[Top] [Prev] [Next] [Bottom]




Logging


The logging configuration details provide the information MIMEsweeper needs on how to log its activities, both at a system level and message processing level.

MAILsweeper can be configured to create three types of log file:
MAILsweeper can also be configured to write to the Windows NT application event log during startup or disposal. See page 7-112 for details.
 
WEBsweeper uses the Windows NT application event log to log all startup and operation errors. However, it does not use the three MAILsweeper log files mentioned above. The other form of logging that WEBsweeper uses is HTTP transaction logging (default name `HS' log). See page 6-40 for details on this logging method.
 
For details on how to view the Windows NT application event log see page 6-9 for MAILsweeper, or page 6-45 for WEBsweeper.

The information required to configure the three MAILsweeper log files and to write to the Windows NT application event log is discussed in the remainder of this section. See page 6-40 for details on WEBsweeper's HTTP transaction logging.

System log

The system log contains information that is generated when MAILsweeper starts, for example the configuration options chosen and details on any start-up errors.1 The system log also records a single entry for each message processed by MAILsweeper.

A new system log is generated each day and automatically rolled over at the end of the day. The amount of information show in the system log file depends on the logging level that is set. See page 7-118 for details on logging levels.

For details on how to archive the system log files see page 6-23.

Message log

The message log is a record of processing for a particular message. This log may show the analysis, disassembly and validation details for each message component generated, depending on the logging level that is set. See page 7-118 for details on logging levels.

A message log is generated for every message processed. By default, the log file is only saved if the message is quarantined, however it can be saved for every message if required. This is achieved by setting the value of the SaveMessageLogs directive to TRUE. This directive is specified in the [Main] section of the mail configuration file, MIMESWP.CFG. See page 7-10 for details.

The location of the log files is specified by the FileRootName directive, in the [MessageLog] configuration section, see page 7-115 for details.

If the message is quarantined its message log file also stored with it, in one of the specified quarantine areas.

Debug log

The debug log file is generated for each message that MAILsweeper processes. It is only created if the SaveMsgLogs directive has a value of True. This directive is specified in the [Main] configuration section of the mail configuration file, MIMESWP.CFG. See page 7-10 for details.

By default, generation of the debug log is disabled. It can be enabled by ensuring that the DebugLog directive is no longer commented out.

That is, change:

[Logging]
;DebugLog=2

to

[Logging]
DebugLog=2

The amount of information show in the debug log file depends on the logging level that is set. See page 7-118 for details on logging levels.

For a debug log the logging level set should always be one of the higher levels, for example, Verbose or Debug.

The location of the log files is specified by the FileRootName directive, in the [DebugLog] configuration section, see page 7-115 for details.

The debug log file should be created only under instruction from technical support.

Event log

MAILsweeper and WEBsweeper are configured to write certain logging information to the Windows NT application event log. For example, all startup errors and operation errors are written to this log.2

The amount of information written to this log depends on the logging level that is set. See page 7-118 for details on logging levels.

The other form of logging WEBsweeper uses is HTTP transaction logging. See page 6-40 for details.
 
MAILsweeper can also be configured to write to the Windows NT application event log during disposal, using the Event directive. See page 7-36 for details.
 
For details on how to access the information placed in the Windows NT application event log, see page 6-9 for MAILsweeper, or page 6-45 for WEBsweeper.

Logging details for MAILsweeper and WEBsweeper are found in the [Logging]configuration section.

For MAILsweeper the [Logging]configuration section is found in the logging configuration file, LOGGING.CFG. For WEBsweeper it is found in the Web configuration file, WEBSWP.CFG.

It is recommended that you do not change any of the logging details without assistance from technical support.

[Logging] section

The [Logging] configuration section defines the log file types that are generated during processing. There is a directive listed for each log file type used.

The name of the directive specifies the log file type and the value specifies a stream number in the range 0 to 15.

For example:
[Logging]
SystemLog=0
MessageLog=1
;DebugLog=23
EventLog=3
For example:
[Logging]
EventLog=3

A semi-colon preceding the directive indicated that the log file is disabled.

Each log file type defined in this way must have a configuration section in the same file as the [Logging]section. The configuration section must have the same name as the log type.

For example:
[MessageLog]
FileRootName=C:\MSW\Log\NR%05u.LOG
NameType=NumericSeq
StreamType=UserFile
MaxLevel=Brief
For example:
[EventLog]
EventSource=WEBsweeper
EventId=3221225496
StreamType=AppEvent
MaxLevel=Brief

Each logging section must contain a certain number and type of directives. It is advised that you DO NOT remove or change the value of these directives without the assistance of technical support.

