • Conduit

  • Brightmail Client

  • Brightmail Engine

  • JLU Controller

  • IM Relay

Standard prefix

Date and time

Scanner host name

Process:​[Brightmail]

(LogLevel:​PID:​ThreadID):

[EC/Source:​#:Function]

Message

Date, time, facility, log level, and IP address

Jan 15 11:34:51

scanner1

conduit:​[Brightmail]

(DEBUG:​19713.​3071461056):

[src/​rda_​controller.cc:​586:​initial​ize]

Appending HTTP header: 'Spamwall_ID: (null)'

 

Jan 15 11:36:16

scanner1

ecelerity: [Brightmail]

(DEBUG:​20132.​3082545888):

[src/sms_​dpp.c:​359:​​dpp_init]

DPP system initialized

 

Jan 15 11:37:05

scanner1

bmserver: [Brightmail]

(DEBUG:​20516.​3066324672):

[src/rhk_​hint.c:497:​rhk_hint_​parse]

rhk hint for rule 43731290 has been successfully parsed

 

Jan 15 11:38:05

scanner1

jlu-​controller: [Brightmail]

(INFO:​21145.​3071248064):

[54038]

AV definitions are up-to-date.

 

Jan 15 11:41:39

scanner1

imrelay: [Brightmail]

(DEBUG:​1668.​2723883952):

[System​Resource​Monitor.​cpp:199:​Perform​Resource​Check]

Current imrelay virtual memory size is 483004416 bytes.

See Standard prefix for Scanner logs sent to remote syslog.

Date in the format month date. Time in the format hour:minute. The time is in 24-hour clock notation.

The date and time is the date and time that the log message was recorded on the Scanner.

Name of the Scanner on which the log message was created.

Process that generated the log message, a colon, a space, and the name Brightmail in square brackets.

In parenthesis, the log level, a colon, the process ID, a period, and the thread ID, followed by a colon.

In square brackets, the error code abbreviation (EC), source code file name, line number, and function call in the source code file.

For the JLU controller this value is the internal error code number that corresponds to the log message.

Log message.


The following is a log message for one event as it would appear on the remote syslog.

01-15-2009	11:38:16	Local2.Debug	10.217.32.13	Jan  15 11:37:05

scanner1 bmserver: [Brightmail] (DEBUG:20516.3066324672):

[src/rhk_hint.c:497:rhk_hint_parse] rhk hint for rule 43731290

has been successfully parsed