Table of Contents
Advertisement
Filtering Records
The
application supports filtering of events, as they are received from the NSS Auditing
vlog
Engine (
), by using filter patterns. Filter patterns are rules for filtering events. You can use
vigil
either of the following methods to specify filter patterns:
A filter file of filter patterns (consisting of one filter pattern per line) can be specified with the
[-F, --filterFile]
.
]filename
A filter file can contain comment lines. Comment lines begin with a pound sign (
forward slash (
).
//
Individual filter patterns can be specified with the
This option must be followed by a quoted filter pattern.
There are two kinds of patterns that can be specified from a filter file by using the
option, or specified individually in the command by using the
filterFile]
option.
Patterns for filtering records of type VIGIL
Patterns for filtering records of type NSS, NCP, and CIFS
Each of these pattern types are discussed below.
Patterns for Filtering Records of Type VIGIL
Records of type VIGIL represent operations internal to the NSS Auditing Engine. By default,
records of type VIGIL are not filtered from
"Filter Syntax for Type VIGIL Records" on page 17
"Filter Keywords for Type VIGIL Records" on page 18
"Examples for Filtering VIGIL Events" on page 19
Filter Syntax for Type VIGIL Records
The general pattern for filtering records of type VIGIL is:
:[+ or -]KEYWORD [[+ or -]KEYWORD]
A pattern used to filter records of type VIGIL has a colon (
The colon is followed by one or more keywords that represent records that are to be included or
excluded from the
output. Multiple keyword entries are separated by a space. Keywords are
vlog
applied in the order that they appear in the filter pattern.
The specified keyword causes specific records of type VIGIL to be included or excluded from the
output. Each keyword is preceded by an exclude/include character that indicates whether the records
that match the specified pattern should be excluded or included in the
character indicates that the records that are represented by the keyword that follows it should be
excluded from the
output. A plus (
vlog
by the keyword that follows it should be included in the
command line option. This option must be followed by a
's output.
vlog
) character indicates that the records that are represented
+
command line option.
[-p, --pattern]
[-p, --pattern]
) as the first character of the pattern.
:
output. A minus (
vlog
output
vlog
[path/
) or a double
#
[-F, --
)
-
VLOG Utility Man Page
17
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Novell OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
Related Products for Novell OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
- NOVELL IDENTITY MANAGER 3.6.1 - UNDERSTANDING POLICIES 05-06-2009
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 08-04-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - ARCHITECTURE-SPECIFIC INFORMATION 08-05-2008
- NOVELL LOGIN SCRIPTS - 08-2008
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - ADMINISTRATOR REFERENCE 06-17-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - DEVELOPMENT CLIENT REFERENCE 08-28-2009
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - 03-31-2010
- NOVELL SUPPORT ADVISOR - 04-2010
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
Need help?
Do you have a question about the OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010 and is the answer not in the manual?