Filter
Top Products
Format Specifications
The format file is made up of one or more format specifications. A format
specification has the following parts:
v Format header
The keyword FORMAT followed by the event class name. This is optionally
followed by the FOLLOWS keyword and a previously defined class name, as
shown in the following example:
FORMAT NT_Share_Dir_Missing FOLLOWS NT_Base
Note: A format specification with the same class name can be defined more than
once. Be careful of using multiply-defined format specification class
names with the FOLLOWS keyword. Since there is no way to specify
which actual format specification is intended, the last one defined in the
file that matches the class name is used.
v Format content
A format string optionally followed by a list of mappings, as shown in the
following example:
%t %s %s %s %s %s %s The server service was unable to recreate
the share %s because the directory %s no longer exists.
sharename $8
directoryname $9
v The END keyword completes the format specification.
The format header, format string, each mapping, and the END keyword must each
begin on a new line, as shown in the following example:
FORMAT NT_Share_Dir_Missing FOLLOWS NT_Base
%t %s %s %s %s %s %s The server service was unable to recreate
the share %s because the directory %s no longer exists.
sharename $8
directoryname $9
END
The FOLLOWS relationship is used to allow specific format specifications to be
built from generic format specifications using inheritance. When format B follows
format A, B inherits all of the mappings (but not the format string) from A. Format
B can define any additional mappings, but any mappings redefined by B are not
inherited from A; that is, format B can override inherited mappings by redefining
them.
System log messages typically have a common format consisting of a time stamp, a
host name, and event text. These system log message components are represented
in a format string using a component-specifier notation very similar to the printf()
notation used in the C programming language. The following format string
describes the entire class of system log messages produced by the UNIX syslogd
daemon:
%t %s %s*
System log messages are tokenized into constants and white space. A constant is
any consecutive string of non-white spaces. The component specifiers allow the
constants and white space to be grouped into more complex tokens when trying to
match a format string with a specific message. The component specifiers always
end in a constant and not white space. The component specifiers are as follows:
v %[length]s
146 IBM Tivoli Enterprise Console: Adapters Guide