*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> evmlogger.conf (4)              
Title
Content
Arch
Section
 

evmlogger.conf(4)

Contents


NAME    [Toc]    [Back]

       evmlogger.conf - EVM logger configuration file

SYNOPSIS    [Toc]    [Back]


       eventlog {
                 name            eventlog_name
                 type            [formatted | binary]
                 show_template   template
                 logfile         log_path
                 alternate       log_path
                 maxsize         max_logsize
                 filter          log_filter_spec
                 include         filter_element
                 exclude         filter_element
                 explicit_target bool_par
                 suppress        {
                                  filter    supp_filter_spec
                                  include   filter_element
                                  exclude   filter_element
                                  period    supp_period
                                  threshold supp_threshold
                                 }
               }



       forward {
                name            forward_name
                filter          forward_filter_spec
                include         filter_element
                exclude         filter_element
                command         forward_command
                maxqueue        queue_limit
                explicit_target bool_par
                suppress        {
                                 filter    supp_filter_spec
                                 include   filter_element
                                 exclude   filter_element
                                 period    supp_period
                                 threshold supp_thresh
                                }
               }



       remote_hosts {
                     name      remote_host_name
                     hostnames remote_host_list
                     hosts     remote_host_list
                     targets   target_list
                     filter    filter_spec
                     include   filter_element
                     exclude   filter_element
                     retry     retry_interval
                    }

       configdir directory



DESCRIPTION    [Toc]    [Back]

       The  evmlogger.conf file is the Event Manager (EVM) logger
       configuration file. This file is read when the logger program,
  evmlogger, starts, and when it reloads its configuration.


       The evmlogger.conf file is a text file that contains  values
 used to configure the event logger.  The values direct
       the display, forwarding, or storage of events. Any portion
       of  a  line from an unquoted number sign (#) to the end of
       line is a comment.  Blank lines are ignored.

       Any number of event logs and forwarders may be defined  in
       a  configuration  file.  The following keywords are recognized:
 Introduces a group of  keyword/value  pairs,  which
       define  an event log. Events that match the log's log_filter_spec
 are selected for handling by this log.  The  name
       used  to  refer  to the event log.  The type of the log --
       either formatted or binary.  If the log_path  specifies  a
       terminal  device,  such as /dev/console, the type is automatically
 set  to  formatted,  and  cannot  be  forced  to
       binary.   If  the  log_path  specifies a file, the default
       type is binary. Events are written to  formatted  logs  as
       single  lines  of  text,  and  to  binary  logs as raw EVM
       events.  The template used to format lines of text  for  a
       formatted  log.   If  no  template is specified, the event
       timestamp and message are  written.   See  evmshow(1)  for
       show-template syntax.  Pathname of the log file.  If a log
       is a disk file, the logger creates the file if  necessary.

              If  the log name ends in the characters .dated, the
              logger replaces that suffix with the  current  date
              in the form yyyymmdd.  A new file is begun when the
              first event is written to the log each day.  Specifies
  an  alternate  path to be used in cases where
              the primary log cannot be used.  If  the  specified
              logfile  becomes  unusable,  the logger switches to
              the alternate log file.

              If the logger is writing to the alternate log,  and
              the  error  condition which caused it to switch has
              been cleared, you can make it revert to the primary
              path  by using the evmreload -l command.  The maximum
 size, in  kilobytes,  that  the  log  file  may
              reach.   If adding an event to the file would cause
              this size to be exceeded, the logger begins  a  new
              file,  adding  the suffix _n to the name of the new
              file, where _n is a sequential  generation  number.
              Event selection filter specification.  Events passing
 this filter are selected for  logging  to  this
              event  log;  all  others  are ignored.  See EvmFilter(5) for a description of filter  syntax.   Modifies
 the current log_filter_spec.  See the description
 of the include  and  exclude  keywords  below.
              Modifies  the  current  log_filter_spec.   See  the
              description of the  include  and  exclude  keywords
              below.   If this keyword is not specified, or if it
              is specified and bool_par has a value of FALSE,  NO
              or  0  (zero),  the  event  log  will handle events
              posted through the local  daemon,  in  addition  to
              those  received from any remote hosts that name the
              event log in their targets lists. If

              bool_par has a value of TRUE, YES or 1  (one),  the
              event  log  will only handle events from any remote
              hosts that name it in their targets lists.

