The Enhanced Event Logging System

• kernel and user level APIs for event logging (XDAS)

• kernel and user level APIs for general logging (for example, error messages)

• powerful tools for log importing, analysis, archival and reporting

EELS provides this centralized mechanism by intercepting logging information from multiple sources and storing it in one or more databases. These databases can be queried by EELS analysis tools such as eels_db_query(1Meels). The information that EELS stores in the database can either be intercepted in real-time, or it can be periodically imported from a log file.

Information collected in real-time originates from sources that are directly supported by the EELS daemon. Supported sources are:

• syslog and OSM (cmn_err)

• auditing

• EELS user level API

• EELS kernel level API

• XDAS API

Periodic log importing enables arbitrary log files to be imported into the EELS database. Before a log file can be imported, a filter script must first be written that converts the proprietary format of the log file to a format that is understood by EELS. EELS can be configured to monitor a log file and import records when the log file size changes. Alternatively, you could use cron(1M) to schedule the importing of a log file at a predefined time irrespective of file size changes. For more information on writing log import scripts, see ``Importing external log files''. For more information on configuring EELS to monitor the size of log files, see ``Dynamic log import''.

A set of command line tools are provided to administer the EELS environment, query the EELS database, generate reports and archive data. These tools are:

• eels_db_admin(1Meels)

• eels_db_query(1Meels)

• eels_log_archive(1Meels)

• eels_log_import(1Meels)

• eels_log_restore(1Meels)

• eels_log_report(1Meels)