EVM, evm - Event Management
Introduction to Events and Event Management
The purpose of an event management system is to provide a
means for any system component or application to indicate
that something has happened that may be of interest to
some other entity. The indication is known as an event,
and the component posting the event is known as an event
generator or event poster. The entity interested in the
indication is known as an event subscriber.
When a system component has something interesting to
report, it makes the information available through an
event channel. The term event channel describes any
facility used to publish or retrieve event information,
and might refer to any of the following: A simple log file
An event management system A program that can be run to
obtain a snapshot of status information
An event management system is an active event channel, and
as such it provides services for distributing, storing and
retrieving event information.
The UNIX system logger, syslog, and the binary error logger,
binlog, are familiar examples of event management
systems. They provide simple event distribution facilities
for other components to use, and their daemons
actively manage the event information they receive. By
contrast, the cron daemon's log file, /var/adm/cron/log,
is an example of a passive event channel. The cron daemon
simply writes new event information to the end of its
file, and takes no special action to notify interested
entities when it does so.
In general, an event poster is unaware of any entities
that might be interested in its event information; it simply
uses an available event channel to post the event. It
is the responsibility of the event channel to decide how
to make the event available, and to whom. The event subscriber
is responsible for identifying an interest in
events to the event channel. A subscriber might be a
user-level process, a kernel subsystem, or (through some
utility program) a user.
About EVM [Toc] [Back]
The Tru64 UNIX Event Manager (EVM) is a comprehensive
event management system that, in addition to providing
traditional event handling facilities, unifies events from
many channels to provide a system-wide source of information.
For information about using EVM as an aid to system
administration, see the System Administration guide.
The EVM Event [Toc] [Back]
An EVM event is a package of information that can be
passed between programs and stored in files. The underlying
format of an event package is binary, but supplied
commands and programming interfaces can be used to extract
and display the information contained in an event. The
term raw event is used to refer to an event in its binary
state, while an event that has been converted to text form
for display is said to be formatted.
An EVM event may contain any or all of a set of standard
event data items, including (but not limited to) an event
name, a timestamp, a priority value and some message text.
An event may also carry any number of named variable data
items, each of which can hold further information about
the event. EVM events can carry events from other channels,
such as the binary error logger, by holding them in
variable data items.
Full details of the EVM event are provided in the
EvmEvent(5) reference page.
The EVM Daemon [Toc] [Back]
The EVM daemon, evmd, is started automatically when the
system is initialized to level 2. The daemon provides
posting and notification services for system and application
clients running on the local system and, in a cluster
environment, on other nodes of the cluster. The daemon
also can be configured to provide services to remote systems.
Refer to the evmd(8) and evmdaemon.conf(4) reference
pages for more information.
The EVM Logger [Toc] [Back]
The EVM logger, evmlogger, is an event subscriber that is
started automatically by the daemon. The logger reads its
configuration file to establish the set of events to be
logged, subscribes for those events, and stores them in
managed logfiles as they arrive. By default, the logger
also displays high priority events on the system console,
and mails information about them to the root user. The
logger can be configured to manage any number of logfiles,
each with its own selection of events, and to execute
user-supplied commands on receipt of selected events.
For more information refer to the evmlogger(8) and evmlogger.conf(4) reference pages.
The EVM Channel Manager [Toc] [Back]
The EVM channel manager, evmchmgr, is started automatically
by the daemon, and is responsible for managing timebased
event channel functions. The channel manager reads
the EVM channel configuration file and periodically runs
event monitoring commands for any configured passive channels.
The program also is responsible for running daily
logfile cleanup commands.
The channel manager and the channel configuration file are
described in the evmchmgr(8) and evmchannel.conf(4) reference
pages.
