Log Record Format
TABLE 11-4 contains examples of the filters that you can use to restrict various events.
Table 11-4 Filters for Restriction Various events|
Filter |
Description |
|---|---|
|
loglvl pkt |
Example of what you use to restrict to network packet traffic events. The logiface and logwhy operators imply loglvl pkt |
|
loglvl sess |
Example of what you use to restrict to session summary events. In previous SunScreen releases, the sas_logdump program provided -S and -s options that provided a crude form of the loglvl sess feature. Those options are no longer supported. |
|
loglvl auth |
Example of what you use to restrict to authentication events. |
|
loglvl app |
Example of what you use to restrict to application events. |
The filtering mechanisms inherited from snoop related to IP addresses (for example, host, to, from, dst, src, and naked IP addresses and hostnames) have been extended to filter all event types that contain corresponding IP addresses. For example:
% ... from src host ... |
matches packet, session, and extended events that originated from the given source host.
Similarly, the filtering mechanisms inherited from snoop that are related to TCP and UDP ports (for example, port, dstport and srcport) have been extended to filter all event types that relate to the corresponding services. For example:
% ... port svc ... |
matches packet, session, and extended events that relate to the given service.
- © 2010, Oracle Corporation and/or its affiliates