Events

RBFS REST APIs play important roles in fetching event logs. Event logs are records of events that occur in the different functional areas of the RBFS ecosystem. In RBFS, there are different types of logs. Almost every daemon or module in RBFS generates a variety of logs. All these logs, which are generated from different components, can be exported to the log management server, where you can view and analyze the real-time data.

Log events originate from the RBFS log facility and form a structured log record. If logging is disabled, then no logs are produced. For more information about RBFS Logging, see Logging User Guide.

Alerts

Alerts are event logs that originate from alert configurations. Alerts either report an issue or notify that an issue has been resolved. Alerts are fully under the control of a customer. Users can implement alert rules to produce an alert that triggers automated action in the management system. An alert event is also a business event when it triggers automated actions.

Business Events

A business event is a record of events that originate from the control daemon, irrespective of the logging configuration. Business events notify the management system about significant state changes for triggering automated actions.

Business events are recorded by CtrlD and these events are static without any changes release after release.

APIGwD and CtrlD send different GELF and Syslog messages about status changes or the progress of processes to a GELF or Syslog endpoint.

The following table presents the business event message format:

GELF message format
Name Type Mandatory Description

Default Message Fields

version

String

Yes

The GELF message format version. Default value: 1.1

host

String

Yes

The hostname is assigned via DHCP to the management interface. Defaults to the management IP address if no hostname is assigned.

level

int

Yes

Message Severity. See Table-1.

timestamp

float

Yes

Unix epoch time in seconds with an optional fraction of milliseconds.

short_message

String

Yes

Problem message.

full_message

String

No

Detailed problem description.

_daemon

String

Yes

Name of the daemon.

_log_module

String

Yes

The module name identifies the component that created the log record. It allows segregating log records into different streams. Each stream can apply different processing rules and also be processed by different organizational units of the network operator.

_log_event

String

Yes

The log event identifies the log message template in the log configuration. The log event simplifies finding where in the system the log record was created. The log event should be succinct and typically conveys a unique reason code. In addition, the log event should be a reference that can be looked up in the product troubleshooting guide.

_serial_number

String

Yes

The serial number of the switch. This allows tracking hardware replacements, even if the element name remains the same. Empty if not available.

_rtb_image_version

String

No

ONL Image Version that is installed on the switch that reports this message.

_origin

String

No

host or container, defines the origin of a message. This is only set for events that are ambiguous.

ZTP Message Fields

_config_name

String

No

Exposes the loaded configuration name. Only set when a configuration file was processed or an attempt to process the file failed (e.g., 404 Not Found response from the HTTP server while attempting to load the configuration)

_config_sha1

String

No

Exposes the SHA1 checksum of the loaded configuration. Only set when the HTTP server returns a configuration.

_operational_state

String

No

Exposes the operational state of the element.

Request Message Fields

_rid

String

No

Request ID, either X-Request-ID or new generated

_user_name

String

No

User name out of the access token

_user_subject

String

No

User subject out of the access token

_received_time

String

No

Time when the requested arrived

_method

String

No

HTTP method

_url

String

No

HTTP url

proto

String

No

HTTP protocol

_remote_ip

String

No

HTTP remote ip address

Service State Message Fields

_service_name

String

No

Service name

_service_operational_state

String

No

Operational Service

_service_startup_time

Number

No

Service startup time in unix epoch time, the number of seconds elapsed since January 1, 1970 UTC.

_service_down_flap_time

Number

No

Last down flap time in unix epoch time, the number of seconds elapsed since January 1, 1970 UTC.

_service_down_flap_counter

Number

No

Last down flap time in unix epoch time, the number of seconds elapsed since January 1, 1970 UTC.

_service_restarted

String

No

Restart is set to true if service_startup_time was changed.

Level Descriptions as in RFC 5424
Level Name Comment

0

Emergency

System is unusable

1

Alert

Action must be taken immediately

2

Critical

Critical conditions

3

Error

Error conditions

4

Warning

Warning conditions

5

Notice

Normal but significant condition

6

Informational

Informational messages

7

Debug

Debug-level messages

GELF sample message
{
  "_config_name": "ctrld",
  "_config_sha1": "f1e06ef1e53becde6f8baf2b2fafe7dc9c36f6f0",
  "_daemon": "ctrld",
  "_element_name": "leaf01",
  "_log_event": "ZTP0011I",
  "_log_module": "ztp",
  "_serial_number": "591654XK1902037",
  "host": "leaf01",
  "level": 6,
  "short_message": "ztp ctrld config set",
  "timestamp": 1588382356.000511,
  "version": "1.1"
}
Event Types

Instance

severity

log_module

log_event

log config

description

ztp

Notice

ztp

ZTP0011I

ctrld

ztp ctrld config set

ztp

Warn

ztp

ZTP0012W

ctrld

ztp ctrld config not provided

ztp

Alert

ztp

ZTP0013E

ctrld

ztp ctrld config not set

ztp

Notice

ztp

ZTP0021I

ctrld

ztp startup config set

ztp

Warn

ztp

ZTP0022W

ctrld

ztp startup config not provided

ztp

Alert

ztp

ZTP0023E

ctrld

ztp startup config not set

ztp

Notice

ztp

ZTP0041I

ctrld

ztp ctrld rbac config set

ztp

Warn

ztp

ZTP0042W

ctrld

ztp ctrld rbac config not provided

ztp

Alert

ztp

ZTP0043E

ctrld

ztp ctrld rbac config not set

ztp

Notice

ztp

ZTP0051I

ctrld

ztp tls config set

ztp

Warn

ztp

ZTP0052W

ctrld

ztp tls config not provided

ztp

Alert

ztp

ZTP0053E

ctrld

ztp tls config not set

ztp

Notice

ztp

ZTP0061I

ctrld

ztp accessjwks config set

ztp

Warn

ztp

ZTP0062W

ctrld

ztp accessjwks config not provided

ztp

Alert

ztp

ZTP0063E

ctrld

ztp accessjwks config not set

ztp

Notice

ztp

ZTP0071I

ctrld

ztp apigwd config set

ztp

Warn

ztp

ZTP0072W

ctrld

ztp apigwd config not provided

ztp

Alert

ztp

ZTP0073E

ctrld

ztp apigwd config not set

ztp

Notice

ztp

ZTP1000I

ctrld

ztp process finished

security

Warn

security

SEC0001W

ctrld

access forbidden

security

Warn

security

SEC0002W

ctrld

access invalid rtb token

security

Warn

security

SEC0003W

ctrld

access invalid access token

security

Warn

security

SEC0004W

ctrld

not able to download remote keys

security

Warn

security

SEC0005W

ctrld

not able to download remote pem

security

Warn

security

SEC0006W

ctrld

request rate limited (this message is also rate limited, and can be controlled in the apiwd config)

element

Notice

element

HTB0001

ctrld

heartbeat with the operational_state

element

Notice

element

STA0001

ctrld

element state change

element

Notice

element

STA0021

ctrld

service up

element

Error

element

STA0022

ctrld

service unexpected down

element

Notice

element

STA0023

ctrld

service expected down

element

Notice

element

STA0003

ctrld

ready for service

element

Notice

element

STA0031

ctrld

module new (one of the modules is newly discovered e.g. fan, SFP …​, this event will be fired after every reboot of ctrld)

element

Notice

element

STA0032

ctrld

module changed (one of the modules got changed e.g. fan, SFP …​)

element

Notice

element

STA0033

ctrld

module removed (one of the modules got removed e.g. fan, SFP …​)

ALL

Notice

element

STA0040

all

messages could have been dropped

prometheus

?

?

?

element

messages generated by prometheus alerts