*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> sysevent (1)              
Title
Content
Arch
Section
 

Contents


sysevent(1)							   sysevent(1)


NAME    [Toc]    [Back]

     sysevent -	System Log Event Capture System	Daemon

SYNOPSIS    [Toc]    [Back]

     sysevent [-n1T] [ -f|-F syslog_pipe ] [ -c	config_file ]
		   [ -r|-R reject_file ] [ -t #threads ]
		   [ -E	regex_options] [ -a default_exec] [ -A default_dso]
		[ -p #procs ]
     syseventFilter
     sysevent -h

DESCRIPTION    [Toc]    [Back]

     sysevent capture messages generated from syslogd(1m) and, using regex(3g)
     pattern stored in a configuration file, allow one or more	user-defined
     action to be performed when a message match a given expression. sysevent
     is	multi-threaded.	Someone	may also want to use the -T mode to remove
     duplicates	from the configuration file: the new configuration file	will
     go	on standard output.

     sysevent capture syslogd-generated	messages using syslog pipe file
     mechanism.	 By default, /tmp/.sysevent is used and	/etc/syslog.conf need
     the following entry:

	  *.debug	 @|/tmp/.sysevent

     SPECIAL CASE: If the second form is used (	syseventFilter ) or -1
     command-line argument is used, sysevent will read one(1) line of data.
     Using that	form implies -t	1 and -n. This is is intended to be used in
     /etc/syslog.conf like this:
	  *.debug	 |/usr/sbin/syseventFilter     /var/adm/SYSLOG

	  NOTE:	For this special case only, if the configuration file
     /etc/sysevent.config is missing, sysevent will silently exit and not
     report any	error message to syslogd.

PARAMETERS Description    [Toc]    [Back]

     -d	  debug	mode ( Imply -n	) . In debug mode, action are sent in
	  foreground.

     -n	  no fork

     -T	  test mode. If	set. the config_file is	checked	against	duplicates

     -1	  Run once. sysevent will read one(1) line of data. Using that form
	  implies -t 1 and -n. This is is intended to be used in
	  /etc/syslog.conf like	this:

	       *.debug	 |/usr/sbin/syseventFilter     /var/adm/SYSLOG

     -f	  syslog pipe specified	in /etc/syslog.conf
		   -f :	named pipe ; -F	: Unix Socket.
		   Default: a named /tmp/.sysevent



									Page 1






sysevent(1)							   sysevent(1)



     -c	  sysevent configuration file with up to 32768 entries.
		   Default:/etc/sysevent.config

     -r	  Collect unknown event	to reject file.
		   -r :	overwrite. -R: append mode
		   Default is :	off

     -t	  # threads for	regex analysis.Default:8

     -E	  regcomp(3) compilation flag.
	       Default:0xb(REG_EXTENDED|REG_ICASE|REG_NOSUB)

     -a	  default action exec file.	  Default:/usr/local/bin/sysaction

     -A	  default action dso  file.	  Default:/usr/lib/libsysevent.so

     Note: SIGHUP : re-read configuration file



CONFIGURATION FILE SYNTAX ( /etc/sysevent.config )
     The configuration is read upon sysevent startup and re-read entirely when
     it	is modified. For sanity	purposes, most parametres are verified and, if
     in	error, will prevent sysevent to	start properly,. However, if sysevent
     is	already	started	and some modifications to the configurations files are
     done, depending on	the nature of the error, sysvent may exit or not. In
     that case,	an error will be recorded using	syslogd(1m) facility LOCAL0.
     Also, sending a SIGHUP will also tell sysevent to re-read the
     configuration file.

     Up	to a maximum of	32768 entries (	one per	line ) can be entered in the
     configuration file. Lines starting	with a '#' are comments. Syntax	is:

	  appname module action	priority expression

     where:

     appname
	  is the applcation generating the message

     module
	  is an	additional information along with appname

     action
	  see ACTION DESCRIPTION

     priority
	  is a string representing the priority.  If prefixed with KERN_,
	  KERN_	is stripped.






