3 destination and filtering of audit log data – HP Hitachi Dynamic Link Manager Software User Manual

2. HDLM Functions

49

For details on how to enable

syslog

, see 2.11.3 Destination and Filtering

of Audit Log Data or the AIX documentation.

• You might need to perform operations such as changing the log size and

backing up and saving collected log data, because the amount of audit log

data might be quite large.

• If the severity specified by the HDLM command's

set

operation differs

from the severity specified by the configuration file

/etc/syslog.conf

,

the higher severity level is used for outputting audit log data.

2.11.3 Destination and Filtering of Audit Log Data

Audit log data is output to

syslog

. Because HDLM messages other than audit log data

are also output to

syslog

, we recommend that you specify the output destination that

is used exclusively for audit log data.
For example, to change the output destination of audit log data to

/usr/local/

audlog

, specify the following two settings:

• Specify the following setting in the

/etc/syslog.conf

file:

local0.info /usr/local/audlog

• Use the HDLM command's

set

operation to specify

local0

for the audit log

facility:

You can also filter the audit log output by specifying a severity level and type for the

HDLM command's

set

operation.

Filtering by severity:

The following table lists the severity levels that can be specified.
Table 2-11: Severity Levels That Can Be Specified

Severity

Audit log data to output

Correspondence with syslog

severity levels

0

None

Emergency

1

Alert

2

Critical

Critical

3

Critical and Error

Error

4

Critical, Error, and Warning

Warning

5

Notice

6

Critical, Error, Warning, and Informational

Informational