Events
RBFS REST APIs play important roles in fetching event logs. Event logs are records of events that occur in the different functional areas of the RBFS ecosystem. In RBFS, there are different types of logs. Almost every daemon or module in RBFS generates a variety of logs. All these logs, which are generated from different components, can be exported to the log management server, where you can view and analyze the real-time data.
Log events originate from the RBFS log facility and form a structured log record. If logging is disabled, then no logs are produced. For more information about RBFS Logging, see Logging User Guide.
Alerts
Alerts are event logs that originate from alert configurations. Alerts either report an issue or notify that an issue has been resolved. Alerts are fully under the control of a customer. Users can implement alert rules to produce an alert that triggers automated action in the management system. An alert event is also a business event when it triggers automated actions.
Business Events
A business event is a record of events that originate from the control daemon, irrespective of the logging configuration. Business events notify the management system about significant state changes for triggering automated actions.
Business events are recorded by CtrlD and these events are static without any changes release after release.
APIGwD and CtrlD send different GELF and Syslog messages about status changes or the progress of processes to a GELF or Syslog endpoint.
The following table presents the business event message format:
Name | Type | Mandatory | Description |
---|---|---|---|
Default Message Fields |
|||
version |
String |
Yes |
The GELF message format version. Default value: 1.1 |
host |
String |
Yes |
The hostname is assigned via DHCP to the management interface. Defaults to the management IP address if no hostname is assigned. |
level |
int |
Yes |
Message Severity. See Table-1. |
timestamp |
float |
Yes |
Unix epoch time in seconds with an optional fraction of milliseconds. |
short_message |
String |
Yes |
Problem message. |
full_message |
String |
No |
Detailed problem description. |
_daemon |
String |
Yes |
Name of the daemon. |
_log_module |
String |
Yes |
The module name identifies the component that created the log record. It allows segregating log records into different streams. Each stream can apply different processing rules and also be processed by different organizational units of the network operator. |
_log_event |
String |
Yes |
The log event identifies the log message template in the log configuration. The log event simplifies finding where in the system the log record was created. The log event should be succinct and typically conveys a unique reason code. In addition, the log event should be a reference that can be looked up in the product troubleshooting guide. |
_serial_number |
String |
Yes |
The serial number of the switch. This allows tracking hardware replacements, even if the element name remains the same. Empty if not available. |
_rtb_image_version |
String |
No |
ONL Image Version that is installed on the switch that reports this message. |
_origin |
String |
No |
|
ZTP Message Fields |
|||
_config_name |
String |
No |
Exposes the loaded configuration name. Only set when a configuration file was processed or an attempt to process the file failed (e.g., 404 Not Found response from the HTTP server while attempting to load the configuration) |
_config_sha1 |
String |
No |
Exposes the SHA1 checksum of the loaded configuration. Only set when the HTTP server returns a configuration. |
_operational_state |
String |
No |
Exposes the operational state of the element. |
Request Message Fields |
|||
_rid |
String |
No |
Request ID, either |
_user_name |
String |
No |
User name out of the access token |
_user_subject |
String |
No |
User subject out of the access token |
_received_time |
String |
No |
Time when the requested arrived |
_method |
String |
No |
HTTP method |
_url |
String |
No |
HTTP url |
proto |
String |
No |
HTTP protocol |
_remote_ip |
String |
No |
HTTP remote ip address |
Service State Message Fields |
