Events that are forwarded by event control are sent to the log manager. The log manager manages the event logs in the system and the relationships between the log sources, event logs and log destinations, and log filter policies.
An event log has the following properties:
a unique log ID
The log ID is a short, numeric identifier for the event log. A maximum of 30 logs can be configured at a time.
one or more log sources
The source stream or streams to be sent to log destinations can be specified. The source must be identified before the destination can be specified. The events can be from the main event stream, events in the security event stream, or events in the user activity stream.
one event log destination
A log can only have a single destination (for example, syslog or memory).
an optional event filter policy
An event filter policy defines whether to forward or drop an event or trap-based on match criteria.