Domain log filters are divided into three groups: package related,
security related and application connections. There are important guidelines you should
consider when you are creating domain log filters, since certain combinations may not work
as expected.
- The "OR" logical operator is used for the filters in same group. The domain
log
is
generated only if there is at least one filter group allowing the subsystem, and
no filter group disallowing it.
- A filter
is
applied only if the subsystem includes the corresponding column, and the column
has a value when logging. For example, the operation filter in the
package-related group can be applied for Application and Operation Replay;
Application and DS Interface; and all Connection subsystems. If the operation
has no value in the logging context when logging (which is possible for
Application and DS Interface, and all
Connection
subsystems), the operation filter
does
not take effect.
- If one filter is not applied, the permission is neither allowed nor
disallowed, and other filters (groups)
determine
whether to generate domain logs. If no filter group
is
allowed, the domain log
is
not
generated.
For example, say a filter is set for
both operation and security:
- For subsystems that do not apply the operation filter—such as
Data Sync, Cache Refresh and Device Notification—domain logs
are
generated
only
for security configuration filter matches.
- For the Operation Replay subsystem, domain logs
are
generated
only
for operations filter matches.
- For the DS Interface and Connection subsystems, domain logs
are
generated
only
for operation filter matches and null generated domain
logs.
If only the operation filter is selected, then only operations matching the
operation filter generate domain logs in the Operation Replay, DS Interface, and
Connection subsystems. Subsystems that do not apply operation
filters do
not generate any domain logs.