Chapter 9. UNIX Log File Adapter
The TME UNIX log file adapter receives raw log file information from the UNIX
syslogd daemon, formats it, and sends it to the IBM Tivoli Enterprise Console
gateway. The IBM Tivoli Enterprise Console gateway then sends the information to
the event server. The non-TME UNIX log file adapter sends information directly to
the event server.
The UNIX log file adapter adds entries into the /etc/syslog.conf file to enable the
adapter to monitor events that the syslogd daemon writes to various log files. The
adapter can also be configured to monitor any ASCII log file for information that is
important to the operation of your enterprise.
The UNIX log file adapter can only parse log files that create raw event
information in single-line form for each event. You must preprocess log files that
contain raw event information in multiple-line form or if the update quantity or
rate is extremely high.
This chapter explains how to configure and start the UNIX log file adapter.
Event Server Configuration
At the event server, the BAROC file and rule set file must be imported into a rule
base and then compiled. This rule base must then be loaded and made the active
rule base. See the IBM Tivoli Enterprise Console Rule Builder’s Guide for additional
information about the steps to do these tasks.
Note: The Default rule base, as shipped, is already configured using the BAROC
file and default rule file for the UNIX log file adapter.
Starting the Adapter
Use the init.tecad_logfile start command in the background to manually start the
adapter. Always use this command to ensure that the syslogd daemon is properly
configured to send messages to the adapter.
In most situations, the start-up process takes 40 seconds, at which time the syslogd
daemon is refreshed. If you want to give the adapter additional seconds to
complete its startup, specify the –tstartup_time option for the init.tecad_logfile start
command. There cannot be a space between the option letter and the option value.
This option is useful if the adapter does not receive events because the syslogd
daemon is not properly refreshed.
Note: The endpoint adapter is automatically started as a step in the adapter
installation process when the adapter configuration profile (ACP) is
distributed using the Adapter Configuration Facility (ACF).
© Copyright IBM Corp. 2002 101