IBM Enterprise Console manual string constant, PRINTF statement, DEFAULT keyword, LABEL keyword

The mapping part of a format specification consists of zero or more lines that contain a BAROC file attribute name followed by a value specifier. The value specifiers can be one of the following types:

$i Where i indicates the position of a component specifier in a format string. Each component specifier is numbered from 1 to the maximum number of component specifiers in the format string. For example, in the specialized format specification for the Su_Success event shown following, the third %s component specifier (in bold) would be referred to in any mappings as $4.

%t %s su: ’su %s’ succeeded for %s on %s

The value of a $i value specifier (also referred to as a variable) is the portion of the system log message that was consumed by the component specifier.

string constant

The value of the attribute is the specified string. If the string is a single constant, it can be specified without surrounding double quotation marks (″ ″); otherwise, double quotation marks must be used.

PRINTF statement

Creates more complex attribute values from other attribute values. The PRINTF statement consists of the keyword PRINTF followed by a printf() C-style format string and one or more attribute names. The format string only supports the %s component specifier. The values of the attributes that are used in the PRINTF statement must also have been derived from either a $i value specification or a constant string value specification (they cannot be derived from another PRINTF statement). The value of the argument attributes will be used to compose a new constant string according to the format string. This new constant string becomes the value of the attribute.

The following example shows how the msg attribute is assigned the constant string value of date set by mfoster. User ID mfoster was

derived from the value assigned to the set_by attribute.

msg PRINTF("date set by %s", set_by)

DEFAULT keyword

Indicates the adapter uses its internal logic to assign a value to the indicated attribute. For example, the UNIX syslogd messages contain the host name where the message was logged; the adapter can use this name to derive the origin attribute (the protocol address or host name of the originating host).

Note: Adding new DEFAULT mappings also requires changes to an adapter source code to add new logic for obtaining attribute values.

Because DEFAULT is a keyword, a constant mapping whose value is the string DEFAULT must be specified in double quotation marks (″ ″).

LABEL keyword

Indicates the type of machine on which the adapter is running, which provides better control over the hostname attribute coming from the adapter. For a managed node, the value is the managed node name; in an endpoint, it is the endpoint name, which is listed in last.cfg as lcs.machine_name. In a non-TME adapter, the value is the host name of the machine.

150IBM Tivoli Enterprise Console: Adapters Guide