DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
The Enhanced Event Logging System

Log sources

EELS can accept log messages from multiple sources. Each such source is called a ``log source''. EELS supports the following log sources:


syslog
messages originating from syslogd(1M) and cmn_err(D3)

audit
messages originating from the audit subsystem. By default the audit log source is disabled. Before you can enable this log source you must first ensure that the auditing subsystem is installed. For more information on the audit subsystem, see auditon(1M)

EELSUser
messages originating from eels_log_import(1Meels) and the EELS generic logging APIs; for more information on EELS generic logging APIs, see Intro(3eels)

EELSKernel
messages originating from the EELS kernel logging APIs; for more information on EELS kernel logging APIs, see Intro(D3eels)

XDAS
messages originating from the XDAS generic and kernel logging APIs; for more information on these APIs, see Intro(3xdas) and Intro(D3xdas)
By default, all log sources except audit are enabled with their characteristics being defined by real-time-import parameter blocks in /etc/default/eels. An example of a such a parameter block is shown below:
   real-time-import syslog {
      syslog   default;
      filter   syslog_filter;
   }
This block specifies that messages must be filtered using the filter rules contained in the filter parameter block called ``syslog_filter''. Any messages that meet the filter criteria are logged to the database and table specified in the log-destination parameter block called ``default''.

For more information on log-destination blocks see ``Customizing log destinations''. For more information on filter parameter blocks, see ``Filtering''.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004