Previous Topic: Settings TagsNext Topic: SSL Decode Tags


Logging Tags

This section defines the XML tags used to define NBA logging operations.

<logging>

Contains the tags that control NBA logging activity.

<numberoflogfiles>

Defaults to 10. This tag specifies the maximum number of log files per NBA processor.

When the maximum number of log files exists and the maximum size of the latest is reached (see below), the oldest log file is deleted to enable a new one to be created.

This tag supports type and value attributes:

type

Always set to type="numberType".

value

Specifies the maximum number of log files of each type, for each NBA processor. For example:

<numberoflogfiles type="numberType" value="10" />
<maxsizeoflogfileskb>

Defaults to 1024. This tag specifies the maximum size (in KB) for each log file. When the current log file reaches its maximum size, the NBA creates a new log file.

This tag supports type and value attributes:

type

Always set to type="numberType".

value

Specifies the maximum size for log files. For example:

<maxsizeoflogfileskb type="numberType" value="1024" />
<loglevel>

Defaults to error. This tag determines the default level of logging for the packet capture process. You can override this logging level for individual network filters or application filters, all of which have their own <loglevel> tag.

The Logging Level field in the Policy screen of the NBA console has the same effect as this policy tag.

This tag supports type and value attributes:

type

Always set to type="simpleEnumLogLevel".

value

Can be set to:

  • value="none"--Only startup messages and a few significant events are logged.
  • value="error"--As "none", but errors are also logged.
  • value="warning"--As "error", but warnings are also logged.
  • value="objects"--As "warning", but captured object information is also logged.
  • value="debug"--As "object", but debug messages are also logged.

In normal NBA operations, the logging level is typically set to error. Other levels are supported for evaluation, diagnostic, or testing purposes. In particular, debug logging causes the log file to grow extremely rapidly.

<logrolloverhours>

Defaults to 0 (no time limit). This tag specifies how often (in hours) a new log file is created, even if the current log file has not reached its maximum size. If set to zero, a new log file is only created when the current log file reaches its maximum size.

This rollover tag applies to all types of log file for each NBA processor.

This tag supports type and value attributes:

type

Always set to type="numberType".

value

Specifies log file rollover interval (in hours). For example:

<logrolloverhours type=numberType value="24"/>
<statslogintervalsecs>

Defaults to 60. This tag specifies how often (in seconds) the NBA statistics log files are updated. Statistics are recorded in the statistics log files.

This tag supports type and value attributes:

type

Always set to type="numberType".

value

Specifies the statistics update frequency (in seconds). For example:

<statslogintervalsecs type=numberType value="60"/>

More information:

Log Files