Logging Variables

Endpoint Privilege Management for Unix and Linux uses logging variables to store both system and task-specific information. Using the Security Policy Scripting Language, the Security Administrator can query this information and use it to make security-related decisions about the current task request.

The following table summarizes the logging variables.

Variable Description
event Specifies the type of Endpoint Privilege Management for Unix and Linux event that is currently logged. This is a global variable.
eventlog Contains the absolute path specification for the current Endpoint Privilege Management for Unix and Linux event log.
exitdate Contains the completion date for the current task request.
exitstatus Contains the task completion code, also called the return code, for the current task request.
exittime Contains the time, in HH:MM:SS format, of completion for the current task request.
forbidkeyaction Obsolete. Defines the action taken when a forbidden key sequence is entered during the execution of the current request.
forbidkeypatterns Obsolete. Defines the forbidden keystroke sequences, patterns, or both. An element in the forbidkeypatterns list represents each forbidden keystroke pattern or sequence.
i18n_exitdate Contains the UTF-8 encoded completion date for the current task request.
i18n_exittime Contains the UTF-8 encoded completion time for the current task request.
iolog Contains that absolute path specification for the current I/O log file.
logmaximumfailures Controls the maximum number of log failures for a job.
lognopassword Determines whether non-echoed input, such as passwords, is written to the I/O log file when I/O logging is active.
logomit Specifies which Endpoint Privilege Management for Unix and Linux variables to omit from the event log. Use this user-defined variable to reduce the disk space that is used by the event log.
logstderr Specifies whether error output from the current task request is recorded in the I/O log.
logstderrlimit Places a limit on the number of bytes from the standard error stream that Endpoint Privilege Management for Unix and Linux writes to the I/O log at a time.
logstdin Specifies whether input from the current task request is logged to the I/O log.
logstdinlimit Places a limit on the number of bytes from the standard input stream that Endpoint Privilege Management for Unix and Linux writes to an I/O log at a time.
logstdout Specifies whether normal output from the current task request is logged to the I/O log.
logstdoutlimit Places a limit on the number of bytes from the standard output stream that Endpoint Privilege Management for Unix and Linux writes to the I/O log at a time.
passwordloggingprompts

Specifies the password prompts to be recognized when the lognopassword variable is set.