The Enhanced Event Logging System

Customizing log sources

There are three features of a log source that can be customized:

whether to log messages from this source at all
where to log the messages
whether to apply one or more filter rules to the messages

Whether to log messages at all

If you do not want to log messages from a specific source, you must comment out every line of the related parameter block using ``#'' symbols. For example, to disable the audit log source you must modify its related real-time-import parameter block so it looks like this:

   # real-time-import audit {
   #   audit   audit_sink;
   # }

After commenting out this block, you must restart EELS as described in ``Manually starting EELS''.

Where to log messages

To specify where to log messages from specific log source, you must define a log-destination. The destination name you use must relate to an existing log-destination parameter block. For example, if your real-time-import parameter block looked like this:

   real-time-import audit {
      audit   audit_sink;
   }

you could customize a log-destination parameter block that looked similar to the one shown below:

   log-destination audit_sink {
      database  default;
      table     audit;
   }

For more information on customizing log destinations, see ``Customizing log destinations''.

Whether to apply a filter

To apply a filter to the incoming messages, you must specify a filter name. The name must relate to an existing filter parameter block. For example, if your real-time-import parameter block looked like this:

   real-time-import XDAS {
      XDAS    XDAS_sink;
      filter  XDAS_filter;
   }

you would have to customize a filter parameter block called ``XDAS_filter''.

For more information on filters, see ``Filtering''.