|
|
evmdaemon.conf(4)
Contents
|
evmdaemon.conf - EVM daemon configuration file
authentdir directory sourcedir directory
authtimeout time_seconds synctimeout
time_seconds portnum port_number start_sync
command remote_connection bool_par max_msg_size
message_size filterdir filter_dir
activity_monitor {
name detector
period detect_period
threshold detect_thold
holdoff detect_delay
}
service {
name service_name
command service_command
}
The Event Manager (EVM) daemon configuration file, evmdaemon.conf,
is a text file that contains commands used to
configure and start the Event Manager. Any portion of a
line from an unquoted number sign (#) to the end of line
is a comment. Blank lines are ignored. The following
commands are recognized: Names the directory that is used
to hold temporary authentication files. The default is
/var/evm/shared. Names the root of the directory structure
that should be searched for event template files.
The default is /usr/share/evm/templates. Time to wait for
a newly established client to respond to an authentication
request. The default is 10 seconds. Time within which a
synchronized client must achieve synchronization completing
a connection request and subscribing for events. The
default is 30 seconds. The port number for TCP communication
with remote clients. If not specified, the evm port
number found in /etc/services is used if present; otherwise
the reserved default value of 619 is used. The complete
command line for programs that should be started as
synchronized clients when the daemon starts. This command
should be enclosed in double quotation marks ("). Determines
the permission for connections through a remote TCP
port. If bool_par evaluates to TRUE, remote connection is
permitted. The default is not permitted. The bool_par
parameter should be True or False.
Note
Only enable remote access if your system is running
in a fully secure environment. See the System
Administration guide for event management security
considerations. The maximum number of bytes the
daemon will accept from any connection in a single
message. If a client attempts to send a message
that is longer than the specified size, the daemon
immediately terminates the connection without
reading the message. This keyword can be used to
limit the sizes of events that can be posted, to
prevent the daemon from consuming excessive amounts
of memory or CPU time by handling very large
events.
Note
Setting this value too low may prevent normal system
events from being posted.
If this keyword is not specified, a default value
of 2 Mbytes is used. If the keyword is specified
and the supplied value is less than 200 Kbytes or
greater than 10 Mbytes, it is set automatically to
the closest of those values.
The daemon accepts messages up to 200 bytes longer
than the specified size to allow for communication
protocol overhead. A colon-separated list of
directories to be searched for filter files in
place of the standard locations. If specified, the
daemon uses this value internally to evaluate filter
strings that reference pre-created filter
files, and also passes it to service programs such
as the event retrieval service program, evmget_srv,
by exporting the environment variable EVM_FILTERDIR.
This makes the path available to the event
channels' get-function scripts. The default value
for this keyword is /usr/share/evm/filters. See
evmfilterfile(4) for more information.
If this keyword is not specified, a default value
of 2 Mbytes is used. If the keyword is specified
and the supplied value is less than 200 Kbytes or
greater than 10 Mbytes, it is set automatically to
the closest of those values.
The daemon accepts messages up to 200 bytes longer
than the specified size to allow for communication
protocol overhead. A parameter group that controls
a daemon event monitoring facility. An activity_monitor
definition consists of: The type of
detector controlled by the group parameters. The
size, in minutes, of a periodically sliding time
window over which events will be counted. The number
of events that will activate the monitor if
counted in period. The time delay, in minutes,
after activation of the activity monitor occurs
before monitoring is resumed. The evmreload command
will reset the delay. Defines services that
are available through the daemon. A service definition
consists of the name of the service and the
command line that will be invoked when this service
is requested. User-defined services are not currently
supported.
A service definition consists of: The name given to
the service. The command to be invoked when this
service is requested. This command should be
enclosed in double quotation marks (").
The keywords described may be entered in a case-insensitive
manner. The allowable strings and the minimum number
of characters is shown in the following table. A minimum
of zero (0) indicates that all characters are required.
----------------------------
Keyword Minimum
----------------------------
activity_monitor 0
authtimeout 8
command 4
filterdir 7
holdoff 0
max_msg_size 7
name 0
period 0
portnum 4
remote_connection 0
service 7
sourcedir 7
start_sync 0
synctimeout 8
threshold 0
----------------------------
The activity monitor detectors recognized, and the action
taken when the monitor is activated are the following:
---------------------------------------------------
Detector Action
---------------------------------------------------
event_count post an event to alert the system
administrator
---------------------------------------------------
This is an example of an EVM daemon configuration file
that does the following: Specifies that event templates
are found in the directory /usr/share/evm/templates.
Starts the EVM Logger and the EVM Channel Manager as synchronized
clients when the daemon is started. Defines a
service available through the EVM daemon. Establishes an
activity monitor that will alert the system administrator
if 500 events occur in any 10 minute span. Once the system
administrator has been alerted, the activity monitor
will remain dormant for four hours. Disables connections
from remote hosts.
# Event template directory: sourcedir
"/usr/share/evm/templates"
# Start the EVM Logger as a synchronized client:
start_sync "/usr/sbin/evmlogger \
-o /var/run/evmlogger.info \
-l /var/evm/adm/logfiles/evmlogger.log"
# Start the EVM Channel Manager as a synchronized client:
start_sync "/usr/sbin/evmchmgr \
-l /var/evm/adm/logfiles/evmchmgr.log"
# Event retrieval service definition: service {
name event_get
command "/usr/sbin/evmget_srv"
}
# Set up an activity monitor. activity_monitor {
name event_count # currently the only
supported monitor
period 10 # count over a 10 minute
period
threshold 500 # perform action after
500 events
holdoff 240 # wait 4 hours before
resuming }
# Disable remote communication (set following to "true" to
enable) remote_connection false
Location of the EVM authorization file. Location of the
EVM daemon configuration file. Definition of the sockets
and protocols used for Internet services.
Commands: evmd(8), evmreload(8)
Files: evmfilterfile(4), services(4)
Event Management: EVM(5)
System Administration
evmdaemon.conf(4)
[ Back ] |
