ULDP Log Types
ULDP defines several log types, each suited for distinct collection technologies and products.
Irrespective of its type, each log message contains at least:
ULDP log types are:
- Syslog Message
- This is implemented by the
UldpSyslogMessage class.
The only specific property is the log message itself.
For the products supported by LogLogic LMI and collected through Syslog, the source type will be automatically identified, similar to when logs are transmitted using Syslog to the LogLogic LMI appliance.
- Realtime LogFile Message
- This is implemented by the
UldpFileTailMessage class. This type is used for sending files line by line, as they are written into the file. Each line should have its own message.
Two properties must be defined: the content of the line itself and an appName (application name). LogLogic LMI uses the appName field to identify the source type. LogLogic LMI recognizes the following values for this field:
Even for unknown products, using this parameter enables easily retrieving different logs belonging to the same application, because this value is part of the message that LogLogic LMI ingests.Value of appName Description TIBCO ADMIN TIBCO AdministratorTM AMXAdmin TIBCO ActiveMatrix® Administrator TIBCO EMS TIBCO Enterprise Message ServiceTM Server HawkAgent TIBCO Hawk® Business Works TIBCO BusinessWorksTM TIBCO BE TIBCO BusinessEvents® Server TIBCO AMX BPM TIBCO ActiveMatrix® BPM TIBCO APIX TIBCO® API Exchange TIBCO SILVER FABRIC TIBCO Silver® Fabric TIBCO ActiveSpaces TIBCO ActiveSpaces® TIBCO TIBCO Generic - FileChunk Message
- A sequence of file chunk messages to send the content of a file in raw form. The eof attribute of the last file chunk must be set to true. A file identifier must be provided, which reflects both the location of the file and its content. If several overlapping chunks with the same fileIdentifier are sent, the last ones will be ignored. If a file at the same location has different content than before, the file identifier should be changed. One way to achieve this is to create a compound file identifier with <file path>:<checksum>. Using this type of message is the only way to send logs in which the dates are extracted from the log message and are not assumed to be the current date, as is the case with other ULDP messages. This mechanism is similar to the file-pull mechanism in LogLogic LMI. The maximum size of a file chunk can be 50 KB.
| FormatType | Name |
|---|---|
| 0 | Cisco ACS Failed Attempts |
| 1 | Cisco ACS Passed Authentication |
| 2 | Cisco ACS RADIUS Accounting |
| 3 | Cisco ACS TACACS+ Accounting |
| 4 | Cisco ACS Administration Audit |
| 6 | Microsoft IAS |
| 7 | Microsoft ISA Web (W3C) |
| 9 | Generic W3C |
| 10 | Others |
| 11 | W3C (NetCache) |
| 12 | W3C (BlueCoat) |
| 13 | Squid Native |
| 14 | MS Exchange 2003 Tracking Log |
| 15 | MS Exchange 2000 Tracking Log |
| 16 | MS Exchange 2003 SMTP (W3C) |
| 17 | MS Exchange 2000 SMTP (W3C) |
| 18 | Oracle Audit Log |
| 19 | Oracle DB Log |
| 21 | Oracle Listener Log |
Copyright © Cloud Software Group, Inc. All rights reserved.