snm.logfile manual page
Table of Contents

NAME

snm.logfile - format of Site/SunNet/Domain Manager log files

DESCRIPTION

All the programs in the Site/SunNet/Domain Manager package write log files in a standard format. The format is designed to be easy to parse, and written in ASCII, so that editors and shell scripts can operate on it.

This is the format read by the results browser, snm_br(1). The log file format is written by:

· The event dispatcher ( na.event(8) ) and report logger (
na.logger(8) ).

· The Filename option of the Console.

· The Save button of the Console's Data & Event report
windows.

· The Console's Send-to-program option.

· Folders saved by the Results Browser.

SYNTAX

If the first column of a line contains a # the line is considered a comment, and the rest of the line is ignored. The first line of the log file is #REPORTLOG-N, where N is the version of the file. SunNet Manager 1.0 log files, which did not support comments, are assumed to be version zero. SunNet Manager 1.1 and 1.2 log files are version 1.

Each entry is a newline-terminated ASCII string. Fields in the entry are separated by white space. Null strings are represented by a field containing two double quote characters. String values that contain embedded white space (tabs, spaces and newlines) or double quotes are surrounded by double quotes. A double quote is represented by two successive double quote characters, and the field that contains these characters is surrounded by double quotes. Therefore, a field of four double quotes corresponds to a single double quote, as originally returned by the agent.

The layout of the fields is:

1. Report Type - one character:

A
action report
D
data report
E
event report
K
killed (deleted) report
R
error report
S
set report

T
trap report
U
user-defined report
?
unknown report type 2. Reserved - a text string. Reserved for future use. 3. Agent IP address - machine where agent is running, in Internet dot notation, or 0.0.0.0 if no agent. 4. Agent RPC program number - 0 if the report was not generated by an agent. 5. Manager IP address - where request came from (in Internet dot notation) 6. Request timestamp (seconds since UNIX epoch) 7. Request timestamp (microseconds) 8. Time received by writer of the report (seconds since UNIX epoch) 9. Time sent by agent (seconds since UNIX epoch) 10. Delta time returned by agent (seconds field only) 11. Error code (0 for success. See netmgt_errno.h) 12. Flag:
0
more reports to come
64
last report 13. Target system name or ``'' if none given 14. Group name or ``'' if none given 15. Key name or ``'' if none given 16. Attribute List: (there can be more than one of these) 1. Attribute name 2. Attribute type
A
address (IP dot notation)
C
counter
E
enumeration (stored as an integer)
F
floating point, possibly in scientific notation
G
gauge
H
hexadecimal number
I
integer
O
object identifier (in dot notation)
S
character string
T
timeticks
U
UNIX timestamp (seconds)
X
octet string 3. Attribute value For event reports, these additional fields are given if an event has occurred for this attribute: 4. Relational operator:
==
equal to
!=
not equal to
>
greater than
>=
greater than or equal to
<
less than
<=
less than or equal to
+-
value changed

+=
increased by
+>
increased by more than
+<
increased by less than
-=
decreased by
->
decreased by more than
-<
decreased by less than 5. Threshold value 6. Event priority:
L
low priority
M
medium priority
H
high priority

Error reports look like regular reports with special attribute names. Three attribute name/type/value triples are given:

1. attribute name ``netmgt_service_error'' 2. ``I''
3. service_error value
4. attribute name ``netmgt_agent_error'' 5. ``I''
6. agent_error value
7. attribute name ``netmgt_error_message'' 8. ``S''
9. error message string

An additional field may be present to mark the end of a table row - ``netmgt_endofrow''. This field separates rows of a table in a report. It may or may not appear as the last field in an entry (some agents may not send an end-ofrow marker for the last table entry in the report).

NOTES

Some SNM agents return table keys with the pseudo- attribute ``netmgt_table_key''. If the SNM Console or Results Browser see this pseudo-attribute, they convert it into ``KEY'' for presentation to the user.

The SNMP proxy agent returns a pseudo - attribute ``netmgt_schema.'' The pseudottribute indicates the name of the SNMP schema (Note: not the name of the file) that should be used for processing data and event reports - converting enumerations to text strings, for example. If the SNM Console or Results Browser see this pseudo-attribute, they do not display it. The pseudo-attribute is not returned in traps.

For error reports, the ``netmgt_agent_error'' value is returned as an integer. The only way to find out what the value means is to refer to the agent schema file.

Determining what the enumeration values mean requires the agent schema.

Existing utilities that depend on the version 0 format can use snm_cvtlog(1) to convert the version 1 log files to the old format.


Table of Contents