DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
The Enhanced Event Logging System

Getting started with EELS

EELS starts intercepting log messages as soon as you restart your system after installing the EELS software and rebuilding the UNIX kernel. By default, EELS will always intercept syslog and cmn_err messages (you can change this by editing /etc/default/eels). Take the following steps to check that everything is working correctly:

  1. Log in as root.

  2. Use telnet(1tcp) to connect to the local host, that is:

    telnet localhost

  3. Enter a username you know will not exist on your system, such as llkkjj and a random password such as 1234.

  4. Press <Ctrl>D to exit the telnet session

    Doing this generates two syslog messages you can now query from the EELS database.

  5. Enter the following command to query the EELS database:

    eels_db_query -q "select UniqEventID,EventSpecificInformation \
    from events"

    The resulting output will look similar to that shown below:

    ´1.000000´|´Sep 23 11:02:47 rpcbind: Could not open connection on nbclts: system error ERROR´
    ´2.000000´|´Sep 23 11:02:47 rpcbind: Could not open connection on nbcots: system error ERROR´
    ´3.000000´|´Sep 23 11:02:55 sendmail[488]: alias database /etc/mail/aliases rebuilt by root sendmail´
    ´4.000000´|´Sep 23 11:02:55 sendmail[488]: /etc/mail/aliases: 2 aliases, longest 10 bytes, 37 bytes total sendmail´
    ´5.000000´|´Sep 23 11:02:55 sendmail[494]: starting daemon (8.8.7): SMTP+queuing@00:01:00 sendmail´
    ´6.000000´|´Sep 23 11:03:57 inetd[1530]: got SC_ENABLE message inetd´
    ´7.000000´|´Sep 23 11:08:34 in.rlogind[1576]: connect from malbec.london.sco.COM in.rlogind´
    ´8.000000´|´Sep 23 11:08:47 in.rlogind[1586]: connect from malbec.london.sco.COM in.rlogind´
    ´9.000000´|´Sep 23 11:43:12 in.telnetd[1679]: connect from pubsco.london.sco.COM in.telnetd´
    ´10.000000´|´Sep 23 11:43:17 telnetd[1681]: Unable to invoke login scheme telnetd´
    ´11.000000´|´Sep 23 11:46:00 telnetd[1722]: Unable to invoke login scheme telnetd´
    ´12.000000´|´Sep 23 13:04:34 in.fingerd[1816]: connect from scodox.pdev.sco.COM in.fingerd´
    ´13.000000´|´Sep 23 13:55:32 in.telnetd[2034]: connect from localhost in.telnetd´
    ´14.000000´|´Sep 23 13:55:41 telnetd[2036]: Unable to invoke login scheme telnetd´
    
The last two entries in the output show the result of the failed telnet session.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004