Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Event ManagerProgrammer's Guide: HP-UX 11i v3Edition 1 > Chapter 4 Sample EVM Programming Operations

Adding an Event Channel to EVM
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The term event channel describes any facility that you can use to publish or retrieve event information. It can also refer to any of the following:

  • Simple log file

  • Event management system

  • Program that can be run to obtain a snapshot of status information

An event channel may be an active channel, in which case it posts its own event information to EVM as soon as the event occurs, or a passive channel, in which the information may accumulate within the channel but EVM has to take the action to look for it.

An event channel does not have to be a formal event notification mechanism. It can be anything that is capable of storing information or showing a status or a change of state. For example:

  • If an application or a system component writes state information to its own log file, each entry in the log file is considered as an event. The log file can be checked periodically for new entries, and an event can be posted for each new entry that is found. The log file also serves as a place from which events can be retrieved.

  • Some applications and system components provide a means of querying status. In these cases, the status can be monitored periodically, and an event can be posted whenever a significant change is detected. This type of event channel typically does not include a means of storing event information. Therefore EVM's own logging mechanism can be used to log the events.

  • If a central part of an application handles all event information for the application, you can modify the handling code so that it also forwards event information to EVM. This is an example of an active event channel.

The process of taking an existing event channel and making it accessible through EVM is termed encapsulation.

EVM event channels are configured through the channel configuration file. This file is read by the EVM channel manager when EVM starts, and is also used by command-line utilities when channel information is needed. When you modify this file, you must inform the channel manager of the change by entering the following command:

evmreload -c

For more information about the syntax of the channel configuration file, see evmchannel.conf(4). You can encapsulate an event channel by providing a set of executable programs to handle various channel functions. Following are the channel related functions:

  • The get function — Retrieves historical events from the channel when evmget is run.

  • The details function — Provides a detailed display of an event stream when evmshow is run with the -d option.

  • The explain function — Provides explanatory text for an event stream when evmshow is run with the -x option. This function is also typically invoked by the channel's details function.

  • The monitor function — Executed periodically by the EVM channel manager to check the channel status and post events if necessary.

  • The cleanup function — Executed daily by the EVM channel manager to perform any cleanup actions necessary for the channel.

Each of these functions is optional, and is defined for the channel by including the appropriate entry in a channel definition in the channel configuration file. Channel functions can be any kind of executable file.

Channel functions that use temporary files must clean up the files before exiting, and the functions must also be able to clean up if they are interrupted.

You must also perform the following actions:

  • Add event templates for any events which may be posted or retrieved through a new event channel. For more information about adding event templates, see “Designing Event Templates” .

  • Ensure that the events are given the correct posting and access privileges, by modifying the EVM authorization file as necessary. For more information about how to control access to events, see the HP-UX System Administration document.

The Get Function

The channel get function is executed by the EVM get_server, which is executed by the EVM daemon to handle event retrieval requests made through evmget. This function is always executed as superuser and must take appropriate security precautions.

The function must support the following invocation syntax:

function-name [-f filter-string]

If required, other arguments may be passed to the function by including them in the function's line in the channel configuration file.

When you run the get function, it performs the following actions:

  • Retrieve events from the channel's log files

  • Convert them to EVM event format

  • Write the EVM events to its stdout stream.

If a filter-string is supplied, only events that match the filter can be written to stdout. Error messages can be written to stderr and are passed back to evmget for output to its stderr stream. Hence, ensure that they are clearly identified as originating in this function. Do not write anything other than EVM events to stdout.

The form of a get script depends on the form in which the native events are stored. Complete the following steps:

  1. Use standard UNIX tools such as grep, awk, and sed, or a programming language such as perl, to select the event lines, removing blank lines and comments, and reformat them as necessary for the next step. This must be a reasonably simple matter if the events are single lines of text, with a constant format in each line, and include items such as a timestamp, host name, and message in the same position in every line.

  2. Convert the lines into EVM events. You can do this by using UNIX tools to format the lines into a form suitable for input to evmpost. Use the -r option in evmget command line to produce EVM events on stdout instead of posting them. Alternatively, for a faster conversion, you can use the EVM channel utility /usr/share/evm/channels/bin/text2evm to do the conversion. This tool currently requires input of the form:

    Where:

    • evm-event-name is the NAME of the EVM event that will be produced by the tool. The first few components of the names of all events passed through a particular channel must be the same, so that the events can be associated with the channel.