              See the remote_hosts  group  definition  below  for
              more  information.   The suppression facility minimizes
 resource waste  by  limiting  the  number  of
              identical  events appearing in the log.  A description
 of the event suppression group follows.

              Before being written  to  the  log,  each  incoming
              event  is  matched  against the suppression group's
              supp_filter_spec.  An event that passes the  filter
              is  then  compared with other events that have been
              posted during the last period minutes, ignoring the
              timestamp,  last_timestamp, PID, PPID, event-id and
              repeat-count data items.  If a  matching  event  is
              found,  and  at  least  threshold  instances of the
              event have been  written  to  the  log  during  the
              period,  the  logger  does  not  log  the  event --
              instead, it inserts or updates the repeat_count and
              last_timestamp   data   items  in  the  last-logged
              instance of the event.  The  suppression  is  indicated
 by the string [n times] appearing in the message
 text when the event is displayed, where  n  is
              the repeat_count.

              Once  an individual event becomes eligible for suppression,
 the suppression is canceled automatically
              after the greater of four hours or the supp_period,
              and is reinstated when the  suppression  conditions
              occur again.  Suppression is canceled automatically
              when a change of logfile occurs.

              Suppression directives are  ignored  for  formatted
              logs.

              The following keywords are recognized in a suppression
 group: Events selected by this filter are eligible
  for  suppression consideration.  See EvmFilter(5) for the filter syntax.  Modifies the current
              supp_filter_spec.    See  the  description  of  the
              include and exclude keywords below.   Modifies  the
              current  supp_filter_spec.   See the description of
              the  include  and  exclude  keywords  below.    The
              period,  in  minutes, over which events are counted
              for  suppression  consideration.   The  number   of
              instances  of  an  event that will be logged during
              supp_period  before  suppression  begins.    Events
              meeting  the  filter  specifications are to be forwarded
 using the command specified.  A name used to
              identify the forwarding definition.  Event forwarding
 filter specification.  Events passing this filter
 are selected for forwarding as specified by the
              forward_command.  See EvmFilter(5) for  the  filter
              syntax.   Modifies the current forward_filter_spec.
              See the description of the include and exclude keywords
  below.   Modifies  the  current forward_filter_spec.
  See the description of the  include  and
              exclude  keywords below.  When an incoming event is
              selected for handling by this forwarder, and is not
              eligible  for suppression, the logger executes this
              command, piping the event into the command's  stdin
              stream.   This  keyword limits the number of events
              that can be queued by a forwarder while a  previous
              event  is being handled by command.  If the maximum
              number of events is already queued when a new event
              arrives,  the  event  is ignored by this forwarder.
              If not specified, this keyword has a default  value
              of 100.  If a value greater than 1000 is specified,
              the logger automatically limits it to 1000.

              See evmlogger(8) for details of event queuing.   If
              this  keyword  is not specified, or if it is specified
 and bool_par has a value of  FALSE,  NO  or  0
              (zero),  the  forwarder  will  handle events posted
              through the local  daemon,  in  addition  to  those
              received  from  any remote hosts that name the forwarder
 in their targets lists.

              If bool_par has a value of TRUE, YES  or  1  (one),
              the  forwarder  will  only  handle  events from any
              remote hosts that name it in their targets lists.

