 |
» |
|
|
|
The logger
handles storage and forwarding of events, according to entries in
the /etc/evmlogger.conf configuration file. For
more information about configuration file, see evmlogger.conf(4). Example 3-3 “Sample Event Manager Logger Configuration
File Entries” shows sample entries
in a logger configuration file. An example of possible customization
of the logger is to direct output to a terminal in addition to a
log file.
Example 3-3 Sample Event Manager Logger Configuration
File Entries # Main log file:
/* This line begins an event log configuration group. */ |
/* This line provides a name for the the event log. Other portions of the configuration file may reference this name. */
name evmlog /* This line specifies that the log files are stored in the /var/evm/evmlog directory. Each day, when the log for that day is first written, the dated suffix is replaced by the date in the format yyyymmdd. */
logfile /var/evm/evmlog/evmlog.dated /* This line specifies that the type of events written to this log are binary events, rather than formatted (ASCII text) events. */
type binary /* This line specifies the maximum size of the log file in kilobytes (KB). In this case, if the size of the current log file exceeds 512 KB the logger closes it and creates a new log file, with a sequentially numbered suffix (for example, _2) appended to the file name. */
maxsize 512 # Kbytes # Uncomment the following "alternate" line and set the |
# logfile path to specify an alternate logfile in case
# of write failures. |
# The path must specify an existing directory. |
/ * If this line is not commented out (by #) and the sample path is replaced by the path name of an existing write-enabled directory, an alternate log file is opened in this directory if the primary directory becomes write-disabled. */
# alternate /your_alternate_fs/evmlog/evmlog.dated |
/* This line establishes the filtering conditions for events, determining which events are logged by this event log. See EvmFilter(5) for details of Event Manager filter syntax. The @SYS_VP@ entry is a macro that is replaced with sys.unix when the file is read.*/ |
# Log all events with priority >= 200, except procSM events:filter “[prio>=200] & (![name @SYS_VP@.procsm])”
/* These statements define the suppression parameters for this event log. In this case, suppression of a particular event begins if three or more duplicate events are received within 30 minutes. Suppression of duplicate events saves space in the log file. See evmlogger.conf(4) for a detailed description of event suppression. */
# Suppress logging of duplicate events:
suppress { filter "[name *]"
period 30 # minutes
threshold 3 # No. of duplicates before suppression
}
}
# Forward details of high-priority events to root: |
/* This line establishes conditions for forwarding events to the root user. An event forwarder executes a specified command string when selected events occur. It is useful for notifying the system administrator when a significant error occurs. */
forward { |
/* In this line, name identifies the forwarder.*/ |
/* The maxqueue queue_limit keyword limits the number of events that a forwarder
can queue while a previous event is being handled. If the maximum
number of events is already queued when a new event arrives, the
new event is ignored by this forwarder. If not specified, this
keyword has a default value of 100 events. If you specify a value
greater than 1000 events, the logger automatically limits it to
1000 events. */ |
maxqueue 200 # Don't forward mail events through mail /* This line establishes filtering for the events. As with an event log definition, the filter string specifies the set of events that are handled by this forwarder. To prevent an event loop from occurring if the mailer posts high-priority events, signifying a possible problem in the mail subsystem, mail events are explicitly excluded from this forwarder. */
filter "[prio >= 600] & ![name @SYS_VP@.syslog.mail]" /* These lines suppress multiple forwarding of events. The suppression mechanism for a forwarder is similar to that for an event log. Here, the purpose is to prevent the command from being sent multiple times in a short period because of the same event being posted repeatedly. In the example, a particular event is forwarded once every two hours at most.*/ suppress { filter "[name *]"
period 120 # minutes
threshold 1 # No. of duplicates before suppression
}
# This evmshow command writes a subject line as the first
# line of output, followed by a detailed display of the
# contents of the event.
# The resulting message is distributed by mail(1). /* This line defines the command that executes when an event is handled by the forwarder. The event is piped into the command's stdin stream. The result of this command is shown in the comments preceding the command line. */
command "evmshow -d -t 'Subject: EVM ALERT [@priority]: @@' |
mail root" # Limit the number of events that can be queued for this
# command:
maxqueue 100
}
# Secondary configuration files can be placed in the following
# directory. See the evmlogger.conf(5) reference page for
# information about secondary configuration files.
configdir /var/evm/adm/config/logger
|
|
If you make any changes to the logger configuration file,
you must run the evmreload command to inform
the changes to the logger. For more information about the evmreload command,
see evmreload(1M). |
Printable version
