Information Classification

Table 1 describes information that can be classified as logs, traps, or debugging information based on contents, users, and usage scenarios.

**Table 1** Information classification
Type	Description
Logs	Logs are records of events and unexpected activities of managed objects. Logging is an important method to maintain operations and identify faults. Logs provide information for fault analysis and help an administrator trace user activities, manage system security, and maintain a system. Some logs are used by technical support personnel for troubleshooting only. Because such logs have no practical significance to users, users are not notified when the logs are generated. System logs are classified as user logs, diagnostic logs, O&M logs, or security logs. User logs: During device running, the log module in the host software records all running information in logs. The logs are saved in the log buffer, sent to the Syslog server, reported to an NMS, and displayed on the screen. Such logs are user logs. Users can view the compressed log files and their content. Diagnostic logs: The logs recorded after the device starts but before the logserver component starts are diagnostic logs. Such logs are recorded in the process-side black box, and they are not saved in the log buffer, sent to the Syslog server, reported to an NMS, or displayed on the screen. Users can view the compressed log files and their content. NOTE: The information recorded in diagnostic logs is used for troubleshooting only and does not contain any sensitive information. O&M logs: During the running of a device, the log module of the host software records the data generated during the running of each service, forming O&M logs. Log information is not saved in the log buffer, sent to the Syslog server, reported to an NMS, or displayed on the screen. Users can view the compressed log files and their content. NOTE: The information recorded in O&M logs is used for troubleshooting only and does not contain any sensitive information. Security logs: If the system of a device is intruded, the device must be informed of the intrusion so that it can take responsive measures. Collecting logs about intrusion from external attackers is an important means of security detection. Security logs are recorded in the log buffer, sent to the Syslog server in SSL mode, reported to an NMS, and displayed on the screen. NOTE: The system-defined user name _SYSTEM_ is displayed as the user name in operation and security logs in the following scenarios: No operation user is available for the security logs of events. Operation logs record system behaviors, such as internal configuration and configuration file restoration. No username is available for password authentication. If operation logs record system behaviors, such as internal configuration and configuration file restoration, "**" is displayed for the IP and Terminal parameters.
Traps	Traps are sent to a workstation to report urgent and important events, such as the restart of a managed device. In general, the system also generates a log with the same content after generating a trap, except that the trap contains an additional OID.
Debugging information	Debugging information shows the device's running status, such as the sending or receiving of data packets. A device generates debugging information only after debugging is enabled.

Information File Naming Mode

Information can be saved as files on a device. These files are called information files. Table 2 describes the naming modes for information files.

**Table 2** Naming modes for information files
Naming Mode	Description
log.log	The current information files of the system are saved in log format.
diag.log	Logs recording exceptions that occur when the system is started or running are saved in diag.log format.
pads.pads	Logs generated during the running of each service after a device starts are saved in .pads format.
security.log	A security log is saved in the security log space in the .log format, and is also recorded in the log.log file.
log_SlotID_time.log.zip	If the size of a current information file reaches the upper threshold, the system automatically compresses the file into a historical file and changes the file name to log_SlotID_time.log.zip. In the file name, SlotID indicates the slot ID and time indicates the compression and saving time.
diag_SlotID_time.log.zip	If the size of a current diagnostic log reaches the upper threshold, the system automatically converts the file to a compressed file and names the compressed file diag_SlotID_time.log.zip. In the file name, SlotID indicates the slot ID and time indicates the compression and saving time.
pads_SlotID_time.pads.zip	If the size of a current O&M log file reaches the upper threshold, the system automatically converts the file to a compressed file and names the compressed file pads_SlotID_time.pads.zip. In the file name, SlotID indicates the slot ID and time indicates the compression and saving time.