|
|
There are three features of a log source that can be customized:
If you do not want to log messages from a specific source, you must comment out every line of the related parameter block using ``#'' symbols. For example, to disable the audit log source you must modify its related real-time-import parameter block so it looks like this:
# real-time-import audit { # audit audit_sink; # }After commenting out this block, you must restart EELS as described in ``Manually starting EELS''.
To specify where to log messages from specific log source, you must define a log-destination. The destination name you use must relate to an existing log-destination parameter block. For example, if your real-time-import parameter block looked like this:
real-time-import audit { audit audit_sink; }you could customize a log-destination parameter block that looked similar to the one shown below:
log-destination audit_sink { database default; table audit; }For more information on customizing log destinations, see ``Customizing log destinations''.
To apply a filter to the incoming messages, you must specify a filter name. The name must relate to an existing filter parameter block. For example, if your real-time-import parameter block looked like this:
real-time-import XDAS { XDAS XDAS_sink; filter XDAS_filter; }you would have to customize a filter parameter block called ``XDAS_filter''.
For more information on filters, see ``Filtering''.