SunScreen 3.2 Administrator's Overview

Extended Log Event Enhancements

The extended events added to the SunScreen log contain additional fields as previously described (severity code and program component name). The extended log mechanism has been generalized to enable a wide variety of events to be recorded in the log. Because of the self-described syntax used, virtually any event can be added to the log in this manner.

logdump allows discrimination of extended events based on their severity code. The logsev operator provides this ability. The operand for logsev is one of the severity pseudonyms emerg, alert, crit, err, warn, note, info, or debug. These same designators are used to restrict the actual logging of these events. For example:

admin% ssadm -r Screen log get | ssadm logdump -i- logsev warn ...

matches extended events of a severity warning or greater.

logdump allows discrimination of extended events based on the name of the program component that logged them. The logapp operator performs this restriction. The operand for logapp is a string that is the name of a program component. For example:

admin% ssadm -r Screen log get | ssadm logdump -i- logapp ftpp ...

matches extended events for the FTP proxy.

Note -

The logsev and logapp operators imply a filter of ( loglvl auth or loglvl app ).

All extended log events share some common optional attributes. These attributes are optional because they only occur in log events where they make sense. They are common in the sense that they are handled in a consistent way. These attributes are shown in the table below.

Table 11-5 Optional Attributes


Attribute	Description
`sess_ID`	A session serial number, used to recognize various events that are related to each other
`proto_ip`	IP protocol number (usually 6 for TCP or 17 for UDP)
`src_ip`	IP source address
`src_port`	IP source port number
`dst_ip`	IP destination address
`dst_port`	IP destination port number
`reason`	Short description of the event
`msg`	Generic message text