1. Using Oracle Solaris 11.4 StatsStore and System Web Interface
  2. Using Command Line Interfaces
  3. Formatting Event Information

Formatting Event Information

In the following examples, an administrator has enabled the svc:/network/smtp:sendmail service. In the examples, the command output is shown 80 characters wide, even when the actual output is a single line.

The fmt.label format shows the label AUE_smf_enable in the value column of the output. 

$ sstore export \
> //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-action//:fmt.label
TIME                VALUE IDENTIFIER
2015-08-30T00:31:14 ('AUE_smf_enable',) //:class.svc//:res.fmri/network/smtp:sen
dmail//:event.adm-action//:fmt.label

The fmt.description format shows a description of the event in the value column, including that the action was enabling a service, the solaris.smf.modify authorization was required, and the value of the general/enabled property of the svc:/network/smtp:sendmail service was changed. 

$ sstore export \
> //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-action//:fmt.description
TIME                VALUE IDENTIFIER
2015-08-30T00:31:14 ('header, 177, 2, persistently enable service instance, , sy
stem1, 2015-08-30 00:31:14.027-07:00, subject, usr1, root, root, root, root, 158
706, 4293668494, 58180 22 dhcp.vpn.example.com, use of authorization, solaris.sm
f.modify, fmri, svc:/network/smtp:sendmail/:properties/general/enabled, return, 
success, 0\n',) //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-action
//:fmt.description

The fmt.summary format shows both the label and the description of the event. 

$ sstore export \
> //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-action//:fmt.summary
TIME                VALUE IDENTIFIER
2015-08-30T00:31:14  //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-a
ction//:fmt.summary
                    0:
                        ts: 1440919874027218
                        label: AUE_smf_enable
                        description: header, 177, 2, persistently enable service
 instance, , system1, 2015-08-30 00:31:14.027-07:00, subject, usr1, root, root, 
root, root, 158706, 4293668494, 58180 22 dhcp.vpn.example.com, use of authorizat
ion, solaris.smf.modify, fmri, svc:/network/smtp:sendmail/:properties/general/en
abled, return, success, 0

If you do not specify any formatting, or if you specify fmt.raw, the output is shown as a list of name-value pairs. 

$ sstore export //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-action
TIME                VALUE IDENTIFIER
2015-08-30T00:31:14  //:class.svc//:res.fmri/network/smtp:sendmail//:event.adm-action
                    0:
                        version: 2
                        event: AUE_smf_enable
                        host: system1
                        iso8601: 2015-08-30 00:31:14.027-07:00
                        subject/audit-uid: usr1
                        subject/uid: root
                        subject/gid: root
                        subject/ruid: root
                        subject/rgid: root
                        subject/pid: 158706
                        subject/sid: 4293668494
                        subject/tid: 58180 22 dhcp.vpn.example.com
                        use_of_authorization/value: solaris.smf.modify
                        fmri/value: svc:/network/smtp:sendmail/:properties/general/enabled
                        return/errval: success
                        return/retval: 0