108.3. Apple System Logs (xm_asl)
This module provides support for parsing Apple System Log (ASL) files. It registers an InputType using the name of the module instance. This module can be used with the im_file module.
108.3.1. Configuration
The xm_asl module accepts only the common module directives.
108.3.2. Fields
The following fields are used by xm_asl.
$raw_event
(type: string)-
The raw log message.
$EventTime
(type: datetime)-
A timestamp for when the event was created by the ASL daemon.
$Facility
(type: string)-
The sender’s facility.
$GroupAccess
(type: integer)-
The GID of the group that has permission to read the message (
-1
for "all groups").
$RecordId
(type: integer)-
A numeric ID for this record.
$Sender
(type: string)-
The name of the process that sent the message.
$SenderGid
(type: integer)-
The group ID (GID) of the process that generated the event (
-1
or-2
may indicate thenobody
ornogroup
groups; see/etc/group
on the source system).
$SenderHost
(type: string)-
The host that the sender belongs to (usually the name of the device).
$SenderPid
(type: integer)-
The ID of the process that generated the event.
$SenderUid
(type: integer)-
The user ID (UID) of the process that generated the event (
-2
may indicate thenobody
group; see/etc/group
on the source system).
$Severity
(type: string)-
The normalized severity of the event, mapped as follows.
ASL Level Normalized Severity 0/EMERGENCY
5/CRITICAL
1/ALERT
5/CRITICAL
2/CRITICAL
5/CRITICAL
3/ERROR
4/ERROR
4/WARNING
3/WARNING
5/NOTICE
2/INFO
6/INFO
2/INFO
7/DEBUG
1/DEBUG
$UserAccess
(type: integer)-
The UID of the user that has permission to read the message (
-1
for "all users").