Log sources
EELS can accept log messages from multiple sources.
Each such source is called a ``log source''. EELS
supports the following log sources:
syslog-
messages originating from
syslogd(1M)
and
cmn_err(D3)
audit-
messages originating from the audit
subsystem. By default the audit log source is disabled. Before you
can enable this log source you must first ensure that the auditing subsystem
is installed. For more information on the audit subsystem, see
auditon(1M)
EELSUser-
messages originating from
eels_log_import(1Meels)
and the EELS generic logging
APIs; for more information on
EELS generic logging APIs, see
Intro(3eels)
EELSKernel-
messages originating from the EELS
kernel logging APIs; for more
information on EELS kernel logging
APIs, see
Intro(D3eels)
XDAS-
messages originating from the XDAS
generic and kernel logging APIs;
for more information on these APIs, see
Intro(3xdas)
and
Intro(D3xdas)
By default, all log sources except audit are enabled with their
characteristics being defined by real-time-import
parameter blocks in /etc/default/eels. An example of
a such a parameter block is shown below:
real-time-import syslog {
syslog default;
filter syslog_filter;
}
This block specifies that messages must be filtered using the
filter rules contained in the filter parameter block
called ``syslog_filter''. Any messages that meet the filter
criteria are logged to the database and table specified in the
log-destination parameter block called ``default''.
For more information on log-destination blocks see
``Customizing log destinations''.
For more information on filter parameter blocks, see
``Filtering''.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004