Command Line Utilities [Toc] [Back]
EVM's system administration facilities include a set of
command line utilities that can be used from the command
line or in shell scripts to post events, to monitor event
activity, to retrieve stored events from log files, and to
sort and view events in a variety of ways. The utilities
are designed to be used together in shell pipelines. For
more information refer to the evmpost(1), evmwatch(1),
evmget(1), evmsort(1) and evmshow(1) reference pages.
The Event Viewer [Toc] [Back]
The event viewer provides a graphical view of historical
events through the common system management interface.
The viewer can be launched through the SysMan Menu or
through the SysMan Station. Refer to the sysman(8) reference
page for more information.
Filtering Events [Toc] [Back]
Because a system may generate many events over the course
of a day, it is often desirable to limit your view to the
particular set in which you are interested. For example,
you may want to see the events posted by one particular
subsystem, or all events with a high priority value. EVM
events can be selected by using an event filter - a character
string that describes the selection using a predefined
filter syntax. You can use a filter to select events
according to several different criteria, including event
name, timestamp, priority and the name of the posting system.
You can use an event filter by specifying the -f option to
several of the EVM command line utilities, and the event
viewer provides a graphical filter builder window. The
EVM logger uses event filters in its configuration file to
select the actions to be taken when specific events occur.
Frequently-used event filters can be stored in filter
files for easy reference.
For details of the event filter syntax and the use of filter
files, refer to the EvmFilter(5) and evmfilterfile(4)
reference pages.
Event Template Files [Toc] [Back]
Event template files are used to control the set of events
that can be posted on a given system, and to provide a
central source for much of the information that is carried
in a given event. For example, the priority and message
text for a given event are likely to be the same each time
the event is posted, and centralizing this information
makes it much easier to see and maintain than if the
information was held in the posting program or the UNIX
kernel.
An event template file is a text file that holds template
information for one or more named events. A template file
must be installed before the events it describes can be
posted, and is read by the EVM daemon each time the daemon
starts or reloads its configuration. When an event is
posted, the daemon adds the information held in the template
to the posted event before distributing it to subscribers.
For more information about the purpose and the syntax of
template files see the evmtemplate(4) reference page.
Event Authorization [Toc] [Back]
Because the unrestricted ability to monitor or post certain
events could compromise security in some environments,
EVM provides a means of restricting the ability to
post and access selected events to specific authorized
users. Refer to the evm.auth(4) reference page for more
information.
The EVM Programming Interface [Toc] [Back]
The EVM application programming interface (API) library,
libevm.so, provides all the functions required for an
application program to create, post and subscribe for
events, to read and write them from and to standard file
descriptors, and to manipulate their contents. For a full
discussion of programming with EVM, refer to the Programmer's
Guide and the reference pages for the routines
listed in the SEE ALSO section.
EVM supports event posting and subscription in kernel
space through the pseudo-device driver /dev/kevm. See
kevm(7) for more information.
Commands: evmchmgr(8), evmd(8), evmget(1), evminfo(1),
evmlogger(8), evmpost(1), evmreload(8), evmshow(1), evmsort(1), evmstart(8), evmstop(8), evmwatch(1) sysman(8)
sysman_menu(8) sysman_station(8)
Routines: EvmConnControl(3), EvmConnCreate(3), EvmConnSubscribe(3), EvmConnWait(3), EvmEventCreate(3), EvmEventDump(3), EvmEventFormat(3), EvmEventPost(3), EvmEventRead(3), EvmEventValidate(3), EvmFilterCreate(3),
EvmItemSet(3), EvmSrvStart(3), EvmStatusTextGet(3), EvmVarSet(3)
Files: evm.auth(4), evmchannel.conf(4), evmdaemon.conf(4),
evmfilterfile(4), evmlogger.conf(4), evmtemplate(4),
kevm(7)
Misc: sys_attrs_kevm(5)
Event Callback: EvmCallback(5)
Event Connection: EvmConnection(5)
EVM Events: EvmEvent(5)
Event Filter: EvmFilter(5)
Programmer's Guide, System Administration
EVM(5)
[ Back ] |
