 |
Index for
Section 8 |
|
 |
Alphabetical
listing for E |
|
 |
Bottom of
page |
|
evmlogger(8)
NAME
evmlogger - Event Manager logger
SYNOPSIS
/usr/sbin/evmlogger [-c config_file] [-l log_file] [-o info_file]
OPTIONS
-c config_file
Sets the configuration file to config_file. The default is
/etc/evmlogger.conf.
-l log_file
Sets message output to log_file. The default is stderr. When the logger
starts it renames any previous message file by appending .old to its
name, and creates a new file.
-o info_file
Specifies the name of an output file to hold summary details of the
current run session.
OPERANDS
None
DESCRIPTION
About the EVM Logger
The Event Manager (EVM) logger is started automatically by the EVM daemon
at startup. It reads from its configuration file /etc/evmlogger.conf a set
of definitions of event logs and forwarders, each with its own filter
string. The logger combines the individual filter strings to produce a
single compound string, connects to the EVM daemon, and uses the compound
filter string to establish its event subscription. The logger then writes
each incoming event to each of the event logs or forwarders whose
individual filter string it matches. The logger can also be configured to
log events received from remote systems.
Logger Configuration
By default, the logger reads its configuration from /etc/evmlogger.conf.
The -c option can be used to override this. If the logger's configuration
file is changed while the logger is running, the evmreload -l(8) command
should be used to instruct it to reconfigure itself.
The logger reconfigures itself when evmreload -l is run, or upon receipt of
a SIGHUP signal.
There is no limit to the number of instances of the logger which may be
running, and individual users or applications can make use of it to monitor
and log interesting events. However, they must provide their own
configuration files.
Secondary logger configuration files can be used to add event logs or
forwarders without modifying the primary configuration file,
/etc/evmlogger.conf. The location of secondary configuration files can be
specified in the primary configuration file by using the configdir keyword.
The default (and recommended) location is /var/evm/adm/config/logger.
The logger searches the named directory and any subdirectories for files
whose names end with the characters .conf. The logger processes the
configuration lines in those files in the same way it processes lines in
the primary configuration file.
A syntax error found in a secondary configuration file results in an error
message and the rejection of the file but does not prevent the primary
configuration file or any other secondary files from being processed.
It is important that secondary logger configuration files or directories
are given appropriate permissions because the logger is run with root
privileges and can execute commands specified in any secondary
configuration file. The logger rejects any configuration files that are not
properly secure and posts a warning event. See evmlogger.conf(4) for
details of acceptable permissions.
In a cluster environment, the logger configuration files usually are shared
by all the cluster members. If you have a requirement for a member-specific
event log or forwarder, you can specify it in a secondary configuration
file and place a context-dependent symbolic link (CDSL) in the secondary
configuration directory to reference the file. See mkcdsl(8) for
information about creating a CDSL.
Event Logging
Event logs may be files or terminal devices. If a terminal device is given
as a log, the logger automatically formats the event for display. If a log
is a file or any device other than a terminal, and the log is not specified
as a formatted log, the logger writes events to it in canonical (binary)
form.
If a log is a disk file, the logger creates the file if necessary. If the
log name ends in the characters .dated, the logger replaces that suffix
with the current date in the form yyyymmdd, and begins a new file when the
first event is written to the log each day. A lock file with a suffix of
.lck is created to protect the log file while it is being written.
A log can be configured to start a new file when it reaches a certain size.
Successive generations of the same log are given the suffix _n, where n is
the generation number of the file. A generation control file, with a
suffix of .gen, is created to control the generation sequence.
If the logger is writing to the log file, and the file becomes unavailable
or unwritable for any reason, the logger switches to the alternate log file
if one has been configured. Otherwise the log is disabled.
If the logger is writing to the alternate log, and the error condition that
caused it to switch has been cleared, you can revert to the primary path by
using the evmreload -l command.
Event Forwarding
If a forward command is specified, the logger executes the command when any
incoming event matches the forwarding filter and pipes the incoming event
into the command's stdin stream.
The logger executes forwarding commands asynchronously and continues to
handle events while commands are running. However, to ensure proper
sequencing, it only allows one instance of each command to run at a time.
If a command is running and another event arrives that matches the
forwarder's filter, the event is queued until the command terminates, at
which time the logger reruns it with the next queued event. The size of
each forwarder's queue is limited and can be controlled using the maxqueue
keyword. To minimize the chances of queuing or missing events, you should
avoid using the forwarding facility to run commands that may take
significant time to execute. See evmlogger.conf(4) for more information on
setting the queue limit.
Remote Logging
By default, only events posted through the local EVM daemon are handled by
the logger's event logs and forwarders. You can configure the logger to
subscribe for events from remote systems in addition to local events by
including one or more remote_hosts groups in its configuration. See
evmlogger.conf(4) for more information.
Note
Remote logging requires that the EVM daemons running on the remote
systems are configured to accept remote connections. See
evmdaemon.conf(4) for more information.
Event Suppression
If an incoming event matches the suppression filter associated with an
event log or forwarder, the event is considered for suppression. In the
case of an event log this reduces the risk of wasting storage space by
logging repeated instances of the same event, and for a forwarder it
reduces the risk of sending replicated mail messages reporting the same
event over a short period. For a full discussion of the configuration
values which control suppression see evmlogger.conf(4).
EXIT STATUS
The following exit values are returned:
0 Successful completion.
not 0
An error occurred.
FILES
/usr/sbin/evmlogger
Executable file
/etc/evmlogger.conf
Default logger configuration file
/var/evm/adm/logfiles/evmlogger.log
Error log
/var/run/evmlogger.info
Run information file
SEE ALSO
Commands: evmchmgr(8), evmd(8), evmget(1), evmreload(8), evmshow(1),
evmstart(8), evmstop(8), kill(1)
Files: evmdaemon.conf(4), evmlogger.conf(4)
Event Management: EVM(5)
EVM Events: EvmEvent(5)
Event Filter: EvmFilter(5)
|
Index for
Section 8 |
|
|
Alphabetical
listing for E |
|
 |
Top of
page |
|