API Firewall log line format for standard output

If you want to write your own plugins that are fed by the standard output logs from API Firewall, the STDOUT log line format has three main parts: prefix, header, and message.

An example on a log line in standard output, with the sections that form the prefix, the header, and the message indicated with brackets.

Prefix

The prefix contains the following parameters:

source:message-counter:message-length:split-counter
Parameter Description
source

The type of the log (see API Firewall logs). The possible values are:

  • ${GUARDIAN_INSTANCE_NAME}.agent.error
  • ${GUARDIAN_INSTANCE_NAME}.main.error
  • ${GUARDIAN_INSTANCE_NAME}.vh-uid.error
  • ${GUARDIAN_INSTANCE_NAME}.vh-uid.access
  • ${GUARDIAN_INSTANCE_NAME}.api-uid.transaction
  • ${GUARDIAN_INSTANCE_NAME}.unknown.transaction
message-counter The number of the message since the API Firewall instance started (or restarted).
message-length The total length of the message, may exceed the line length if the message is split on multiple lines.
split-counter

How many times the message was split, if any.

A console usually limits the size of a message it accepts at one go. To avoid interleaving of different messages, any message larger than ${LOG_CONSOLE_SPLIT} (default 8K) is split on multiple lines.

When a line is split, prefix is repeated on each line, with split-counter incremented (starting form 1), and followed by the next chunk of the message (header is not repeated).

If a line is not split, split-counter is 0.

Header

The header has the following parameters:

 [date-time] [module-name:log-level] [pid:tid]
Parameter Description
date-time Time stamp, format "Mon Jan 02 15:04:05.000000 2006"
module-name The firewall module
log-level

The level of detail in the logs, the possible values are:

  • emerg
  • alert
  • crit
  • error
  • warn
  • notice
  • info
  • debug
  • trace1
  • trace2
  • trace3
  • trace4
  • trace5
  • trace6
  • trace7
  • trace8
pid Process ID
tid Thread ID

Message

Finally, message contains the relevant description of the logged event.