|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
|
|
|
|
Most adapters come with a configuration file containing configuration options and filters. This file is read by an adapter when it is started. By modifying this file, you can reconfigure an adapter at anytime, without having to modify the adapter source code. To have your configuration changes take effect, simply stop and restart the adapter. A configuration file usually has an extension of .conf; see each specific adapter chapter for exact file names.
The TME UNIX log file adapter receives raw log file information from the UNIX syslogd daemon, formats it, and sends it to the IBM Tivoli Enterprise Console gateway. The IBM Tivoli Enterprise Console gateway then sends the information to the event server. The non-TME UNIX log file adapter sends information directly to the event server.
The UNIX log file adapter adds entries into the /etc/syslog.conf file to enable the adapter to monitor events that the syslogd daemon writes to various log files. The adapter can also be configured to monitor any ASCII log file for information that is important to the operation of your enterprise.
The UNIX log file adapter can only parse log files that create raw event information in single-line form for each event. You must preprocess log files that contain raw event information in multiple-line form or if the update quantity or rate is extremely high.
This chapter explains how to configure and start the UNIX log file adapter.
The configuration file defines the behavior of the adapter. The configuration file can have the common keywords described in Configuration File, as well as the following custom keywords:
If a file truncates while the adapter is active, the adapter automatically resets its internal pointer to the beginning of the file. If during the polling interval the file is overwritten, removed, or recreated with more lines than the previous poll, only the number of lines greater than the previous line count is read. For example, the file has one line. After the poll interval elapses, the file is overwritten with two lines. Only the second line is read on the next polling.
By default, an adapter expects its configuration file (along with its format, CDS, and error files) to be located as shown in the
following table. For Windows and Windows NT, the syntax shown is correct when running the bash interpreter.
| Adapter Type | Node Type | Location |
|---|---|---|
| TME | Managed node | $BINDIR/TME/TEC/adapters/etc/ or /etc/Tivoli/tecad/etc (which is a link to the TME adapter directory) |
| Endpoint | $LCFROOT/bin/$INTERP/TME/TEC/adapters/etc or /etc/Tivoli/tecad/etc (which is a link to the TME adapter directory) | |
| non-TME | Not applicable | path/etc where the adapter was manually installed or /etc/Tivoli/tecad/etc (which is a link to the TME adapter directory) |
For information about directory structures and system variables (those beginning with $), see the Tivoli Management Framework Planning for Deployment Guide.
Each non-blank line that does not begin with the comment sign (#) is of one of the following forms:
keyword=value
Filter:CLASS=class_name;attribute=value;
FilterCache:CLASS=class_name;attribute=value;
# # Communication Parameters # ServerLocation=ravel ServerPort=5529 # # Event Filters # Filter:Class=disk_event Filter:Class=Su_Success;origin=126.32.2.14
Keywords use the following format: keyword=value
Some adapters have additional keywords specific to them. See each specific adapter chapter for descriptions of these keywords. Adapters do not issue error messages for misspelled keywords or keywords set to a value that is not valid. Do not use blank spaces in keyword statements unless enclosed in single quotation marks (however, you cannot use quotation marks at all with the HPOVFilter keyword in the HPOV adapter). Do not use class names not defined in a BAROC file with configuration options.
A configuration file can contain the following keywords, which are common to most adapters:
The BufEvtMaxSize keyword is optional.
ACF defines $TIVOLIHOME on each endpoint; you cannot change its value.
| Operating System | Default Path | $TIVOLIHOME Value |
|---|---|---|
| UNIX | $TIVOLIHOME/tec/ tecad_adapter.cache | /etc/Tivoli |
| Windows, Windows NT | $TIVOLIHOME\tec\ tecad_adapter.cache | %SystemRoot%\system32\ drivers\etc\Tivoli |
The AS/400(R) adapters do not use this keyword.
This keyword is required when the BufferEvents keyword is set to YES.
The BufferEvents keyword is optional.
