Logs

In essence, event logs are records of occurred events, stored in YourSixOS's database.

Event logs can be used when an incident is being investigated and the investigator needs to correlate detections from multiple event-emitting resources to build a holistic understanding of what happened during the incident. For example; the barrier was forced open, and just prior to that, the smoke alarm went off. Event logs can also be used to seek quickly in video material (in other words: directly jump to the time of an event).

Log views

Matrix

Users may choose to view events as timeline markers in Matrix. Event markers provides an easy way to quickly seek in recorded material (e.g. video, audio or sensor values).

Read more about Matrix.

Search

Users may also choose to search for logged events, using a traditional search function. The search function provides an easy way to get a table-formatted report of specific events (from specific emitters and types) that occurred during a specified time frame.

Read more about event search.

Inspect

YourSixOS Inspect (which is the hosted central station application) provides the central station with an easy way to seek in recorded material, similar to the functionality Matrix provides.

Read more about central central station integrations and the Inspect application.

Central station software

Third-party central station software may provide functionality to render logged events in a table view and/or on a timeline.

Read more about central station integrations.

Central station software

Third-party central station software may provide functionality to render logged events in a table view and/or on a timeline.

Read more about central station integrations.

Log rules

In order to actually store records of relevant events, an administrator needs to set up a log rule to let YourSixOS know that an event should be logged. A log rule, currently, only consists of one component: a scope matcher, which controls inclusion based on attributes.

INFO

Before a log rule will actually index and store any event, retention time must be configured on the device.

Attribute matchers

An attribute matcher is a function that compares the value of an attribute of an event with the value selected with the matcher. The user interface typically shows the name of various resources (e.g. a site name), but the matched attribute is the ID of that resource (e.g. the site id).

Two kinds of matchers exist: scope matchers and filter matchers.

Scope matchers

Available scope matchers include:

• Site: siteId
• Alarm group: groupId
• Device: deviceId
• Barrier: barrierId

A scope matcher's function is easy to understand: if an event's data model has the attribute matched by the matcher, the rule will pass through the event to the filter matchers.

In order to know what attributes an event has, check the event catalog. If an event has deviceId as an attribute, one can use the Device matcher to match that event.

WARNING

Scope matchers are combined using OR-logics; the more scope matchers you include on the rule, the wider the scope is.