DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
The Enhanced Event Logging System

Customizing log sources

There are three features of a log source that can be customized:

Whether to log messages at all

If you do not want to log messages from a specific source, you must comment out every line of the related parameter block using ``#'' symbols. For example, to disable the audit log source you must modify its related real-time-import parameter block so it looks like this:

   # real-time-import audit {
   #   audit   audit_sink;
   # }
After commenting out this block, you must restart EELS as described in ``Manually starting EELS''.

Where to log messages

To specify where to log messages from specific log source, you must define a log-destination. The destination name you use must relate to an existing log-destination parameter block. For example, if your real-time-import parameter block looked like this:

   real-time-import audit {
      audit   audit_sink;
   }
you could customize a log-destination parameter block that looked similar to the one shown below:
   log-destination audit_sink {
      database  default;
      table     audit;
   }
For more information on customizing log destinations, see ``Customizing log destinations''.

Whether to apply a filter

To apply a filter to the incoming messages, you must specify a filter name. The name must relate to an existing filter parameter block. For example, if your real-time-import parameter block looked like this:

   real-time-import XDAS {
      XDAS    XDAS_sink;
      filter  XDAS_filter;
   }
you would have to customize a filter parameter block called ``XDAS_filter''.

For more information on filters, see ``Filtering''.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004