Manualshelf

HP-UX Event ManagerAdministrator's Guide

ManualsBrandsHP ManualsSoftwareHP Event Monitoring Service Software
41424344454647484950
Using Event Manager
Monitoring Events
Chapter 242
waits to receive events. As events arrive, the evmwatch command writes
them to the standard out stream (stdout) as binary Event Manager
events.
You cannot display the output of the evmwatch command because it is a
stream of binary events. You must use the evmshow command to format
the events. The following example monitors all events, and displays them
on your terminal as they occur:
# evmwatch | evmshow -t "@timestamp [@priority] @@"
Depending on your system type, and the level of event activity, this
command may run for a while before any events are displayed. The
command continues to run until you terminate it to regain control of
your terminal, usually by pressing Ctrl/C.
When a system is operating correctly, many of the events posted are
low-priority informational events. You may want to filter these events
out, particularly if your system has a high level of event activity. You can
do this by supplying a filter to the evmwatch command:
# evmwatch -f "[priority >= 400]" | evmshow -t "@timestamp
[@priority] @@"
This example watches for events with a priority of error equal to 400 or
higher. You can change the filter string to exclude any set of events that
occur regularly and are uninteresting. Alternatively, you may need to
watch for a particular set of events.
The preceding examples do not show the output of evmshow piped into
more for display, because evmwatch is a realtime monitor. The evmwatch
command displays events as they occur, rather than displaying them
from a file. A command like pg or more may wait for the operator to
intervene before reading more data from its input pipe; over time, this
could lead to congestion in the pipeline. The Event Manager daemon
cannot wait for its client (the evmwatch command) to clear its backlog;
this results in the evmwatch command missing events. You should
display the output from the evmwatch command directly on a terminal
window, instead of piping commands to more or pg.
Avoid piping the output of the evmwatch command into the evmsort
command because the evmsort command cannot sort events until it
reads to the end of its input. As a monitoring program, the evmwatch
command usually waits for input until it is killed explicitly. As a result, if
you pipe the output of the evmwatch command directly into the evmsort
command, there is no output from the evmsort command.