									Page 2






sysevent(1)							   sysevent(1)



     expression
	  is the regex(3g) expression.	It is STRONGLY recommended , for speed
	  purposes, to anchor with a ^ at the beginning	of  string. Likely, it
	  is also recommended to end with a '$'	at the end of the string.
	  Please enclose everything with double-quotes.

ACTION DESCRIPTION    [Toc]    [Back]

     Actions can be an internal	one when you specify an	integer	( 0x format
     accepted )	or a script or a function from within a	dso. For a dso,	the
     library is	opened and closed at each invocation: this allow someone to
     change/test a dso function	without	actually re-starting sysevent. The
     number format is for the sole purpose of ESP implementation.

     Each time an action is performed, sysevent	fork and perform the action in
     background	unless you are using debug mode	( with -d switch). Also, it
     sets the following	environment variables:


     FROMHOST    [Toc]    [Back]
	  syslogd hostname generating the message

     PRIORITY    [Toc]    [Back]
	  If syslogd is	running	with "-S", priority of the logged message.
	  Else,	priority of the	expression as read from	sysevent config	file.

     PRIORITYCF    [Toc]    [Back]
	  priority as read from	sysevent config	file

     LINECF    [Toc]    [Back]
	  sysevent config file line number

     APPNAME    [Toc]    [Back]
	  application generating the message

     MODULE    [Toc]    [Back]
	  module generating the	message

     ACTION    [Toc]    [Back]
	  the entire action string

     WHEN date in ctime(3) format

     MESSAGE    [Toc]    [Back]
	  the actual message

     NOTE:	     arguments is anything after the 1st comma in sysevent
		     config file. User is responsible to parse it in this
		     script. For example, if they are comma-seperated, you
		     can:

			  set -- `echo $* | tr -s ',' '	'`



									Page 3






sysevent(1)							   sysevent(1)



     The action	syntax is:


     integer
	  will internally call "/usr/sbin/esplogger -s $ACTION -m $MESSAGE"

     [executable],[,argument]
	  will execute "executable" with optional "argument" ( after the 1st
	  comma	).  If 'executable' is empty, the -a default script will be
	  used.

     [dso]:function[,argument]
	  will execute "dso" function with optional "argument" ( after 1st
	  comma	).  The	argument is passed as a	string.	 If 'dso' is empty,
	  the -A default dso will be used.  It is illegal to use an empty
	  function.

     NOTE:
	  executable or	dso MUST be full pathname, ie. start with a '/'.

FILES    [Toc]    [Back]

      /etc/syslog.conf		 some modifications
      /etc/sysevent.config	 configuration file
      /usr/local/bin/sysaction	 default action	script
      /usr/lib/libsysevent.so	 DSO containing	user-function
				 callable actions

NOTES    [Toc]    [Back]

     o	  The configuration file can be	automatically generated	using
	  syseventIrix(1m). This program reads /usr/lib/sysmon/notifier.config
	  file and attempt to buid /etc/sysevent.config	file.


     o	  Since	the configuration file is mapped in memory using mmap(2) call,
	  using	an NFS-mounted configuration file may cause problems due to
	  the stateless	nature of NFS.

SEE ALSO    [Toc]    [Back]

      
      
     syslogd(1m), syseventIrix(1m) syseventEp(1m)

AUTHORS/COLLABORATORS
      Michel Bourget: michel@sgi.com
	 ESP(Embedded Support Partner) Project
	 Electronic Services/Global Customer Service
	 SGI


									PPPPaaaaggggeeee 4444
[ Back ]
 Similar pages
Name OS Title
eventmond IRIX system event monitoring daemon
rtmond IRIX system event monitoring daemon
alGetEventUST IRIX get Unadjusted System Time of audio event
rtmon-run IRIX enable system call event tracing
cron Tru64 The system clock daemon
audevent HP-UX change or display event or system call audit status
envd HP-UX system physical environment daemon
amtickerd IRIX system uptime monitor daemon
rc.conf.local OpenBSD system daemon configuration database
rc.conf OpenBSD system daemon configuration database
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service