test

SunScreen 3.1 Reference Manual

Log Filters and the logdump Command

Filtering a Screen's logs employs a common filtering mechanism and language, regardless of the context in which it is used. These are embodied in the logdump command. logdump is based on, and is a superset of, the snoop program, which is provided with the standard Solaris operating environment.

logdump can be used on an Administration Station to filter and inspect logs during active retrieval or on logs previously retrieved and stored. In conjunction with the logmacro facility, predefined filters can be employed to simplify and regularize routinelog processing tasks.

The general usage for logdump is as a subcommand of ssadm. ssadm provides character-set translation between strings embedded in log events and the local character set of the Solaris system on which it runs.

Remember that although logdump is used directly as an ssadm subcommand, all other places in SunScreen where log filtering is allowed employ the same filter specification language. Hence, examples in this manual section should be viewed as prototypical of these other usage contexts.

Nominally, logdump input is either a log record stream directly from a possibly remote Screen, or captured log records from a file. This source of input is specified by the -i option.

The following is an example of what you would type to process (piped-in) records from the standard input:


% ssadm -r Screen log get | ssadm logdump -i- [output args] [filter args]

The following is an example of what you would type to process local file log record input:


% ssadm logdump -ilocal_log_file
[output args] [filter args]

logdump fundamentally outputs either a stream of log records or readable text in various formats (after applying specified filters).

The presence of the -o option causes (binary) log records to be produced, for example:


%ssadm logdump -i input arg
-o local_log_file
[filter args]

To output readable text, omit the -o option.

The formatting options for readable text are common to snoop; these are -v, -V, -t[r|a|d], and -xoffset[,length].