Download as PDF
The system logs from a Unix machine are labeled with the box.unix tag.
- The tag may contain additional elements, preserving the original tag of the syslog event. Devo does not analyze these additional elements, so there is complete freedom in content.
- We assume the events have the traditional syslog format specified at The BSD syslog Protocol. The field with the message is not submitted to any kind of parsing, but you can run searches on it with the available operations to treat character strings.
- It conserves the syslog priority, as well as two separate fields: facility and level.
- In Unix, the system events are collected with a local syslog daemon. The easiest way to send these events to Devo is to set the local collector to forward them.