Appendix G. Predefined Log Mapping

Predefined mappings are available for integrating the following log resources into the Log Central system with Log Monitor:

For more information about the storage format of Log Central messages, refer to Chapter 4, "Integrating Logs into Log Central."

BEA TUXEDO Message Mapping

The following graphic shows the predefined mapping of a typical BEA TUXEDO ULOG message to a Log Central message.

The Log Monitor command to perform this mapping follows: 

log_monitor -P TUXEDO -i ULOG.071598

Log Central Message Fields

The following graphic shows the fields of a Log Central message.

Windows NT Event Log

The following table shows the predefined mapping of a Windows NT event log to a Log Central message.

Log Central Field Value

Date

NT Event date + Time

Body

NT Event description

Message ID

NT Event ID

Subsystem

NT Event Source

Host

NT Event Computer

Process ID

PID of log_monitor

Function

None

Transaction ID

0

User ID

NT Event User

Version

1 (If message body is greater than 2000 characters, then multiple messages are sent, incrementing the version number.)

The Log Monitor command to perform this mapping follows: 

log_monitor -P NTEVENT

Oracle Alert Log

The following table shows the predefined mapping of an Oracle alert log to a Log Central message.

Log Central Field Value

Date

Alert log date

Body

Multiline message in Alert log

Message ID

999

Subsystem

ORACLE

Host

Host where the log_monitor process is running

Process ID

PID of log_monitor

Function

None

Transaction ID

0

User ID

User name of the log_monitor process

Version

1 (If message body is greater than 2000 characters, then multiple messages are sent, incrementing the version number.)

The Log Monitor command to perform this mapping follows: 

log_monitor -P ORACLE -i alert_log_file