Connector, 1c-log type

Kaspersky Unified Monitoring and Analysis Platform

Support Send link Get as PDF

User guide > KUMA resources > Connectors > Connector settings > Connector, 1c-log type

Connector, 1c-log type

Connectors of the 1c-log type are used for getting data from 1C technology logs when working with Linux agents. \n is used as the newline character. The connector accepts only the first line from a multi-line event record.

If while creating the collector at the Transport step of the installation wizard, you specified a connector of the 1c-log type, at the Event parsing in the Mapping table, you can pass the name of the file being processed by the collector or the path to the file in the KUMA event field. To do this, in the Source column, specify one of the following values:

$kuma_fileSourceName to pass the name of the file being processed by the collector in the KUMA event field.
$kuma_fileSourcePath to pass the path to the file being processed by the collector in the KUMA event field.

When you use a 1c-log connector, the new variables in the normalizer will only work with destinations of the internal type.

Settings for a connector of the 1c-log type are described in the following tables.

Basic settings tab

Setting	Description
Name	Unique name of the resource. The maximum length of the name is 128 Unicode characters. Required setting.
Tenant	The name of the tenant that owns the resource. Required setting.
Type	Connector type: 1c-log. Required setting.
Directory path	The full path to the directory with the files that you want to interact with, for example, `/var/log/1c/logs/`. Limitations when using prefixes in file paths Prefixes that cannot be used when specifying paths to files: `/` `/bin` `/boot` `/dev` `/etc` `/home` `/lib` `/lib64` `/proc` `/root` `/run` `/sys` `/tmp` `/usr/` `/usr/bin/` `/usr/local/` `/usr/local/sbin/` `/usr/local/bin/` `/usr/sbin/` `/usr/lib/` `/usr/lib64/` `/var/` `/var/lib/` `/var/run/` `/opt/kaspersky/kuma/` Files are available at the following paths: `/opt/kaspersky/kuma/clickhouse/logs/` `/opt/kaspersky/kuma/mongodb/log/` `/opt/kaspersky/kuma/victoria-metrics/log/` Required setting.
Description	Description of the resource. The maximum length of the description is 4000 Unicode characters.

Advanced settings tab

Setting	Description
Debug	The switch enables resource logging. The toggle switch is turned off by default.
Buffer size	Buffer size in bytes for accumulating events in the RAM of the server before sending them for further processing or storage. The value must be a positive integer. Default buffer size: 1,048,576 bytes (1 MB). Maximum buffer size: 67,108,864 bytes (64 MB).
File/folder polling mode	Specifies how the connector rereads files in the directory: Monitor changes means the connector rereads files in the directory at an interval in milliseconds specified in the Poll interval, ms field if the files are not being updated. The default value. For example, if the files are constantly being updated, and the value of Request interval, ms is `5000`, the connector rereads the files continuously instead of every 5000 milliseconds. If the files are not being updated, the connector rereads them every 5000 milliseconds. Track periodically means the connector rereads files in the directory at an interval in milliseconds specified in the Polling interval, ms field, regardless of whether the files are being updated or not.
Poll interval, ms	The interval in milliseconds at which the connector rereads files in the directory. Default value: `0` means the connector rereads files in the directory every 700 milliseconds. In the File/folder polling mode drop-down list, select the mode the connector must use to reread files in the directory.
Character encoding	Buffer size in bytes for accumulating events in the RAM of the server before sending them for further processing or storage. The value must be a positive integer. Default buffer size: 1,048,576 bytes (1 MB). Maximum buffer size: 67,108,864 bytes (64 MB).

Connector operation diagram:

All 1C technology log files are searched. Log file requirements:
- Files with the LOG extension are created in the log directory (/var/log/1c/logs/ by default) within a subdirectory for each process.
  Example of a supported 1C technology log structure
- Events are logged to a file for an hour; after that, the next log file is created.
- The file names have the following format: <YY><MM><DD><HH>.log. For example, 22111418.log is a file created in 2022, in the 11th month, on the 14th at 18:00.
- Each event starts with the event time in the following format: <mm>:<ss>.<microseconds>-<duration in microseconds>.
The processed files are discarded. Information about processed files is stored in the file /<collector working directory>/1c_log_connector/state.json.
Processing of the new events starts, and the event time is converted to the RFC3339 format.
The next file in the queue is processed.

Connector limitations:

Installation of a collector with a 1c-log connector is not supported in a Windows operating system. To set up transfer of 1C log files for processing by the KUMA collector:
1. On the Windows server, grant read access over the network to the folder with the 1C log files.
2. On the Linux server, mount the shared folder with the 1C log files on the Windows server (see the list of supported operating systems).
3. On the Linux server, install the collector that you want to process 1C log files from the mounted shared folder.
Only the first line from a multi-line event record is processed.
The normalizer processes only the following types of events:
- ADMIN
- ATTN
- CALL
- CLSTR
- CONN
- DBMSSQL
- DBMSSQLCONN
- DBV8DBENG
- EXCP
- EXCPCNTX
- HASP
- LEAKS
- LIC
- MEM
- PROC
- SCALL
- SCOM
- SDBL
- SESN
- SINTEG
- SRVC
- TLOCK
- TTIMEOUT
- VRSREQUEST
- VRSRESPONSE

Article ID: 244775, Last review: Apr 23, 2025

Page top