|HP-UX Reference > E
HP-UX 11i Version 3: February 2007
evmlogger — Event Manager logger
The Event Manager (EVM) logger is started automatically by the EVM daemon at startup. It reads from its configuration file, /etc/evmlogger.conf. It reads a set of definitions of event logs and forwarding information, each with its own filter string. The logger combines the individual filter strings to produce a single compound string, connects to the EVM daemon, and uses the compound filter string to establish its event subscription. The logger then writes each incoming event to each of the event logs. The logger may also write the incoming event to forwarders whose individual filter string it matches.
By default, the logger reads its configuration from /etc/evmlogger.conf. To specify a different configuration file, use the evmlogger -c config_file command. If the logger's configuration file is changed while the logger is running, use the evmreload -l command to instruct the logger to reconfigure itself. See evmreload(1M).
The logger reconfigures itself when evmreload -l is run, or upon receipt of a SIGHUP signal.
There is no limit to the number of instances of the logger which may be running. Individual users or applications can make use of it to monitor and log interesting events. However, they must provide their own configuration files.
Secondary logger configuration files can be used to add event logs or forwarders without modifying the primary configuration file, /etc/evmlogger.conf. The location of secondary configuration files is specified in the primary configuration file by using the configdir keyword. The default (and recommended) location is /var/evm/adm/config/logger.
The logger searches the named directory and any subdirectories for files with names ending in .conf. The logger processes the configuration lines in those files in the same way it processes lines in the primary configuration file.
A syntax error found in a secondary configuration file results in an error message and the rejection of the file. However, rejection of one file does not prevent the primary configuration file or any other secondary files from being processed.
It is important that secondary logger configuration files or directories are given appropriate permissions because the logger is run with root privileges and can execute commands specified in any secondary configuration file. The logger rejects any configuration files that are not properly secure and posts a warning event. See evmlogger.conf(4) for details of acceptable permissions.
Event logs may be files or terminal devices. If a terminal device is given as a log, the logger automatically formats the event for display. If a log is a file or any device other than a terminal, and the log is not specified as a formatted log, the logger writes events to it in canonical (binary) form.
If a log is a disk file, the logger creates the file if necessary. If the log file name ends with the characters .dated, the logger replaces that suffix with the current date in the form yyyymmdd, and begins a new file when the first event is written to the log each day. A lock file with a suffix of .lck is created to protect the log file while it is being written.
A log can be configured to start a new file when it reaches a certain size. Successive generations of the same log are given the suffix _n, where n is the generation number of the file. A generation control file, with a suffix of .gen, is created to control the generation sequence.
If the logger is writing to the log file, and the file becomes unavailable or unwritable for any reason, the logger switches to the alternate log file if one has been configured. Otherwise the log is disabled.
If the logger is writing to the alternate log, and the error condition that caused it to switch has been cleared, you can revert to the primary path by using the evmreload -l command.
If a forward command is specified, the logger executes the command when any incoming event matches the forwarding filter. The logger then pipes the incoming event into the command's stdin stream.
The logger executes forwarding commands asynchronously and continues to handle events while commands are running. However, to ensure proper sequencing, the logger allows only one instance of each command to run at a time. If a command is running and another event arrives that matches the forwarder's filter, the event is queued until the command terminates. At which time the logger reruns it with the next queued event. The size of each forwarder's queue is limited and is controlled using the maxqueue keyword. To minimize the chances of queuing or missing events, avoid using the forwarding facility to run commands that may take significant time to execute. See evmlogger.conf(4) for more information on setting the queue limit.
By default, only events posted through the local EVM daemon are handled by the logger's event logs and forwarders.
If an incoming event matches the suppression filter associated with an event log or forwarder, the event is considered for suppression. For an event log, suppressing an event reduces the risk of wasting file storage space by logging repeated instances of the same event. For a forwarder, suppressing an event reduces the risk of sending replicated mail messages reporting the same event over a short period. For a full discussion of the configuration values which control suppression see evmlogger.conf(4).
The following exit values are returned: