When VLOG is running, it intercepts, parses, filters, augments, and displays auditing records received from the NSS Auditing Engine (vigil). For information about configuring and using the VLOG utility, see Section 6.0, VLOG Utility Man Page.
The basic functionality includes:
By default, vlog sends its output to stdout in an XML record format. VLOG also supports output in CSV (comma-separated values) format, SENT format (for NetIQ Sentinel/Log Manager products), and CEF (Common Event Format). For information, see VLOG Options.
VLOG allows you to specify which files and directories are to be monitored. You can specify patterns for the file and directory names by using a defined set of search characters. You can specify which file paths are to be included or excluded. For information, see Path Element Options. For examples of path patterns, see Path Element Examples.
VLOG can be configured to log various file system events on files and directories that are reported by the NSS Auditing Engine, including:
delete
create
open
close
rename
link
metadata modified
trustee added or removed
inherited rights modified
For information, see Event Types and Event Type Examples.
These NSS file system events can be audited by NSS, NCP (NetWare Core Protocol), and CIFS sub-types. For information, see Event Sub-Types NSS, NCP, and CIFS and Event Sub-Type Examples.
VLOG can also be configured to report various events internal to the NSS Auditing Engine, referred to as VIGIL events, such as:
Starting or stopping the vigil.ko kernel module
Starting or stopping the vigil.ncp.ko kernel module
Starting or stopping the vigil.nss.ko kernel module
Starting or stopping the vigil.cifs.ko kernel module
Starting or stopping the Auditing Client (an internal construct of the NSS Auditing Engine)
Starting or stopping the Auditing Client User (an internal construct of the NSS Auditing Engine)
Rolling the audit record log file over to a new file when the log reaches an administrator-specified maximum size
For information, see Patterns for Filtering Records of Type VIGIL and Examples for Filtering VIGIL Events.