DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
The Enhanced Event Logging System

The Enhanced Event Logging System

The Enhanced Event Logging System (EELS) provides an infrastructure to centralize the logging, management and reporting of standard UNIX logging systems such as syslog and the auditing sub-system. The infrastructure provides:


NOTE: The event logging API is conformant with the Open Group's ``Distributed Audit Service'' (XDAS). For more information on XDAS, see the Open Group's Preliminary Specification, Distributed Audit Service (XDAS) or the Section 3xdas manual pages and the Section D3xdas manual pages.

EELS provides this centralized mechanism by intercepting logging information from multiple sources and storing it in one or more databases. These databases can be queried by EELS analysis tools such as eels_db_query(1Meels). The information that EELS stores in the database can either be intercepted in real-time, or it can be periodically imported from a log file.

Information collected in real-time originates from sources that are directly supported by the EELS daemon. Supported sources are:

For more information on these log sources see ``Log sources''.

Periodic log importing enables arbitrary log files to be imported into the EELS database. Before a log file can be imported, a filter script must first be written that converts the proprietary format of the log file to a format that is understood by EELS. EELS can be configured to monitor a log file and import records when the log file size changes. Alternatively, you could use cron(1M) to schedule the importing of a log file at a predefined time irrespective of file size changes. For more information on writing log import scripts, see ``Importing external log files''. For more information on configuring EELS to monitor the size of log files, see ``Dynamic log import''.

A set of command line tools are provided to administer the EELS environment, query the EELS database, generate reports and archive data. These tools are:

In addition to these command line utilities, EELS provides an API to the Database Abstraction Layer that enables you to write your own utilities that can interrogate the EELS database. This API is described in the Section 3dba manual pages.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004