sysevent(1) sysevent(1)
sysevent - System Log Event Capture System Daemon
sysevent [-n1T] [ -f|-F syslog_pipe ] [ -c config_file ]
[ -r|-R reject_file ] [ -t #threads ]
[ -E regex_options] [ -a default_exec] [ -A default_dso]
[ -p #procs ]
syseventFilter
sysevent -h
sysevent capture messages generated from syslogd(1m) and, using regex(3g)
pattern stored in a configuration file, allow one or more user-defined
action to be performed when a message match a given expression. sysevent
is multi-threaded. Someone may also want to use the -T mode to remove
duplicates from the configuration file: the new configuration file will
go on standard output.
sysevent capture syslogd-generated messages using syslog pipe file
mechanism. By default, /tmp/.sysevent is used and /etc/syslog.conf need
the following entry:
*.debug @|/tmp/.sysevent
SPECIAL CASE: If the second form is used ( syseventFilter ) or -1
command-line argument is used, sysevent will read one(1) line of data.
Using that form implies -t 1 and -n. This is is intended to be used in
/etc/syslog.conf like this:
*.debug |/usr/sbin/syseventFilter /var/adm/SYSLOG
NOTE: For this special case only, if the configuration file
/etc/sysevent.config is missing, sysevent will silently exit and not
report any error message to syslogd.
PARAMETERS Description [Toc] [Back] -d debug mode ( Imply -n ) . In debug mode, action are sent in
foreground.
-n no fork
-T test mode. If set. the config_file is checked against duplicates
-1 Run once. sysevent will read one(1) line of data. Using that form
implies -t 1 and -n. This is is intended to be used in
/etc/syslog.conf like this:
*.debug |/usr/sbin/syseventFilter /var/adm/SYSLOG
-f syslog pipe specified in /etc/syslog.conf
-f : named pipe ; -F : Unix Socket.
Default: a named /tmp/.sysevent
Page 1
sysevent(1) sysevent(1)
-c sysevent configuration file with up to 32768 entries.
Default:/etc/sysevent.config
-r Collect unknown event to reject file.
-r : overwrite. -R: append mode
Default is : off
-t # threads for regex analysis.Default:8
-E regcomp(3) compilation flag.
Default:0xb(REG_EXTENDED|REG_ICASE|REG_NOSUB)
-a default action exec file. Default:/usr/local/bin/sysaction
-A default action dso file. Default:/usr/lib/libsysevent.so
Note: SIGHUP : re-read configuration file
CONFIGURATION FILE SYNTAX ( /etc/sysevent.config )
The configuration is read upon sysevent startup and re-read entirely when
it is modified. For sanity purposes, most parametres are verified and, if
in error, will prevent sysevent to start properly,. However, if sysevent
is already started and some modifications to the configurations files are
done, depending on the nature of the error, sysvent may exit or not. In
that case, an error will be recorded using syslogd(1m) facility LOCAL0.
Also, sending a SIGHUP will also tell sysevent to re-read the
configuration file.
Up to a maximum of 32768 entries ( one per line ) can be entered in the
configuration file. Lines starting with a '#' are comments. Syntax is:
appname module action priority expression
where:
appname
is the applcation generating the message
module
is an additional information along with appname
action
see ACTION DESCRIPTION
priority
is a string representing the priority. If prefixed with KERN_,
KERN_ is stripped.
Page 2
sysevent(1) sysevent(1)
expression
is the regex(3g) expression. It is STRONGLY recommended , for speed
purposes, to anchor with a ^ at the beginning of string. Likely, it
is also recommended to end with a '$' at the end of the string.
Please enclose everything with double-quotes.
Actions can be an internal one when you specify an integer ( 0x format
accepted ) or a script or a function from within a dso. For a dso, the
library is opened and closed at each invocation: this allow someone to
change/test a dso function without actually re-starting sysevent. The
number format is for the sole purpose of ESP implementation.
Each time an action is performed, sysevent fork and perform the action in
background unless you are using debug mode ( with -d switch). Also, it
sets the following environment variables:
FROMHOST [Toc] [Back]
syslogd hostname generating the message
PRIORITY [Toc] [Back]
If syslogd is running with "-S", priority of the logged message.
Else, priority of the expression as read from sysevent config file.
PRIORITYCF [Toc] [Back]
priority as read from sysevent config file
LINECF [Toc] [Back]
sysevent config file line number
APPNAME [Toc] [Back]
application generating the message
MODULE [Toc] [Back]
module generating the message
ACTION [Toc] [Back]
the entire action string
WHEN date in ctime(3) format
MESSAGE [Toc] [Back]
the actual message
NOTE: arguments is anything after the 1st comma in sysevent
config file. User is responsible to parse it in this
script. For example, if they are comma-seperated, you
can:
set -- `echo $* | tr -s ',' ' '`
Page 3
sysevent(1) sysevent(1)
The action syntax is:
integer
will internally call "/usr/sbin/esplogger -s $ACTION -m $MESSAGE"
[executable],[,argument]
will execute "executable" with optional "argument" ( after the 1st
comma ). If 'executable' is empty, the -a default script will be
used.
[dso]:function[,argument]
will execute "dso" function with optional "argument" ( after 1st
comma ). The argument is passed as a string. If 'dso' is empty,
the -A default dso will be used. It is illegal to use an empty
function.
NOTE:
executable or dso MUST be full pathname, ie. start with a '/'.
/etc/syslog.conf some modifications
/etc/sysevent.config configuration file
/usr/local/bin/sysaction default action script
/usr/lib/libsysevent.so DSO containing user-function
callable actions
o The configuration file can be automatically generated using
syseventIrix(1m). This program reads /usr/lib/sysmon/notifier.config
file and attempt to buid /etc/sysevent.config file.
o Since the configuration file is mapped in memory using mmap(2) call,
using an NFS-mounted configuration file may cause problems due to
the stateless nature of NFS.
syslogd(1m), syseventIrix(1m) syseventEp(1m)
AUTHORS/COLLABORATORS
Michel Bourget: michel@sgi.com
ESP(Embedded Support Partner) Project
Electronic Services/Global Customer Service
SGI
PPPPaaaaggggeeee 4444 [ Back ]
|