Summary


Audit log format in BoKS Manager 7.0 has changed so that log messages use an RFC5424-based syslog format. In version 7.0, both FoxT Control Center and the bokslogview command can only read files with the new format. There is a separate boksold2newlog command that can convert old LOG files to the new format. This can be useful after an upgrade.


Procedure

As of BoKS Manager 7.0, audit logs are stored by default in the directory ${BOKS_var}/auditlog. The main log directory and backup directory can be changed using the bokslogadm command. The current file is called BOKS_LOG and previous files have names in the format:

ByyyymmddTHHMMSS.microseconds-yyyymmddTHHMMSS.microseconds

With the name indicating the dates and times of the first and last events contained in the file.

In previous versions the files were stored by default in $BOKS_data, and named LOG (current file) and Lyymmdd_hhmmss-yymmdd_hhmmss (6.6 and 6.7) or Lyymmddyymmdd (6.5.4 and earlier).

The boksold2newlog command can be used to convert old format to new format. It reads from standard input and writes to standard output. One can use redirection to read an old file and write to a new file in the new format:

boksold2newlog < ./L160102_105723-160306_060346 \

> ${BOKS_var}/auditlog/B160102T105723.000000-160306T060346.000000

This will convert the file and put it in the same location as the default. It will not send to syslog or process alarms, if those are configured.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018