Mise en cascade
11/19

Mise en cascade

Les mêmes champs se retrouvent souvent :
HOST, PROC.NAME, SEV, ... 

<log:RCVD log:HOST=central_log_server.somewhere.com                   
 log:DATE=1999-10-27T3:00 log:SEQ=403409 >
    <log:RCVD log:HOST=log_relay.somewhere.com
     log:DATE=1999-10-27T2:59 log:SEQ=56789 >
        <log:RCVD log:HOST=originating_host.somewhere.com                
         log:DATE=1999-10-27T2:58 log:SEQ=12324 >
            <log:EVNT log:SEV=80                                      
             log:PROC.NAME="Audit/Tripwire" log:PROC.ID=1234
             log:MSG="unexpected file" log:DOC="/a/b/c"/>               
        </log:RCVD>                                            
    </log:RCVD>                                               
</log:RCVD>                                                       

<log:RCVD log:HOST=myhost log:DATE=1999-10-27T2:58>                     
    <log:EVNT log:SEV=80           
     log:PROC.NAME="Audit/Tripwire" log:PROC.ID=1234           
     log:MSG="unexpected file">                                     
        <log:EVNT log:DOC="/a/b/c"/>                                  
        <log:EVNT log:DOC="/a/b/d"/>                                     
        <log:EVNT log:DOC="/a/b/e"/>                                     
    </log:EVNT>                           
</log:RCVD>
HSC
© 2000 Hervé Schauer Consultants
Hervé Schauer Consultants
4 bis rue de la gare. 92300 LEVALLOIS-PERRET
tel:+33.141.409.700 fax:+33.141.409.709 - secretariat@hsc.fr