              See the remote_hosts  group  definition  below  for
              more  information.  Event suppression as applied to
              forwarding is similar to event log suppression, but
              limits  the number of identical events that will be
              forwarded over the  suppression  period.   In  this
              case, events which are eligible for suppression are
              simply ignored by the forwarder.  This  feature  is
              intended  to reduce the chance of a large volume of
              mail being sent  during  a  period  of  high  event
              activity.    Introduces  a  remote  logging  group.
              Entries in this  group  define  local  handling  of
              events  posted  on  one  or more remote systems.  A
              name used to identify the  remote  logging  definition.
   This keyword is interchangeable with hosts.
              The remote_host_list is a list of  hosts  to  which
              the  logger will subscribe for events. The list may
              specify multiple  hosts,  separated  by  commas  or
              spaces,  and  multiple hostnames or hosts lines may
              be supplied. The list may be made up of any  combination
  of  unqualified host names, fully qualified
              host names and IP addresses. It must be enclosed in
              double  quotes  if  it contains spaces. If no hosts
              are specified, the remote logging group is ignored.
              This  keyword  is  interchangeable  with hostnames.
              The remote_host_list is a list of  hosts  to  which
              the  logger will subscribe for events. The list may
              specify multiple  hosts,  separated  by  commas  or
              spaces,  and  multiple hostnames or hosts lines may
              be supplied. The list may be made up of any  combination
  of  unqualified host names, fully qualified
              host names and IP addresses. It must be enclosed in
              double  quotes  if  it contains spaces. If no hosts
              are specified, the remote logging group is ignored.
              The  target_list is a list of names of eventlog and
              forward groups (targets) defined in this configuration
  that  will  handle  events  received from the
              remote hosts. The list may  specify  multiple  targets,
  separated  by commas or spaces, and multiple
              targets lines may be supplied.  The  list  must  be
              enclosed in double quotes if it contains spaces. If
              no targets are specified, the remote logging  group
              is  ignored.   Event  filter  specification. Events
              passing this filter are passed to the logger by the
              EVM  daemons  running on the remote hosts. See EvmFilter(5) for the filter syntax. If  no  filter  is
              specified,  a default filter is produced by combining
 the filter strings  from  all  of  the  targets
              referred to by this remote logging group.  Modifies
              the current remote_filter_spec.  See  the  description
  of  the  include  and exclude keywords below.
              Modifies the current remote_filter_spec.   See  the
              description  of  the  include  and exclude keywords
              below.  If the logger fails to establish a  connection
  to  any of the remote hosts specified in this
              group, or if an established connection is lost,  it
              will  attempt  to establish or reestablish the connection
 every retry_interval seconds  until  it  is
              successful.  The  default for this value is 60 seconds.
  If the specified value is  less  than  5  or
              more  than  3600,  it  is  silently modified to the
              closest of these values.   This  keyword  specifies
              the  path  of  a  directory tree that holds zero or
              more secondary configuration files.  The  directory
              tree  is  searched  when  the logger is started and
              each time its configuration is reloaded.

              Configuration file names must end with  .conf,  and
              must not begin with a dot (.).  Files must be owned
              by bin or root  and  their  file  permissions  must
              restrict  writing to owner or group. Symbolic links
              and subdirectory hierarchies can be used to  reference
   configuration   files  that  physically  are
              located elsewhere.

              After installing, removing or modifying a secondary
              configuration  file,  you must run the evmreload -l
              command to notify the  logger  of  the  change  and
              request a configuration reload.

              Any number of configdir entries may be specified in
              the primary configuration file,  but  configdir  is
              not  a  valid  keyword in a secondary configuration
              file.

       The include and exclude keywords can appear multiple times
       in an eventlog, forward, remote_hosts or suppress specification,
 allowing you to build and  maintain  a  filter  in
       simple  single-line  increments.  Each filter_element must
       be  a  valid  filter  string,  conforming  to  the  syntax
       described  in the EvmFilter(5) reference page.  The logger
       assembles a complete filter string by surrounding the initial
 filter with parentheses and appending the filter_elements
 to it,  separating  each  with  a  logical  OR  (for
       include) or AND NOT (for exclude) operator.  For example:

       filter     "[priority  >= 200]" include   "[name *.mylog]"
       exclude   "[name *.oldlog]"

       The previous filter lines are equivalent to this more complex
 single filter line:

       filter     "([priority  >= 200]) OR [name *.mylog] AND NOT
       [name *.oldlog]"

       The first line selects all events with a priority  of  200
       or greater, the next modifies this by selecting all events
       from mylog regardless of their priorities,  and  the  last
       line excludes all oldlog events regardless of their priorities.


       If you prefer, you can omit the filter command, and  build
       the complete filter string from include and exclude lines.

       If no filter, include or exclude lines are supplied for an
       event log or forwarder, it does not handle any events.

       Keywords may be entered in a case-insensitive manner.  The
       allowable strings and the minimum number of characters  is
       shown in the following table.  A minimum of zero (0) indicates
 that all characters are required.

