The System Event Log consists of two files: SYSLOGDT.FCS and SYSLOGIX.FCS. Retrieving event log entries is easily done using the FairCom DB search functions such as FirstInVSet() or GetGTEVRecord(). SYSLOGIX.FCS contains two indexes over the system log data based on the following fields in the SYSLOGrec structure:
Search the first index for entries with a given event class code or evclass/event combination. Use the second index to read the entries in time order. Open the log files, SYSLOGDT.FCS and SYSLOGIX.FCS, from a client application with the call below, which returns a negative on error or the filno of the log file on success:
filno = OpenFileWithResource(-1,"SYSLOGDT.FCS",ctSHARED);
To determine how many entries are in the system log, use a call of the form below, where filno is returned from the OpenFileWithResource() as noted above. Use filno + 1 to reference the event class based index. Use filno + 2 to reference the time based index. For example:
NbrOfKeyEntries(filno + 1);
SYSLOGDT.FCS is a FairCom DB variable-length data file with a record for each auitable system event. Each entry in SYSLOGDT.FCS is a variable-length record using the SYSLOGrec structure defined in ctport.h and shown below:
typedef struct ctslog {
LONG evclass; /* overall type of entry */
LONG event; /* the particular event code */
LONG date; /* date measured in days: r-tree compatible */
LONG time; /* seconds past midnight */
LONG rsvrd; /* for future use */
LONG seqnm; /* sequence number */
LONG error; /* uerr_cod at time of entry */
TEXT userid[SYSLOGidz]; /* logon user ID */
TEXT nodnam[SYSLOGidz]; /* logon node name */
UCOUNT vlen; /* length of variable region */
TEXT vfld[2]; /* beginning of variable region */
} SYSLOGrec, ctMEM * pSYSLOGrec;
Overlay this structure on a buffer capable of holding an entire record. If the buffer is SYSLOGmax bytes, it will hold any entry in the system log. The maximum length for the variable-length portion of the log entry is given by the constant SYSLOGvar, which defaults to 8100. The fixed length user ID and node name fields are SYSLOGidz bytes, which defaults to 32. These defaults are set in ctport.h.
Example
SYSLOG SQL_STATEMENTS events can be logged for auditing and viewed with the ctalog utility. The output is similar to the following.
Class = 16 (SQL)
Event = 1 (SQL statement)
Date = 09/24/2020
Time = 17:40:11
Sequence number = 37
Error code = -20005
User ID = 'admin'
Node name = 'isql'
Variable-length information:
---------------------------------------------------
{"timestamp":"Tue Sep 24 17:40:27 2020","ipaddr":"127.0.0.1","db":"CTREESQL","user":"admin","thread":29,"statement":"select * from missingtable"}
---------------------------------------------------