    • date and time constitute the TIMESTAMP item for the event. The components of the date must be in the basic format year/month/day, where the slash (/) characters can be replaced by any of the following characters:

      hyphen (-), colon (:), period (.)

      This format allows variations in logfile formats and minimizes the amount of conversion required in a shell script:

      • The year can be two or four digits, or can be replaced with the question mark (?) character. If four digits are supplied, the year is taken unchanged. If two digits are supplied, and the value is 90 or greater, 1900 is added to the value to give the year. If the value is less than 90, 2000 is added to it. If a (?) character is supplied instead of a year, the tool calculates the implied year by comparing the current date with the month and day fields in the supplied timestamp. If the timestamp month and day represent a date that is later than the current date, the year value defaults to the previous year; otherwise, it is assumed to be the current year.

      • The month may be either a two-digit month in the range 1-12 or an alphabetic month name in either abbreviated (for example, Feb) or unabbreviated form (February). The month name may be supplied either in English or in the language of the system's default locale.

      The time must be in the format hours:minutes:seconds.

    • host is the HOST_NAME item, and can be determined using the hostname command.

    • user is the USER_NAME item. If all entries in the log are written by a single application program or subsystem, it is appropriate to set the user field to the owner of the logfile.

    • message is the message text for the event, and is inserted into the event as the FORMAT data item.

  3. If a filter-string was supplied, pass the output through evmshow, using the -f and -r options, to restrict the output as set in the filter.

  4. Finally, if you want the retrieved events to include data items contained in the events' templates, you can pipe the output through the EVM channel utility, /usr/share/evm/channels/bin/merge_template. This program reads EVM events on stdin and obtains the corresponding template for each event from the EVM daemon. It then merges the template information into the event and writes the resulting expanded event to stdout.

If your channel's log files are difficult to convert to EVM format — for example, because each entry is made up of multiple unstructured lines of text, which cannot be parsed easily — do not supply a get function, instead allow the events to be logged by the EVM logger as they are posted. This consumes more storage space, because the events are stored in two places, but it may significantly improve retrieval time and programming effort.

If you supply your own get function for the channel, be sure to change the filter strings in the EVM logger's configuration file, so that your events are not duplicated in the EVM log. For more information on how to change the logger's configuration file, see the HP_UX System Administration document.

The Details Function

The details function is invoked by evmshow command line with -d option. Although the function is currently run with the privileges of the user running evmshow, it is likely to change in a future release. Hence, it is important that the function takes appropriate security precautions.

The function must support the following invocation syntax:

function-name [arguments]

If arguments are specified in the details function line in the channel configuration file, they are passed directly to the function when it is executed. The details function must accept a stream of EVM events through stdin, and display a stream of text on stdout that describes the contents of each event. Various forms of evmshow (notably -x and -D) are likely to be useful in producing the output. However, you must not use the -d option because it results in a recursive loop.

Unless redirected, messages written to stderr appears on evmshow's stderr stream. Hence, if needed, they must be clearly identified as being written by this function.

You can use the evmlog channel function, /usr/share/evm/channels/evmlog/evmlog_details as a model for developing a details script for a new channel. If you do not supply a details function, evmshow displays a formatted dump of the contents of any event belonging to the channel whenever a detailed view is requested.

The Explain Function

The explain function is executed by evmshow when the command is invoked with the -x option. Although it is currently executed with the privileges of the user executing evmshow, this is likely to change in future release. Hence, it is important that the function takes appropriate security precautions. The function must support the following invocation syntax:

function-name event-name [reference]

The explain function is invoked with the name of the event requiring explanation and an optional reference value. If supplied, the reference is the contents of the event's reference data item. If no reference is available, evmshow passes a hyphen (-) for this argument, but the function must also allow the argument to be omitted.

The explain function must use its arguments to produce a formatted explanation for the supplied event name, and write it as lines of text to stdout. If no explanation can be found, an appropriate message must be written to stdout in place of the explanation. Unless redirected, messages written to stderr appears on evmshow's stderr stream. Hence, if they are needed, they must be clearly identified as being written by this function.

