Activity Log Attribute Descriptions

Below are descriptions of what each element and attribute mean:

<s/> - Scan Log Entry (always on if modes is not none)
s:u = UTC timestamp,
s:m = Message ID / file,
s:o = Overhead time in ms,
s:t = Scan time in ms,
s:s = Scan result code,
s:l = Scan length,
s:d = Scan Depth,
s:error = Error Description (empty if no error)

<s><m/></s> - Scan Match Entry (controlled by matches attribute)
m:s = Match Symbol
m:r = Match Rule ID
m:i = Match Index
m:e = Match Endex
m:f = Match flag

<s><p/></s> - Scan Performance Monitoring (performance='yes')
p:s = Setup time in milliseconds
p:t = Scan time in milliseconds
p:l = Scan length in bytes
p:d = Scan depth (peak evaluator count)

<s><g/></s> - GBUdb Activity For This Scan (gbudb='yes')
g:o = Ordinal of the source IP
g:i = IP address identified as source
g:t = IP Record type (g)ood, (b)ad, (u)gly
g:p = Spam probability
g:c = Confidence
g:r = Range: Unknown, White, Normal, New, Caution, Black, Truncate

<i/> - Information Message.
i:u = UTC Timestamp.
i:context = Where this message was sent from.
i:code = Numerical code for this message.
i:text = Text version of the message.

<e/> - Error Message.
e:u = UTC Timestamp.
e:context = Where this error occurred.
e:code = Numerical code for this error.
e:text = Text version of the error.

Systems using the SNFMulti engine can use the GBUdb directly to test IPs. When they do so they have the option to report that operation and the result of that test through the XML scan / activity log. That reporting format follows these conventions:

<t/> - IP test log.

t:u = UTC Timestamp.
t:ip = IP under test.
t:t = GBUdb record type.
t:g = GBUdb good event count.
t:b = GBUdb bad event count.
t:c = GBUdb confidence figure.
t:p = GBUdb probability figure.
t:r = GBUdb range.
t:a = Action taken.