The directives a logging configuration section may use are shown on the table below:

Directive Logging section
System Message Debug Event
FileRootName
X X X
NameType
X X X
StreamType
X X X X
MaxLevel
X X X X
EventSource
X
EventId
X

It is important to ensure that the logging configuration section only lists directives that are valid for that section.

Each directive is explained on the next few pages.

FileRootName

The FileRootName directive specifies the path to the directory in which the log files are created and a string used to generate the file containing the logging information.

For example:

[MessageLog]
FileRootName=C:\MSW\Log\NR%05u.LOG

In this example the log files are created in the directory C:\MSW\Log.

The part of the string specifying the filename must contain a format token. This token is replaced by a value each time a new log file is created. In the above example the filename is NR%05u.log, the format token is %05u.

NameType

The NameType directive specifies the value that replaces the format token specified by the FileRootName directive.

For example:

[MessageLog]
FileRootName=C:\MSW\Log\NR%05u.LOG
NameType=NumericSeq

A new value is generated each time a log file is created.

Format tokens and their replacement values are shown on the table below:

Token NameType Replacement Example
%s
Date
today's date, as ddmmyy DT%s.LOG -> DT251296.LOG
%nu
NumericSeq
increasing numeric value of n digits NR%5u.LOG->

NR00001.LOG

N/A
Transient1
N/A No file produced
1 If the value specified by the NameType directive is Transient then no log file is produced. There is therefore no need for a FileRootName directive.

It is important to ensure that the correct combination of format token and NameType is used in the configuration section, according to the table shown on the previous page.

For example:

[SystemLog]
FileRootName=C:\MSW\Log\DT%s.LOG
NameType=Date

In this example, the NameType specified is Date so the format token used in the FileRootName string must be %s.

Another example is:

[MessageLog]
FileRootName=C:\MSW\Log\NR%05u.LOG
NameType=NumericSeq

In this example, the NameType specified is NumericSeq so the format token used must be %nu (where n can be any digit).

The FileRootName and NameType directives cannot be used in the [EventLog] configuration section.

StreamType

The StreamType directive specifies the type of logging stream that the log is attached to. It can have the value:

The above StreamType values are discussed on the next page.

The value of the StreamType directive depends on the type of configuration section it is being used with.

For example:
[MessageLog]
FileRootName=C:\MSW\Log\NR%05u.LOG
NameType=NumericSeq
StreamType=UserFile
MaxLevel=Brief
For example:
[EventLog]
EventSource=WEBsweeper
EventId=3221225496
StreamType=AppEvent
MaxLevel=Brief
A SystemFile log stream is used to log information that is system wide and where the management of the log is performed by the administrator. For example, daily system logs. This log stream should only be used in a [SystemLog] configuration section.
 
A UserFile log stream is used to log information that is more specific to a single operation, such as the processing of a message. The management of the log is more likely to be under the control of the application. This log stream should only be used in a [MessageLog] or [DebugLog] configuration section.
 

An AppEvent log stream results in the entry being written to the Windows NT application event log. This log stream should only be used in an [EventLog] configuration section.

A Transient log stream does not create a log file on disk.

MaxLevel

The MaxLevel directive specifies the level of logging information written to the log files.

Each level of logging contains a different amount of detail. The lower levels show minimal logging information, while the higher logging levels add more detail.

Logging levels are as follows:

Level Output Description
Brief Minimum level of logging. Data that should always be logged, such as start-up errors.
Normal Short one-line information only. This includes validator generated output.
Verbose Extended detail.
Debug Maximum level of debug logging. Only to be used for diagnostic purposes and under instruction from technical support.


If log files are being saved a balance has to be met between the amount of logging information recorded and the use of disk space. More disk space will be used if the logging level is set to one of the higher values. It is recommended that you archive and delete the log files on a regular basis. For details on archiving see page 6-23.

EventSource

The EventSource directive (event log only) specifies the source of the logging information that is written to the Windows NT application event log. It can have the value MAILsweeper or WEBsweeper.

EventId

The EventId directive (event log only) is for internal use. If present it is recommended that you do not change the value.



[Top] [Prev] [Next] [Bottom]



1 Start-up errors may also be placed in the Windows NT application event log, see page 7-112.

2 For MAILsweeper only these start-up errors may also placed in the system log. See page 7-110.

3 The debug log file should only be created under instruction from technical support.

msw.support@mimesweeper.com

Copyright © 1998, Content Technologies Limited. All rights reserved.