Filter
Top Products
Matches one constant in the message. The optional length is a decimal number
of any size and allows the constant to be truncated to the length if the constant
actual length is greater than the specifier length.
v %[length]s*
Matches zero or more constants in the system log message. The optional length
is a decimal number of any size and allows any of the accumulated constants to
be truncated to the length if the constant actual length is greater than the
specifier length.
v %[length]s+
Matches one or more constants in the message. The optional length is a decimal
number of any size and allows any of the accumulated constants to be truncated
to the length if the constant actual length is greater than the specifier length.
v %t
Matches a time stamp of the following form:
month date time
Log File Example
The following successful su message from a system log is an example of matching
a system log message to the generic format specification mentioned in the
preceding section:
Sep 13 12:17:11 elcap su: ’su root’ succeeded for tjones on /dev/ttyp0
The component specifiers and matches are as follows:
%t Sep 13 12:17:11
%s elcap
%s* su: ’su root’ succeeded for tjones on /dev/ttyp0
The system log message contains some constant parts and some variable parts. The
constant parts of the system log message will be the same for any successful su
message. The constant parts are as follows:
v su: ’su
v ’ succeeded for
v on
The variable parts of the example system log message are as follows:
v Sep 13 12:17:11
v elcap
v root
v tjones
v /dev/ttyp0
The following example shows how the variable data differs in another successful
su message:
Sep 29 14:57:28 aspen su: ’su root’ succeeded for jsmith on /dev/ttypd
The general format specification %t %s %s* can be specialized for the Su_Success
event class as follows:
%t %s su: ’su %s’ succeeded for %s on %s
Appendix B. Format File Reference 147