HP-UX Event ManagerProgrammer's Guide

ManualsBrandsHP ManualsSoftwareHP Event Monitoring Service Software

The form of a get script depends on the form in which the native events are stored. Complete

the following steps:

1. Use standard UNIX tools such as grep, awk, and sed, or a programming language such as

perl, to select the event lines, removing blank lines and comments, and reformat them as

necessary for the next step. This must be a reasonably simple matter if the events are single

lines of text, with a constant format in each line, and include items such as a timestamp, host

name, and message in the same position in every line.

2. Convert the lines into EVM events. You can do this by using UNIX tools to format the lines

into a form suitable for input to evmpost. Use the -r option in evmget command line to

produce EVM events on stdout instead of posting them. Alternatively, for a faster

conversion, you can use the EVM channel utility

/usr/share/evm/channels/bin/text2evm to do the conversion. This tool currently

requires input of the form:

Where:

• evm-event-name is the NAME of the EVM event that will be produced by the tool. The

first few components of the names of all events passed through a particular channel

must be the same, so that the events can be associated with the channel.

• date and time constitute the TIMESTAMP item for the event. The components of the

date must be in the basic format year/month/day, where the slash (/) characters can

be replaced by any of the following characters:

hyphen (-), colon (:), period (.)

This format allows variations in logfile formats and minimizes the amount of conversion

required in a shell script:

— The year can be two or four digits, or can be replaced with the question mark (?)

character. If four digits are supplied, the year is taken unchanged. If two digits are

supplied, and the value is 90 or greater, 1900 is added to the value to give the year.

If the value is less than 90, 2000 is added to it. If a (?) character is supplied instead

of a year, the tool calculates the implied year by comparing the current date with

the month and day fields in the supplied timestamp. If the timestamp month and

day represent a date that is later than the current date, the year value defaults to

the previous year; otherwise, it is assumed to be the current year.

— The month may be either a two-digit month in the range 1-12 or an alphabetic

month name in either abbreviated (for example, Feb) or unabbreviated form

(February). The month name may be supplied either in English or in the language

of the system's default locale.

The time must be in the format hours:minutes:seconds.

• host is the HOST_NAME item, and can be determined using the hostname command.

• user is the USER_NAME item. If all entries in the log are written by a single application

program or subsystem, it is appropriate to set the user field to the owner of the logfile.

• message is the message text for the event, and is inserted into the event as the FORMAT

data item.

3. If a filter-string was supplied, pass the output through evmshow, using the -f and -r options,

to restrict the output as set in the filter.

4. Finally, if you want the retrieved events to include data items contained in the events'

templates, you can pipe the output through the EVM channel utility,

/usr/share/evm/channels/bin/merge_template. This program reads EVM events

on stdin and obtains the corresponding template for each event from the EVM daemon.

It then merges the template information into the event and writes the resulting expanded

event to stdout.

If your channel's log files are difficult to convert to EVM format — for example, because each

entry is made up of multiple unstructured lines of text, which cannot be parsed easily — do not

54 Sample EVM Programming Operations