Logging variables
Logging variables store system and task-specific information. Using the Security Policy Scripting Language, the Security Administrator can query this information and use it to make security-related decisions about the current task request.
event
Data type
String
Description
The event variable specifies the type of Endpoint Privilege Management for Unix and Linux event that is currently logged. This is a global variable.
Valid values
| accept | The current task request has passed security policy file validation criteria. |
| finish | The task has completed execution. |
| keystroke | The current task was terminated because of a forbidden keystroke pattern. |
| reject | The current task request did not pass security policy file validation criteria and was not executed. |
This variable appears only in the event log.
For more information, see Accept/Reject Logging.
eventlog
Data type
String
Description
The eventlog variable contains the absolute path specification for the current event log. The default value comes from the settings file or depends on the operating system, but this policy variable always supercedes those other definitions. Any parent directory in the path is automatically created.
Beginning in version 10.3.0, new event log formats, such as SQLite DB and ODBC, were introduced. However, the filename specified by the eventlog variable in the policy is always created in the original proprietary flat file format.
Syntax
eventlog = <absolute filename >
Valid values
A string that contains the absolute path specification for the event log for the current secured task.
Example
In the following example, the path defined by the eventlog policy variable overrides the default value in the settings file.
eventlog = '/var/log/pmul/hr001/pb.eventlog';
For more information, see the settings keywords for eventdestinations and eventlog.
exitdate
Data type
String, read-only
Description
The exitdate variable contains the completion date from the policy server for the current task request. The date is in YYYY/MM/DD format.
Valid values
A string that contains the task completion date, in YYYY/MM/DD format, for the current task request. This is a read-only variable and appears only in the event log.
exitstatus
Data type
String, read-only
Description
The exitstatus variable contains the task completion code, also called the return code, for the current task request.
Valid values
| "The command exited with a status of x" | Where x is the status code that is returned by the current task request. |
| "Command caught signal ## (XXXX)"** | A signal that terminated the current task request. |
| "Idle Timeout Reached" | The current task request terminated because it exceeded the maximum idle time. The runtimeout variable sets the maximum idle time. |
| "Exec failed" | The command that is associated with the current task request was not found. |
| undefined | EPM-UL was unable to execute the command that is associated with the current task request. In this case, the exitstatus variable is undefined (that is, it has a string length of 0). This status indicates that the task may still be running, or aborted due to a network or other crash. |
This variable appears only in the event log.
exittime
Data type
String, read-only
Description
The exittime variable contains the completion time (that is, the time of day that the task completed), for the current task request, from the policy server in HH:MM:SS format.
Valid values
A string that contains the completion time for the current task request, in HH:MM:SS format. This is a read-only variable and appears only in the event log.
forbidkeyaction
Data type
String
Description
Obsolete. The forbidkeyaction variable defines the action to take if a forbidden key sequence is entered during the execution of the current request.
Syntax
forbidkeyaction = action;
Valid values
| reject | Immediately terminate the current task request. |
| ignore | Take no action; continue with task processing. |
| Alert or any other string | Log the event in the event log with the specified string and continue with task processing. |
The default value is empty and no action is taken.
Examples
forbidkeyaction = "reject";
forbidkeyaction = "alert";
For more information, see forbidkeypatterns and setkeystrokeaction.
forbidkeypatterns
Data type
List
Description
Obsolete. The forbidkeypatterns variable defines the forbidden keystroke sequences, patterns, or both. An element in the forbidkeypatterns list represents each forbidden keystroke pattern or sequence.
Wildcard search characters, along with other special characters, can be used to create a keystroke sequence or pattern.
The Endpoint Privilege Management for Unix and Linux Security Policy Scripting Language supports the standard set of shell-style, wildcard search characters. These are used for searches by the in operator and for forbidden and warning keystroke patterns.
Syntax
forbidkeypatterns = {"pattern1", "pattern2", "pattern3", ...};
Valid values
A list in which each element represents a forbidden keystroke sequence or pattern. This variable has no default value.
Example
forbidkeypatterns = {"*/bin/rm*", "*rm *", "*xterm*"};
For more information, see forbidkeyaction, setkeystrokeaction, and Wildcard Search Characters.
i18n_exitdate
Data type
UTF-8 encoded string, read-only
Description
The i18n_exitdate variable contains the completion date from the policy server for the current task request. It is formatted according to the operating system’s locale settings.
Valid values
A UTF-8 encoded string that contains the task completion date for the current task request. This read-only variable appears only in the event log.
i18n_exittime
Data type
UTF-8 encoded string, read-only
Description
The i18n_exittime variable contains the completion time (that is, the time of day that the task completed), for the current task request. It is formatted according to the operating system’s locale settings.
Valid values
A UTF-8 encoded string that contains the completion time for the current task request. This read-only variable appears only in the event log.
iolog
Data type
String
Description
The iolog variable contains the absolute path specification for the current I/O log file. The default value for this variable is undefined, which does no I/O logging. The iolog file can log standard input, standard output, and standard error information that is associated with the current task request. Any parent directory in the path is automatically created.
Syntax
iolog = string;
Valid values
A string that contains the absolute path specification for the current iolog file. The default value is undefined.
Example
iolog = "/var/log/sample.log";
lognopassword
Data type
Boolean
Description
The lognopassword variable determines whether non-echoed input, such as passwords, is written to the I/O log file when I/O logging is active.
Starting with version 7.0.0, all input and output is logged until a password prompt is recognized on stdout. Password prompts to recognize must be listed in the policy language list variable passwordloggingprompts which defaults to {"Password:", "password:", "Passwd:", "passwd:"} for v7.0.0 to v7.5.0, and to {"Password", "password", "Passwd", "passwd"} for v7.5.1 and later.
