The table below contains examples of the logdump filters that you can use to restrict the display of various events.
Table 11-4 Examples: Filters for Restriction Various events
Filter |
Description |
---|---|
loglvl pkt |
Restricts output to network packet traffic events. The logiface and logwhy operators imply loglvl pkt. |
loglvl sess |
Restricts output to session summary events. In previous SunScreen releases, the sas_logdump command had-S and -s options that provided a crude form of the loglvl sess feature. Those options are no longer supported. |
loglvl auth |
Restricts output to authentication events. |
loglvl app |
Restricts output to application events. |
The filtering mechanisms inherited from snoop related to IP addresses (for example, host, to, from, dst, src, and naked IP addresses and hostnames) have been extended to filter all event types that contain corresponding IP addresses. For example:
admin% ... ssadm log get from src_host > out_log |
matches packet, session, and extended events that originated from the given source host.
Similarly, the filtering mechanisms inherited from snoop that are related to TCP and UDP ports (for example, port, dstport and srcport) have been extended to filter all event types that relate to the corresponding services. For example:
admin% ... ssadm log get port svc > out_log |
matches packet, session, and extended events that relate to the given service.