IBM Enterprise Console manual Format Specifications, v %lengths

Format Specifications

The format file is made up of one or more format specifications. A format specification has the following parts:

vFormat header

The keyword FORMAT followed by the event class name. This is optionally followed by the FOLLOWS keyword and a previously defined class name, as shown in the following example:

FORMAT NT_Share_Dir_Missing FOLLOWS NT_Base

Note: A format specification with the same class name can be defined more than

once. Be careful of using multiply-defined format specification class names with the FOLLOWS keyword. Since there is no way to specify which actual format specification is intended, the last one defined in the file that matches the class name is used.

vFormat content

A format string optionally followed by a list of mappings, as shown in the following example:

%t %s %s %s %s %s %s The server service was unable to recreate the share %s because the directory %s no longer exists. sharename $8

directoryname $9

vThe END keyword completes the format specification.

The format header, format string, each mapping, and the END keyword must each begin on a new line, as shown in the following example:

FORMAT NT_Share_Dir_Missing FOLLOWS NT_Base

%t %s %s %s %s %s %s The server service was unable to recreate the share %s because the directory %s no longer exists. sharename $8

directoryname $9

END

The FOLLOWS relationship is used to allow specific format specifications to be built from generic format specifications using inheritance. When format B follows format A, B inherits all of the mappings (but not the format string) from A. Format B can define any additional mappings, but any mappings redefined by B are not inherited from A; that is, format B can override inherited mappings by redefining them.

System log messages typically have a common format consisting of a time stamp, a host name, and event text. These system log message components are represented in a format string using a component-specifier notation very similar to the printf() notation used in the C programming language. The following format string describes the entire class of system log messages produced by the UNIX syslogd daemon:

%t %s %s*

System log messages are tokenized into constants and white space. A constant is any consecutive string of non-white spaces. The component specifiers allow the constants and white space to be grouped into more complex tokens when trying to match a format string with a specific message. The component specifiers always end in a constant and not white space. The component specifiers are as follows:

v%[length]s

146IBM Tivoli Enterprise Console: Adapters Guide