ULDP Log Types

ULDP defines several log types, each suited for distinct collection technologies and products.

Irrespective of its type, each log message contains at least:
  • A timestamp
  • A source address (InetAddress)
ULDP log types are:
Syslog Message
This is implemented by the UldpSyslogMessage class.

The only specific property is the log message itself.

For the products supported by LogLogic LMI and collected through Syslog, the source type is automatically identified, similar to when logs are transmitted using Syslog to the LogLogic LMI appliance.

Realtime LogFile Message
This is implemented by the UldpFileTailMessage class. This type is used for sending files line by line, as they are written into the file. Each line should have its own message.

Two properties must be defined: the content of the line itself and an appName (application name). LogLogic LMI uses the appName field to identify the source type. LogLogic LMI recognizes the following values for this field:

Value of appName Description
AMXAdmin TIBCO ActiveMatrix® Administrator
Business Works TIBCO BusinessWorksTM
HawkAgent TIBCO Hawk®
TIBCO TIBCO Generic
TIBCO ADMIN TIBCO AdministratorTM
TIBCO AMX BPM TIBCO ActiveMatrix® BPM
TIBCO APIX TIBCO® API Exchange
TIBCO ActiveSpaces TIBCO ActiveSpaces®
TIBCO BE TIBCO BusinessEvents® Server
TIBCO EMS TIBCO Enterprise Message ServiceTM Server
TIBCO SILVER FABRIC TIBCO Silver® Fabric
Even for unknown products, using this parameter enables easily retrieving different logs belonging to the same application because this value is part of the message that LogLogic LMI ingests.
FileChunk Message
A sequence of file chunk messages to send the content of a file in raw form. The eof attribute of the last file chunk must be set to true. A file identifier must be provided, which reflects both the location of the file and its content. If several overlapping chunks with the same fileIdentifier are sent, the last ones are ignored. If a file at the same location has different content than before, the file identifier should be changed. One way to achieve this is to create a compound file identifier with <file path>:<checksum>. Using this type of message is the only way to send logs in which the dates are extracted from the log message and are not assumed to be the current date, as is the case with other ULDP messages. This mechanism is similar to the file-pull mechanism in LogLogic LMI. The maximum size of a file chunk is 50 KB.
File format of supported file devices. The following table lists the file format of supported file devices, when files are to be collected via LogLogic Universal Collector or via the ULDP library when sent over ULDP.
FormatType Name
0 Cisco ACS Failed Attempts
1 Cisco ACS Passed Authentication
2 Cisco ACS RADIUS Accounting
3 Cisco ACS TACACS+ Accounting
4 Cisco ACS Administration Audit
6 Microsoft IAS
7 Microsoft ISA Web (W3C)
9 Generic W3C
10 Others
11 W3C (NetCache)
12 W3C (BlueCoat)
13 Squid Native
14 MS Exchange 2003 Tracking Log
15 MS Exchange 2000 Tracking Log
16 MS Exchange 2003 SMTP (W3C)
17 MS Exchange 2000 SMTP (W3C)
18 Oracle Audit Log
19 Oracle DB Log
21 Oracle Listener Log