Configure selogrd to route Start and Shutdown event messages into a file excluding devcalc related messages
search cancel

Configure selogrd to route Start and Shutdown event messages into a file excluding devcalc related messages

book

Article ID: 194505

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

The objective is to configure in log/selogrd.cfg so PIM routes only Start/Shutdown event messages into a file excluding devcalc related Start/Shutdown event messages. Based on documentation, the following configuration in selogrd.cfg should serve the purpose.

-- from here --
etrust down file
file /usr/seos/log/etdown.log
include Code(M).
exclude Code(M) Service(devcalc).
.
-- until here --

However, with above configuration all Start and Shutdown event messages are not output into the file. The destination /usr/seos/log/etdown.log is empty.

If we remove the "exclude Code(M) Service(devcalc)." line from above configuration, all Start and Shutdown messages are output into the destination /usr/seos/log/etdown.log including devcalc related Start and Shutdown event messages.

03 Apr 2020 10:47:25 M START                                    devcalc       
03 Apr 2020 10:47:30 M SHUTDOWN                5e840920:00000152                 0 devcalc

DETAIL
3 Apr 2020 10:47:25 M START                                    devcalc
Event type: Daemon start
Daemon: devcalc
Date: 03 Apr 2020
Time: 10:47

The following configuration doesn't work to achieve the objective.

-- from here --
etrust down file
file /usr/seos/log/etdown.log
include Code(M).
exclude Uid(devcalc).
.
-- until here --

How can we configure to achieve the objective?



Environment

Release : 12.8, 14.1

Component : CA ControlMinder, PIM, PAMSC

Resolution

Please configure the following in log/selogrd.cfg

-- from here --
etrust down file
file /usr/seos/log/etdown.log
include Code(M).
exclude Object(devcalc).
.
-- until here ---

Code(M) = Start and Shutdown events.
Object(devcalc) = the devcalc object

Above configuration will exclude Start and Shutdown events for devcalc.