       --------------------------
       Keyword           Minimum
       --------------------------
       alternate         3
       command           4
       configdir         7
       eventlog          0
       exclude           3
       explicit_target   4
       filter            4
       forward           4
       hostnames         4
       hosts             4
       include           3
       logfile           3
       maxqueue          4
       maxsize           3
       name              0
       period            0
       remote_hosts      8
       retry             5
       show_template     4
       suppress          4
       targets           6
       threshold         0
       type              0
       --------------------------

NOTES    [Toc]    [Back]

       The logger only allows a single instance of each  forwarding
  command  to execute at one time and queues any events
       that arrive while an instance is already running. The forwarder
 ignores events that arrive while the queue is full.
       To minimize the chances of queuing or missing events,  you
       should avoid using the forwarding facility to run commands
       that may take significant time to execute.  If you specify
       a  forwarding  command  that may itself cause events to be
       posted (for instance, mail commands may post syslog events
       that will be routed to EVM), the forwarding filter explicitly
 should exclude those events. Otherwise, it is  possible
  that  an  infinite event loop will occur.  If you are
       concerned with allowing your file to be used on other systems
  that  support  EVM in the future, you should use the
       built-in macro @SYS_VP@ in place of the first  two  components
  (sys.unix)  of  the name of any system event.  This
       will make it unnecessary to change the file if  the  other
       system uses a different event name prefix.

EXAMPLES    [Toc]    [Back]

       This  example  initiates an instance of the evmlogger command
 with the following configuration: Binary  events  are
       written  to  a file in the /var/evm/evmlog directory named
       evmlog.xxx where xxx is the current year, month,  and  day
       -- for example, /var/evm/evmlog/evmlog.19981217. An alternate
 log path is specified in case of  write  failures  to
       the  primary path.  A new generation of the log is started
       automatically if the size exceeds 256 Kbytes.  All  events
       with  a priority of at least 200 are selected for logging.
       Duplicate events are suppressed.  Events with  a  priority
       of  at  least  600  are displayed on the system console as
       formatted events, showing the timestamp, the priority  and
       the  event's  message.  Events with a priority of at least
       600 are also mailed to root.  A maximum of 20 events  will
       be  queued  for forwarding to root when an instance of the
       forwarding command is already running.

       eventlog {
           name        evmlog
           logfile     /var/evm/evmlog/evmlog.dated
           type        binary
           maxsize     256  # Kbytes

           alternate  /altlogs/evmlog/evmlog.dated

           # Log all events with priority >= 200:
           filter      "[prio >= 200]"

           # Suppress logging of duplicate events:
           suppress
           {   filter      "[name *]"
               period      30  # minutes
               threshold   3   # No. of instances before suppression

           }

       }

       # Log high-priority events to the system console: eventlog
       {
           name                console_log
           logfile             /dev/console
           filter              "[prio >= 600]"
           type                formatted
           show_template       "@timestamp [@priority] @@" }

       # Forward details of high-priority events to root: forward
       {
           name      priority_alert
           #  Don't  forward  mail  events through mail (see note
       above):
           filter     "[prio  >=  600]  &  ![name   @SYS_VP@.syslog.mail]"


           suppress
           {   filter      "[name *]"
               period      120  # minutes
               threshold    1     # No. of duplicates before suppression

           }

           # This evmshow command writes a subject  line  as  the
       first line of
           #  output,  followed by a detailed display of the contents
 of the
           # event.  The  resulting  message  is  distributed  by
       mail(1).

           command    "evmshow -d -t 'Subject: EVM ALERT [@priority]:
 @@' \                          | mail root" }







FILES    [Toc]    [Back]

       Location of the EVM logger  configuration  file.   Default
       location  of the secondary EVM logger configuration files.

SEE ALSO    [Toc]    [Back]

      
      
       Commands: evmget(1),  evmshow(1),  evmd(8),  evmlogger(8),
       evmreload(8)

       Event Management: EVM(5)

       EVM Events: EvmEvent(5)

       Event Filter: EvmFilter(5)



                                                evmlogger.conf(4)
[ Back ]
 Similar pages
Name OS Title
evmlogger Tru64 Event Manager logger
esplogger IRIX System Support logger
syslog Linux send messages to the system logger
strerr IRIX STREAMS error logger daemon
strclean IRIX STREAMS error logger cleanup program
man.conf OpenBSD configuration file for man(1)
apt.conf Linux Configuration file for APT
amd.conf FreeBSD amd configuration file
dir_colors Linux configuration file for dircolors(1)
utxd.conf Tru64 Configuration file used by utxd
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service