|||
_service_name |
String |
No |
Service name |
_service_operational_state |
String |
No |
Operational Service |
_service_startup_time |
Number |
No |
Service startup time in unix epoch time, the number of seconds elapsed since January 1, 1970 UTC. |
_service_down_flap_time |
Number |
No |
Last down flap time in unix epoch time, the number of seconds elapsed since January 1, 1970 UTC. |
_service_down_flap_counter |
Number |
No |
Last down flap time in unix epoch time, the number of seconds elapsed since January 1, 1970 UTC. |
_service_restarted |
String |
No |
Restart is set to true if |
Level | Name | Comment |
---|---|---|
0 |
Emergency |
System is unusable |
1 |
Alert |
Action must be taken immediately |
2 |
Critical |
Critical conditions |
3 |
Error |
Error conditions |
4 |
Warning |
Warning conditions |
5 |
Notice |
Normal but significant condition |
6 |
Informational |
Informational messages |
7 |
Debug |
Debug-level messages |
{
"_config_name": "ctrld",
"_config_sha1": "f1e06ef1e53becde6f8baf2b2fafe7dc9c36f6f0",
"_daemon": "ctrld",
"_element_name": "leaf01",
"_log_event": "ZTP0011I",
"_log_module": "ztp",
"_serial_number": "591654XK1902037",
"host": "leaf01",
"level": 6,
"short_message": "ztp ctrld config set",
"timestamp": 1588382356.000511,
"version": "1.1"
}
Instance |
severity |
log_module |
log_event |
log config |
description |
ztp |
Notice |
ztp |
ZTP0011I |
ctrld |
ztp ctrld config set |
ztp |
Warn |
ztp |
ZTP0012W |
ctrld |
ztp ctrld config not provided |
ztp |
Alert |
ztp |
ZTP0013E |
ctrld |
ztp ctrld config not set |
ztp |
Notice |
ztp |
ZTP0021I |
ctrld |
ztp startup config set |
ztp |
Warn |
ztp |
ZTP0022W |
ctrld |
ztp startup config not provided |
ztp |
Alert |
ztp |
ZTP0023E |
ctrld |
ztp startup config not set |
ztp |
Notice |
ztp |
ZTP0041I |
ctrld |
ztp ctrld rbac config set |
ztp |
Warn |
ztp |
ZTP0042W |
ctrld |
ztp ctrld rbac config not provided |
ztp |
Alert |
ztp |
ZTP0043E |
ctrld |
ztp ctrld rbac config not set |
ztp |
Notice |
ztp |
ZTP0051I |
ctrld |
ztp tls config set |
ztp |
Warn |
ztp |
ZTP0052W |
ctrld |
ztp tls config not provided |
ztp |
Alert |
ztp |
ZTP0053E |
ctrld |
ztp tls config not set |
ztp |
Notice |
ztp |
ZTP0061I |
ctrld |
ztp accessjwks config set |
ztp |
Warn |
ztp |
ZTP0062W |
ctrld |
ztp accessjwks config not provided |
ztp |
Alert |
ztp |
ZTP0063E |
ctrld |
ztp accessjwks config not set |
ztp |
Notice |
ztp |
ZTP0071I |
ctrld |
ztp apigwd config set |
ztp |
Warn |
ztp |
ZTP0072W |
ctrld |
ztp apigwd config not provided |
ztp |
Alert |
ztp |
ZTP0073E |
ctrld |
ztp apigwd config not set |
ztp |
Notice |
ztp |
ZTP1000I |
ctrld |
ztp process finished |
security |
Warn |
security |
SEC0001W |
ctrld |
access forbidden |
security |
Warn |
security |
SEC0002W |
ctrld |
access invalid rtb token |
security |
Warn |
security |
SEC0003W |
ctrld |
access invalid access token |
security |
Warn |
security |
SEC0004W |
ctrld |
not able to download remote keys |
security |
Warn |
security |
SEC0005W |
ctrld |
not able to download remote pem |
security |
Warn |
security |
SEC0006W |
ctrld |
request rate limited (this message is also rate limited, and can be controlled in the apiwd config) |
element |
Notice |
element |
HTB0001 |
ctrld |
heartbeat with the |
element |
Notice |
element |
STA0001 |
ctrld |
element state change |
element |
Notice |
element |
STA0021 |
ctrld |
service up |
element |
Error |
element |
STA0022 |
ctrld |
service unexpected down |
element |
Notice |
element |
STA0023 |
ctrld |
service expected down |
element |
Notice |
element |
STA0003 |
ctrld |
ready for service |
element |
Notice |
element |
STA0031 |
ctrld |
module new (one of the modules is newly discovered e.g. fan, SFP …, this event will be fired after every reboot of ctrld) |
element |
Notice |
element |
STA0032 |
ctrld |
module changed (one of the modules got changed e.g. fan, SFP …) |
element |
Notice |
element |
STA0033 |
ctrld |
module removed (one of the modules got removed e.g. fan, SFP …) |
ALL |
Notice |
element |
STA0040 |
all |
messages could have been dropped |
prometheus |
? |
? |
? |
element |
messages generated by prometheus alerts |