 |
Index for
Section 1 |
|
 |
Alphabetical
listing for E |
|
 |
Bottom of
page |
|
evmget(1)
NAME
evmget - Retrieves stored events
SYNOPSIS
evmget [-A] [-e] [-f filter_expr] [-t show_template] [-s sort_spec] [-C
channel-list] [-h hostname[:port_no]]...
OPTIONS
-A Automatically starts evmsort -A to produce a sorted and formatted
display of the retrieved events.
-e Terminates after validating the supplied command operands. This feature
can be used to check the syntax of a filter expression or to verify the
ability to establish a remote connection.
-f filter_expr
Outputs only events that match the filter_expr. See EvmFilter(5) for
the syntax of filter_expr.
-t show_template
Template string to be passed to evmsort if the -A option is also
specified. If the -A option is not specified, this argument is ignored.
See evmshow(1) for a description of the template string.
-s sort_spec
Sort specification string to be passed to evmsort if the -A option is
also specified. If the -A option is not specified, this argument is
ignored. See evmsort(1) for a description of the sort specification.
-C channel-list
Specifies that events should be retrieved only from channels whose
names are included in the channel-list. Refer to the DESCRIPTION
section for more details of this option and the syntax of the channel-
list.
-h hostname[:port_no]
Attempts to connect to the EVM daemon on the host hostname, rather than
to the local daemon. If a cluster alias is specified for hostname,
attempts to connect ot the EVM daemon on that cluster. If specified,
the port number must be the same as the portnum specified in the EVM
daemon configuration file, evmdaemon.conf(4). In most cases, the
default should be used.
If connecting to a cluster alias, evmwatch monitors events that are
posted on all members of the cluster.
This option may be repeated to obtain events from several hosts or
clusters. If the name of the local host is specified, a remote
connection is made to the local daemon.
If :port_no is specified, port_no is used for TCP communication with
the remote EVM daemon; otherwise, the evm port number found in
/etc/services is used. If no entry is found in /etc/services, the
reserved default value of 619 is used. If specified, the port number
must be the same as the portnum specified in the EVM daemon
configuration file, /etc/evmdaemon.conf. In most cases, the default
should be used.
OPERANDS
None
DESCRIPTION
The evmget command retrieves stored events and outputs them to stdout as
EVM events. Events are obtained from a configured set of log files and
event channels, using channel-specific retrieval functions as specified in
the channel configuration file.
If the -A option is specified, evmget automatically starts evmsort -A and
pipes the event stream into it, producing a sorted and formatted display of
events. If show_template or sort_spec arguments are supplied, these
strings are passed to evmsort through its own -t and -s options. See
evmsort(1) and evmshow(1) for more information.
If you are only interested in events that are available from a particular
set of event channels (for example, an event channel that retrieves events
from your own application logfiles), you can use the -C option to specify
the channels to be searched. This may reduce the overall retrieval time, as
it avoids the need to search channels in which you have no interest. Note
that no events will be returned for a channel that does not have an fn_get
keyword defined in its channel configuration.
A channel-list is a list of one or more channel names, separated either by
commas or, if the list is enclosed in quotes, by space or tab characters.
You can supply multiple channel lists by specifying the -C option more than
once. You can use the evminfo -lc command to see a list of configured
channels.
Because events may be retrieved from more than one source, there is no
guarantee that they will be returned in any particular order unless the -A
option is used or the output event stream is piped through evmsort.
For security reasons, the ability to make a remote connection for event
retrieval is controlled by the setting of remote_connection in the daemon
configuration file, /etc/evmdaemon.conf. See evmdaemon.conf(4) for more
information.
RESTRICTIONS
The evmget command will retrieve only events for which the user has access
authorization. See evm.auth(4) for details of access authorization.
The evmget command rejects attempts to output raw events to a terminal
device.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
not 0 An error occurred.
EXAMPLES
1. The following example uses evmget to retrieve events, automatically
piping the events through evmsort and evmshow to produce a sorted and
formatted list of events.
evmget -A
2. In the following example, all available events are retrieved and piped
to evmsort and evmshow for sorting and formatting. The events are
sorted into the default timestamp order, and displayed with the
timestamp at the start of each line.
evmget -A -t "@timestamp @@"
3. In this example, only events from the misclog channel are retrieved.
The events are further filtered to display only messages from the EVM
daemon's logfile.
evmget -A -C misclog -f "[name *.evmdaemon]" -t "@timestamp @@"
4. This example retrieves only events that have a priority value of at
least 500. The raw events are sorted into descending timestamp order
and stored in a file.
evmget -f "[priority >= 500]" | evmsort -s @timestamp- > my_eventfile
5. This example uses a stored filter to retrieve all AdvFS events, sorts
them into ascending timestamp order (the default order), and displays
them.
evmget -f "@sys:advfs" | evmsort | evmshow -t "@timestamp @@"
6. This ksh example retrieves events from two remote hosts, sorts them
into chronological and hostname order, and displays them.
export EVM_SORT_SPEC="@timestamp:@host_name"
export EVM_SHOW_TEMPLATE="@timestamp @host_name%8 @@"
evmget -A -t "[pri >= 600]" -h kipper -h sniffer
FILES
/etc/evmchannel.conf
Location of the EVM channel configuration file.
/etc/evmdaemon.conf
Location of the EVM daemon configuration file.
/etc/services
Definition of the sockets and protocols used for Internet services.
SEE ALSO
Commands: evmpost(1), evminfo(1), evmshow(1), evmsort(1), evmwatch(1)
Files: evmchannel.conf(4), evmdaemon.conf(4), evmfilterfile(4), services(4)
Event Management: EVM(5)
EVM Events: EvmEvent(5)
Event Filter: EvmFilter(5)
|
Index for
Section 1 |
|
|
Alphabetical
listing for E |
|
 |
Top of
page |
|