Event Logs
Page 206 7705 SAR OS System Management Guide
An event log has the following properties:
• a unique log ID
The log ID is a short, numeric identifier for the event log. A maximum of 10 logs
can be configured at a time.
• one or more log sources
The source stream or streams to be sent to log destinations can be specified. The
source must be identified before the destination can be specified. The events can be
from the main event stream, events in the security event stream, or events in the user
activity stream.
• one event log destination
A log can only have a single destination. The destination for the log ID destination
can be one of console, session, syslog, snmp-trap-group, memory, or a file on the
local file system.
• an optional event filter policy
An event filter policy defines whether to forward or drop an event or trap based on
match criteria.
Event Filter Policies
The log manager uses event filter policies to control which events are forwarded or dropped
based on various criteria. Like other policies with the 7705 SAR, filter policies have a
default action. The default actions are either:
•forward
•drop
Filter policies also include a number of filter policy entries that are identified with an entry
ID and define specific match criteria and a forward or drop action for the match criteria.
Each entry contains a combination of matching criteria that define the application, event
number, router, severity, and subject conditions. The entry’s action determines how the
packets should be treated if they have met the match criteria.
Entries are evaluated in order from the lowest to the highest entry ID. The first matching
event is subject to the forward or drop action for that entry.
Valid operators are displayed in Table 27.
To Next Page
Loading...