After a password prompt is recognized, non-echoed stdin is not logged until a newline is received, or until input exceeds 80 characters.
Syntax
lognopasswd = boolean;
Valid values
| true | Do not log passwords (or other non-echoed input). |
| false | Log all input keystrokes. This setting is the default. |
The initial lognopassword value comes from the settings file. If passwordlogging is set to never, lognopassword is set to true and becomes read-only.
Example
lognopassword = true;
For more information, see passwordloggingprompts.
logomit
Data type
List
Description
The logomit variable specifies which EPM-UL user-defined variables to omit from the event log. Use this variable to reduce the disk space that is used by the event log. Metacharacter patterns can be used. By default, this variable is undefined, which means that all Endpoint Privilege Management for Unix and Linux variables are written to the event log. Beginning with Endpoint Privilege Management for Unix and Linux 4.0, logomit can accept templates.
Syntax
logomit = list;
Valid values
A list in which each element names an Endpoint Privilege Management for Unix and Linux user-defined variable to omit from the event log. The default value is undefined.
Example
logomit = {"a", "b"};
For more information, see env.
logretrylimit
Data type
Integer
Description
Controls the maximum number of log failures for a job. When the maximum number of failures is exceeded, the secured task terminates.
The default is 25. If logretrylimit is set to 0, Endpoint Privilege Management for Unix and Linux will keep trying to log data no matter how many failures occur.
Syntax
logretrylimit= non-negative-integer;
Valid values
0 to max_int.
Example
logretrylimit = 20;
logstderr
Data type
Boolean
Description
The logstderr variable specifies whether error output from the current task request is logged to the I/O log. The default value is true.
Syntax
logstderr = boolean;
Valid values
| true | Log task error information from stderr. This value is the default. |
| false | Do not log task error information from stderr. |
Example
logstderr = true;
logstderrlimit
Data type
Integer
Description
The logstderrlimit variable places a limit on the number of bytes from the standard error stream that EPM-UL writes, at a time, to the I/O log. When data appears on any of the other channels, this variable is reset to zero. A value of 0 results in no limit to the amount of stderr data sent to the I/O log. To turn off the logging of task standard error data, set the logstderr variable to false.
Syntax
logstderrlimit = number;
Valid values
| integer | An integer specifying the maximum number of bytes. |
| 0 | No limit on the number of bytes. This setting is the default. |
Example
logstderrlimit = 4096;
logstdin
Data type
Boolean
Description
The logstdin variable specifies whether input from the current task request is logged to the I/O log. The default value is true.
Syntax
logstdin = boolean;
Valid values
| true | Log task input information from stdin. This value is the default. |
| false | Do not log task input information from stdin. |
Example
logstdin = false;
logstdinlimit
Data type
Integer
Description
The logstdinlimit variable places a limit on the number of bytes from the standard input stream that Endpoint Privilege Management for Unix and Linux writes, at a time, to the I/O log. When data appears on any of the other channels, the this variable is reset to zero. A value of 0 has the effect of placing no limit on the amount of stdin data sent to the I/O log. To turn off the logging of standard input data to the I/O log, set the logstdin variable to false.
Syntax
logstdinlimit = number;
Valid values
| positive integer | An integer specifying the maximum number of bytes. |
| 0 | No limit on the number of bytes. This value is the default. |
Example
logstdinlimit = 512;
logstdout
Data type
Boolean
Description
The logstdout variable specifies whether output from the current task request is logged to the I/O log. The default value is true.
Syntax
logstdout = boolean;
Valid values
| true | Log task output information from stdout. This value is the default. |
| false | Do not log task output information from stdout. |
Example
logstdout = 1;
logstdoutlimit
Data type
Integer
Description
The logstdoutlimit variable places a limit on the number of bytes from the standard output stream that Endpoint Privilege Management for Unix and Linux writes to the I/O log at a time. When data appears on any of the other channels, this variable is reset to zero. A value of 0 has the effect of placing no limit on the amount of stdout data sent to the I/O log. Set the logstdout variable to false to turn off the logging of standard output data to the I/O log.
Syntax
logstdoutlimit = number;
Valid values
| positive integer | An integer specifying the maximum number of bytes. |
| 0 | No limit on the number of bytes. This value is the default. |
Example
logstdoutlimit = 200;
For more information, see logstdout .
passwordloggingprompts
Data type
List
Description
The passwordloggingprompts variable controls the lognopassword feature. When passwords should not be logged, all input and output are logged until a password prompt is recognized on stdout. Password prompts to recognize must be listed in the passwordloggingprompts variable. When a password prompt is recognized, non-echoed stdin is not logged until a newline is received, or until input exceeds 80 characters.
Syntax
passwordloggingprompts = list;
Valid values
A list of character values.
The default list for v7.0.0 to v7.5.0 is {"Password:", "password:", "Passwd:", "passwd:"}.
The default list for v7.5.1 and later is {"Password", "password", "Passwd", "passwd"}.
Examples
Set the list to a single prompt to recognize:
passwordloggingprompts = {"Enter ANY string:"};
Set the list to three prompts to recognize:
passwordloggingprompts={"Enter ANY string:", "password:", "passwd:"};
Append the prompt "Enter key:" to the list:
passwordloggingprompts={passwordloggingprompts,"Enter key:"};
passwordloggingprompts={passwordloggingprompts,"Enter key:"};
passwordloggingprompts={passwordloggingprompts,"Enter key:"};
passwordloggingprompts={"Enter ANY string:", "password:", "passwd:"};
Append the prompt "Enter key:" to the list:
passwordloggingprompts={passwordloggingprompts,"Enter key:"};
Updated 5 days ago