Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Additional information
  4. /
  5. Events processing in blockly
  6. /
  7. Defined XML blocks
  8. /
  9. Data structures
  10. /
  11. Message structure

Message structure

This block is used to obtain data processed by the program. There is a possibility to obtain data from message dictionary – key data, meta, raw raw_real. There is special value event for accessing whole structure.

Difference between raw and raw_real is on raw is already stripped to only valid syslog data - offset is applied, but in raw_real value is not stripped.

The meta dictionary contains a src sub-dictionary with extracted source information (IP address, host, program, etc.). These fields can be modified during processing to correct faulty source data. See Modify meta.src for details and examples.

Block XML representation

XML representation of message block

<xml xmlns="http://www.w3.org/1999/xhtml">
  <block type="message">
    <field name="OBJECT">msg</field>
  </block>
  <block type="message">
    <field name="OBJECT">meta</field>
  </block>
  <block type="message">
    <field name="OBJECT">raw</field>
  </block>
  <block type="message">
    <field name="OBJECT">event</field>
  </block>
</xml>

Example of visual representation

Block "Message"

Block “Message”

Example of block usage

Example of "message" block

Example of “message” block

Message block is used twice in the example:

  • If text message row: Reads data from “raw” key and then compares, if it contains word admin. If yes, it returns boolean value “true”.
  • Update dictionary row: updates dictionary “message” key “data” by dictionary “item”.

Input data 

Login permitted from 192.168.10.1/1234 to inside:192.168.1.1/https for user admin

Processed results

Results of the "message" block

Results of the “message” block

gdoc_arrow_left_alt Dictionary rename to Message add tag gdoc_arrow_right_alt