|
evmfilterfile(4)
Contents
|
evmfilterfile - Event Manager filter file
filter {
name filter_name
valuex filter_value
include filter_element
exclude filter_element
title filter_title
}
A filter file contains one or more filter descriptions,
which can be referenced through certain EVM commands by
using indirect filter syntax. An indirect filter specifier
has the following form: @filename[:filter_name]
In the previous indirect filter specifier, filename is the
name of a filter file, and filter_name is the name of a
filter contained in the file. If no filter_name is specified,
the first filter in the file is used.
By convention, filter file names should have the suffix
.evf. If a command cannot find the file with the name as
specified, it appends .evf and tries again.
If a relative pathname is given for a file, commands
search for the file in each location specified by the
EVM_FILTERDIR environment variable if it is present. Otherwise
the search is performed in the following standard
locations in turn, stopping as soon as the file is found:
The current working directory $HOME/.sysman/evmfilters
/var/evm/adm/filters /usr/share/evm/filters
Several supplied filter files, containing shortcut filters
for many system events, can be found in the directory
/usr/share/evm/filters. System administrators should
place site-specific filter files in /var/evm/adm/filters,
and individual users should store private files in
$HOME/.sysman/evmfilters.
The filter file is made up of a series of keyword/value
and keyword/group pairs. Values containing spaces must be
enclosed in double quotes. Strings may be continued
across a newline by finishing the line with a backslash
character. Any portion of a line from an unquoted number
sign (#) to the end of line is a comment. Blank lines are
ignored.
The following keywords are recognized: Introduces a filter
group. Names the filter. The filter_value is a string
that conforms to EVM filter syntax. See the EvmFilter(5)
reference page for information about filter syntax. Modifies
the current filter_value. See the description of the
include and exclude keywords below. Modifies the current
filter_value. See the description of the include and
exclude keywords below. The filter_title is a text string
that describes the purpose of the filter. The title is
not currently used, but always should be included.
The include and exclude keywords can appear multiple times
in a filter group, allowing you to build and maintain a
filter in simple single-line increments. Each filter_element
must be a valid filter string, conforming to the syntax
described in the EvmFilter(5) reference page. A complete
filter string is assembled by surrounding the initial
filter with parentheses and appending the filter_elements
to it, separating each with a logical OR (for
include) or AND NOT (for exclude) operator. For example:
value "[priority >= 200]" include "[name *.mylog]"
exclude "[name *.oldlog]"
The previous filter lines are equivalent to this more complex
single filter line:
value "([priority >= 200]) OR [name *.mylog] AND NOT
[name *.oldlog]"
The first line selects all events with a priority of 200
or greater, the next modifies this by selecting all events
from mylog regardless of their priorities, and the last
line excludes all oldlog events regardless of their priorities.
If you prefer, you can omit the value command, and build
the complete filter string from include and exclude lines.
If you are concerned with allowing your file to be used on
other systems that support EVM in the future, you should
use the built-in macro @SYS_VP@ in place of the first two
components (sys.unix) of the name of any system event.
This will make it unnecessary to change the file if the
other system uses a different event name prefix.
ENVIRONMENT VARIABLES [Toc] [Back] A colon-separated set of directory pathnames to be
searched for a requested filter file. If this variable is
present in the environment the directories are searched in
place of the standard directories.
The following is an example of a pair of entries in a filter
file:
# Select all events posted by myapp, excluding any
that # have a priority lower than 200: filter {
name myapp
value "[name myco.myapp.*]"
exclude "[pri < 200]"
title "All myapp events" }
# Select all events posted by myapp, and important
system events: filter { name sys_myapp
value "[name myco.myapp.*] | \
([name @SYS_VP@.*] & [priority >=
400])"
title "System errors and myapp events" } The
following command finds and displays all AdvFS
events, using a filter stored in the supplied filter
file /usr/share/evm/filter/sys.evf: evmget -f
@sys:advfs | evmshow Assuming that the filter file
shown in the first example is named myapp.evf and
is located in a standard filter directory, the following
command displays the value of the sys_myapp
filter from that file: evmshow -F -f
@myapp:sys_myapp
Private filter files. Site-specific filter files. System
filter files.
Commands: evmget(1), evmshow(1), evmwatch(1)
Routines: EvmFilterCreate(3), EvmFilterDestroy(3), EvmFilterIsFile(3), EvmFilterReadFile(3), EvmFilterSet(3), EvmFilterTest(3)
Event Management: EVM(5)
EVM Events: EvmEvent(5)
Event Filter: EvmFilter(5)
evmfilterfile(4)
[ Back ] |