Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection

Rate this Entry

BES Logs ... What's in them? Part 6 of 20 (DISP log)

Posted 06-29-2009 at 04:00 AM by hdawg

Welcome to Part 6 of the 20 part series looking at the BES logs. (Part 5) ... and the weekend sideshow (BES Log Tools, BES Log Aging)

Today we're going to talk about the mother of all useless logs to try to process without some tool, the BlackBerry Dispatcher (DISP) log.

The heart of the BlackBerry Enterprise Solution (well, behind the firewall at least), the Dispatcher performs decryption of all inbound data and encryption of all outbound data. Sure, you need the BlackBerry Router working to connect to a NOC, but without the Dispatcher all traffic stops as no data can be processed. So the next time you're having a bad day, think about the pressure that the Dispatcher service gets 24x7

The most value of the DISP log comes when using one of the BlackBerry Resource Kit (BRK) Tools, as the BRK will provide you with usable output

I find myself going into the DISP log when using Windows Grep (as mentioned in my tools post) to look at all activity for a given user. Using Windows Grep to search for all line entries for a given user can be valuable as you'll be able to see time stamps of data coming / going to that user. The other thing I find myself using the DISP log for is finding out which encryption method is being used ...

[30450] (06/01 03:06:20.863):{0x1948} {Test User1} User unchanged (disp): id=3, [email protected], device=31333111, routing=S12345678, agent=001, time=13804119, ext=1, wl=0, keys=(A:A:0)

The line above from the DISP shows us which encryption method is being used for Test User1. The keys string identifies the encryption method used for the current, previous, and pending (in that order) encryption keys. The encryption keys can be one of the following:
  • 3 for Triple Data Encryption Standard (Triple DES)
  • A for Advanced Encryption Standard (AES)
  • U for unknown encryption
  • 0 for pending
In the previous example, both the current and previous encryption keys are AES, and the third key is in the pending state.

Just to explain a little of the data in the log, below are two additional sets of data from the DISP log. The first is CMIME (Email) and the second is SYNC (any number of things including Automatic Wireless Backup):

[30222] (06/01 07:04:05.822):{0x1B54} {Test User1} MTH: contentType=CMIME, sizeOTA=212, sizeOTW=175, TransactionId=-902728190, Tag=1530867
[30310] (06/01 07:04:05.822):{0x1B54} {Test User1} Forwarding internal data to device, contentType=CMIME, routing=S12345678, device=30000111, size=250, cmd=0x3, ack=0, TransactionId=-902728190, intTag=768960, Tag=1530867, Submit=1
[30368] (06/01 07:04:11.618):{0x7C4} {Test User1} Packet has been delivered to device, Tag=1530867

[30222] (06/01 07:09:21.318):{0x1B70} {Test User1} MFH: contentType=sync, sizeOTA=212, sizeOTW=161, TransactionId=-404422984, Tag=242483
[30222] (06/01 07:09:21.318):{0x1AFC} {Test User1} MTH: contentType=SYNC, sizeOTA=84, sizeOTW=8, TransactionId=588126, Tag=1530879

Note that in the line that indicates forwarding the device PIN and BES SRP is included ... this is how the NOC knows how to get the data packet to the appropriate handheld.

Please don't underestimate the importance of the BlackBerry Dispatcher ... just don't bother spending too much time in it; it isn't all that useful by itself.

If you've got any questions about other specific entries in the DISP log feel free to post a question / comment in response to this post, or in the forum.

Tomorrow in Part 7 we'll dive into the log that is typically the largest, the BlackBerry Messaging Agent (MAGT) log.
Posted in Tips & Tricks
Views 11753 Comments 4 Edit Tags Email Blog Entry
« Prev     Main     Next »
Total Comments 4


  1. Old Comment

    Very intresting and useful read, have a question through.

    I have a case where some users got the regenerating encryption key screen on their devices. Nothing was done on the server which would trigger this randomly. Upon monitoring the logs i saw the below for this user:


    Do you think that the previous encryption key was lost and that is why a new one generated ? This the only significant log I found.

    Assistance will be much appreciated.
    Posted 03-30-2010 at 05:56 AM by hulk hulk is offline
  2. Old Comment
    hdawg's Avatar
    did these people use Desktop Manager by chance?
    Posted 05-08-2010 at 10:59 AM by hdawg hdawg is offline
  3. Old Comment
    User unchanged (disp): id=3, , what is the id=3 stands for in the log i have noticed it as being unique for evey transaction
    Posted 08-01-2011 at 03:47 PM by AnjanM AnjanM is offline
  4. Old Comment
    hdawg's Avatar
    ID = User ID in BlackBerry Configuration Database.
    Posted 08-01-2011 at 08:19 PM by hdawg hdawg is offline

All times are GMT -4. The time now is 05:24 AM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2 PL2