evmlogger - Event Manager logger
/usr/sbin/evmlogger [-c config_file] [-l log_file] [-o
info_file]
Sets the configuration file to config_file. The default
is /etc/evmlogger.conf. Sets message output to log_file.
The default is stderr. When the logger starts it renames
any previous message file by appending to its name, and
creates a new file. Specifies the name of an output file
to hold summary details of the current run session.
None
About the EVM Logger
The Event Manager (EVM) logger is started automatically by
the EVM daemon at startup. It reads from its configuration
file /etc/evmlogger.conf a set of definitions of
event logs and forwarders, each with its own filter
string. The logger combines the individual filter strings
to produce a single compound string, connects to the EVM
daemon, and uses the compound filter string to establish
its event subscription. The logger then writes each incoming
event to each of the event logs or forwarders whose
individual filter string it matches. The logger can also
be configured to log events received from remote systems.
Logger Configuration [Toc] [Back]
By default, the logger reads its configuration from
/etc/evmlogger.conf. The -c option can be used to override
this. If the logger's configuration file is changed while
the logger is running, the evmreload -l(8) command should
be used to instruct it to reconfigure itself.
The logger reconfigures itself when evmreload -l is run,
or upon receipt of a SIGHUP signal.
There is no limit to the number of instances of the logger
which may be running, and individual users or applications
can make use of it to monitor and log interesting events.
However, they must provide their own configuration files.
Secondary logger configuration files can be used to add
event logs or forwarders without modifying the primary
configuration file, /etc/evmlogger.conf. The location of
secondary configuration files can be specified in the primary
configuration file by using the configdir keyword.
The default (and recommended) location is
/var/evm/adm/config/logger.
The logger searches the named directory and any subdirectories
for files whose names end with the characters the
configuration lines in those files in the same way it processes
lines in the primary configuration file.
A syntax error found in a secondary configuration file
results in an error message and the rejection of the file
but does not prevent the primary configuration file or any
other secondary files from being processed.
It is important that secondary logger configuration files
or directories are given appropriate permissions because
the logger is run with root privileges and can execute
commands specified in any secondary configuration file.
The logger rejects any configuration files that are not
properly secure and posts a warning event. See evmlogger.conf(4) for details of acceptable permissions.
In a cluster environment, the logger configuration files
usually are shared by all the cluster members. If you have
a requirement for a member-specific event log or forwarder,
you can specify it in a secondary configuration
file and place a context-dependent symbolic link (CDSL) in
the secondary configuration directory to reference the
file. See mkcdsl(8) for information about creating a CDSL.
Event Logging [Toc] [Back]
Event logs may be files or terminal devices. If a terminal
device is given as a log, the logger automatically formats
the event for display. If a log is a file or any device
other than a terminal, and the log is not specified as a
formatted log, the logger writes events to it in canonical
(binary) form.
If a log is a disk file, the logger creates the file if
necessary. If the log name ends in the characters replaces
that suffix with the current date in the form yyyymmdd,
and begins a new file when the first event is written to
the log each day. A lock file with a suffix of is created
to protect the log file while it is being written.
A log can be configured to start a new file when it
reaches a certain size. Successive generations of the same
log are given the suffix _n, where n is the generation
number of the file. A generation control file, with a
suffix of to control the generation sequence.
If the logger is writing to the log file, and the file
becomes unavailable or unwritable for any reason, the logger
switches to the alternate log file if one has been
configured. Otherwise the log is disabled.
If the logger is writing to the alternate log, and the
error condition that caused it to switch has been cleared,
you can revert to the primary path by using the evmreload
-l command.
Event Forwarding [Toc] [Back]
If a forward command is specified, the logger executes the
command when any incoming event matches the forwarding
filter and pipes the incoming event into the command's
stdin stream.
The logger executes forwarding commands asynchronously and
continues to handle events while commands are running.
However, to ensure proper sequencing, it only allows one
instance of each command to run at a time. If a command is
running and another event arrives that matches the forwarder's
filter, the event is queued until the command
terminates, at which time the logger reruns it with the
next queued event. The size of each forwarder's queue is
limited and can be controlled using the maxqueue keyword.
To minimize the chances of queuing or missing events, you
should avoid using the forwarding facility to run commands
that may take significant time to execute. See evmlogger.conf(4) for more information on setting the queue
limit.
Remote Logging [Toc] [Back]
By default, only events posted through the local EVM daemon
are handled by the logger's event logs and forwarders.
You can configure the logger to subscribe for events from
remote systems in addition to local events by including
one or more remote_hosts groups in its configuration. See
evmlogger.conf(4) for more information.
Note
Remote logging requires that the EVM daemons running on
the remote systems are configured to accept remote connections.
See evmdaemon.conf(4) for more information.
Event Suppression [Toc] [Back]
If an incoming event matches the suppression filter associated
with an event log or forwarder, the event is considered
for suppression. In the case of an event log this
reduces the risk of wasting storage space by logging
repeated instances of the same event, and for a forwarder
it reduces the risk of sending replicated mail messages
reporting the same event over a short period. For a full
discussion of the configuration values which control suppression
see evmlogger.conf(4).
The following exit values are returned: Successful completion.
An error occurred.
Executable file Default logger configuration file Error
log Run information file
Commands: evmchmgr(8), evmd(8), evmget(1), evmreload(8),
evmshow(1), evmstart(8), evmstop(8), kill(1)
Files: evmdaemon.conf(4), evmlogger.conf(4)
Event Management: EVM(5)
EVM Events: EvmEvent(5)
Event Filter: EvmFilter(5)
evmlogger(8)
[ Back ] |