Your explain function can invoke the evmlog explain function, /usr/share/evm/channels/evmlog/evmlog_explain, provided the following conditions are met:

  • In addition to the event-name argument, you pass a reference argument of the form:

    cat:catalog-name[:set_number]

    Where:

    - catalog-name is the name of an I18N catalog file containing the explanations for your channel's events

    - the optional set_number is the number of the message set containing the explanation, for example, cat:myprod.cat:3.

  • Each explanation in the catalog begins with the name of an event enclosed in braces, for example, {myco.myprod.myapp.startup}.

The message catalog must be located according to normal I18N rules. To minimize search time, group the explanations into sets and provide the set numbers in the reference data items of the events. For information about procedures to generate a catalog file, see mkcatdefs(1) and gencat(1).

The Monitor Function

The monitor function is executed by the EVM channel manager. It is executed with an -init argument when the channel manager starts. Each time the channel manager is reconfigured with evmreload, execute the function without the -init argument. The execution period is controlled with the mon_period channel value. This function is always executed as superuser and must take appropriate security precautions.

The function must support the following invocation syntax:

function-name [init]

You can use the presence or absence of the Init argument to decide whether the function needs to initialize any work files that it has to maintain. If required, you can pass additional arguments to the function by including them on the command line in the channel configuration file.

NOTE: The init argument is always passed as the last argument.

There are no restrictions on the actions that can be taken by the monitor function, although its job is to check the status and post events if it detects a change of state.

The function is invoked with no stdout and stderr assigned to the channel manager's log file. If the function does not reassign stderr, any messages written to it must have the same format as the channel manager's log entries and must be clearly identifiable as coming from your channel. Alternatively, you can post error messages as EVM events. However, you must not report the same condition unnecessarily each time the function in invoked.

Example 4-11 “ Sample Monitor Script” illustrates the monitor script that initializes itself by counting the number of lines in a log file, and saving the count in a state file. On subsequent invocations, it compares the number of lines in the file with the previous number, extracts each new line with the UNIX tail command, and posts it as an EVM event with evmpost.

Example 4-11  Sample Monitor Script

#! /bin/shINIT=$1STATE=/tmp/mylog.stateLOG=/tmp/mylogEVENT_NAME=sys.unix.evm# No log?  Create one!if [ ! -f $LOG ]then    touch $LOGfi# If we're initializing then save the current logfile# state and exit:if [ "$INIT" != "" ]then    # Count the lines in the demolog, and save the count# in the state file:    wc -l $LOG | awk '{print $1}' > $STATE    exitfi# Find out how many lines there were in the file last time# we checked:OLDCOUNT=`cat $STATE`# How many now?NEWCOUNT=`wc -l $LOG | awk '{print $1}'`if [ $NEWCOUNT > $OLDCOUNT ]then    # Save the new line count to the state file:    echo $NEWCOUNT > $STATE# What's the difference between the old and new counts?    diff=`expr $NEWCOUNT - $OLDCOUNT | awk '{print $1}'`# Post an event for each new line:tail -$diff $LOG | while read LINE    do        echo 'event { name '${EVENT_NAME} \            ' var {name msg type STRING value "'$LINE'"} }' | evmpost    donefi

The Cleanup Function

The cleanup function is executed daily by the EVM channel manager, at the time specified in the channel configuration file, to perform housekeeping actions such as archiving and deleting the channel's log files. This function is always executed as superuser and must take appropriate security precautions.

The cleanup function can be run from the command-line along with the arguments. The function is allowed to take whatever action is appropriate. It is executed with no stdout or stderr assigned to the channel manager's log file. Hence, any desired status messages must generally be issued in the form of EVM events by using evmpost, instead of being written to stderr. If the function does not reassign stderr, any messages written to it must have the same format as those written by the channel manager and must be clearly identifiable as coming from your channel. Nothing must be written to stdout.

Write the function so that it has the same effect regardless of the time of day at which it is run. For example, it can use the -m time option of the find command to identify log files to be archived.

Channel Security

In most cases, channel functions are executed by processes that are children of the EVM daemon, and, as a result, they are run with full root privileges. Hence, you must protect your system's integrity by ensuring the following:

  • Functions are placed in a directory that has restricted write privileges.

  • Functions themselves have restricted write and execute privileges.

  • Functions do not call other programs that have inappropriate privileges.



Dealing with Missed Events
  		 


Index  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.