|
|
EELS starts intercepting log messages as soon as you restart your system after installing the EELS software and rebuilding the UNIX kernel. By default, EELS will always intercept syslog and cmn_err messages (you can change this by editing /etc/default/eels). Take the following steps to check that everything is working correctly:
telnet localhost
Doing this generates two syslog messages you can now query from the EELS database.
The resulting output will look similar to that shown below:
´1.000000´|´Sep 23 11:02:47 rpcbind: Could not open connection on nbclts: system error ERROR´ ´2.000000´|´Sep 23 11:02:47 rpcbind: Could not open connection on nbcots: system error ERROR´ ´3.000000´|´Sep 23 11:02:55 sendmail[488]: alias database /etc/mail/aliases rebuilt by root sendmail´ ´4.000000´|´Sep 23 11:02:55 sendmail[488]: /etc/mail/aliases: 2 aliases, longest 10 bytes, 37 bytes total sendmail´ ´5.000000´|´Sep 23 11:02:55 sendmail[494]: starting daemon (8.8.7): SMTP+queuing@00:01:00 sendmail´ ´6.000000´|´Sep 23 11:03:57 inetd[1530]: got SC_ENABLE message inetd´ ´7.000000´|´Sep 23 11:08:34 in.rlogind[1576]: connect from malbec.london.sco.COM in.rlogind´ ´8.000000´|´Sep 23 11:08:47 in.rlogind[1586]: connect from malbec.london.sco.COM in.rlogind´ ´9.000000´|´Sep 23 11:43:12 in.telnetd[1679]: connect from pubsco.london.sco.COM in.telnetd´ ´10.000000´|´Sep 23 11:43:17 telnetd[1681]: Unable to invoke login scheme telnetd´ ´11.000000´|´Sep 23 11:46:00 telnetd[1722]: Unable to invoke login scheme telnetd´ ´12.000000´|´Sep 23 13:04:34 in.fingerd[1816]: connect from scodox.pdev.sco.COM in.fingerd´ ´13.000000´|´Sep 23 13:55:32 in.telnetd[2034]: connect from localhost in.telnetd´ ´14.000000´|´Sep 23 13:55:41 telnetd[2036]: Unable to invoke login scheme telnetd´