evmlogger.conf.4 (2010 09)

e
evmlogger.conf(4) evmlogger.conf(4)
Keyword Minimum
alternate 3
command 4
configdir 7
eventlog 0
exclude 3
explicit_target 4
filter 4
forward 4
include 3
logfile 3
maxqueue 4
maxsize 3
name 0
period 0
show_template 4
suppress 4
threshold 0
type 0
Notes
1. The logger only allows a single instance of each forwarding command to execute at one time and
queues any events that arrive while an instance is already running. The forwarder ignores events
that arrive while the queue is full. To minimize the chances of queuing or missing events, avoid
using the forwarding facility to run commands that may take significant time to execute.
2. If you specify a forwarding command that may itself cause events to be posted (for instance, mail
commands may post syslog events that are routed to EVM), the forwarding filter explicitly should
exclude those events. Otherwise, it is possible that an infinite event loop will occur.
3. To allow your file to be used on or ported to other systems that support EVM in the future, use the
built-in macro
@SYS_VP@ instead of the first two components (sys.unix) of the name of any sys-
tem event.
Using the built-in macro makes it unnecessary to change the file if the other system uses a different
event name prefix.
EXAMPLES
This example initiates the evmlogger command with the following configuration:
Binary events are written to a file in the
/var/evm/evmlog
directory named evmlog.xxx where xxx
is the current year, month, and day. For example,
/var/evm/evmlog/evmlog.19981217
.
An alternate log path is specified in case of write failures to the primary log path.
A new generation of the log is started automatically if the size exceeds 256 KB.
All events with a priority of at least 200 are selected for logging.
Duplicate events are suppressed.
Events with a priority of at least 600 are displayed on the system console as formatted events, showing
the timestamp, the priority and the event’s message.
Events with a priority of at least 600 are also mailed to root.
A maximum of 20 events is queued for forwarding to root when an instance of the forwarding command is
already running.
eventlog
{
name evmlog
logfile /var/evm/evmlog/evmlog.dated
type binary
maxsize 256 # KB
alternate /altlogs/evmlog/evmlog.dated
# Log all events with priority >= 200:
HP-UX 11i Version 3: September 2010 − 5 − Hewlett-Packard Company 5