The BufferFlushRate keyword is optional.
When connection_less is specified or used by default, a new connection is established (and discarded) for each event or group of events that is sent. When connection_oriented or one of its abbreviations is specified, a connection is established at adapter initialization and is maintained for all events sent. A new connection is established only if the initial connection is lost. The connection is discarded when the adapter is stopped.
The ConnectionMode keyword is optional.
A Filter statement must contain the event class, and optionally can include any other attribute=value pair that is defined for the event class. The format of a filtering statement is the following:
Filter:Class=class_name;[attribute=value;...;attribute=value]
Each statement must be on a single line. The attribute=value pair is case sensitive.
This keyword is optional.
A FilterCache statement must contain the event class (class_name) and can include any attribute=value pair that is defined for that event class. The format of a filtering statement is the following:
Filter:Class=class_name;[attribute=value;...;attribute=value]
Each statement must be on a single line. The attribute=value pair is case sensitive. You must specify the Filter keyword, when you use the FilterCache keyword. Additionally, the FilterCache statement must specify the same class or subset of classes that the Filter statement specifies.
This keyword is optional.
For information about how to use filtering keywords to send, cache, and discard events, see Event Filtering.
This keyword is optional.
The default value for this option is NO.
When this keyword is set to YES, you must also specify the Pre37ServerEncoding keyword.
This option allows an adapter to send all events to the primary event server even if the primary event server is stopped briefly, such as when loading a new rule base.
If you use this option to wait for restarting an event server, set the value for a period of time longer than necessary for the event server to be stopped and then restarted.
The RetryInterval keyword is optional. The default is 120 seconds.
| Adapter Type | Format |
|---|---|
| TME | EventServer |
| TME in an interconnected Tivoli management region | EventServer#region_name |
| non-TME | host_name or IP_address. Use the dotted format for IP_address. |
For TME adapters on managed nodes and non-TME adapters, ServerLocation can contain up to eight values, separated by commas. The first location is the primary event server, while others are secondary servers to be used in the order specified when the primary server is down.
For endpoint adapters, secondary event servers, if any, are defined in the IBM Tivoli Enterprise Console gateway configuration file. Only specify a primary event server in an endpoint adapter configuration file.
The default is EventServer. To use a non-TME value for ServerLocation, see Configuration File for more information.
The ServerLocation keyword is required.
The ServerPort keyword can contain up to eight values, separated by commas. For non-TME adapters that send events to a UNIX event server, use the default value of zero (0) (only one value of zero, even if multiple UNIX event servers are specified with the ServerLocation keyword). For non-TME adapters that send events to a Windows event server or a Tivoli Availability Intermediate Manager (AIM), specify one value for each event server defined with the ServerLocation keyword.
The ServerPort keyword is optional when the event server is running on UNIX, but mandatory when running on Windows.
The TestMode keyword is optional.
Normally, an adapter sends all events to the event server. You can optionally specify events that can or cannot be sent to the event server. You can do this by specifying the event class and such information as the origin, severity, or any other attribute=value pair that is defined for the event class. The class name specified for an event filter entry must match a defined class name; an adapter does not necessarily have knowledge of the class hierarchy.
Depending on how you specify the Filter and FilterMode keywords, filtered events are either sent to the event server or discarded.
To use non-English characters in a Filter statement, you must enter the non-English characters in the local encodings.
You can also use Tcl regular expressions in filtering statements. The format of a regular expression is re:'value_fragment'.
The following example shows a Filter statement with a regular expression. This filter statement matches all events with a class name that contains TEC_ somewhere in its name:
Filter:Class=re:'TEC_.*'
The following example shows a FilterCache statement with a narrower range. This filter statement matches all events with a class name that contains TEC_ somewhere in its name and has a severity of critical:
FilterCache:Class=re:'TEC_.*';severity=CRITICAL
For more information about Tcl regular expressions, see a Tcl user's guide.
The following table shows some event filter examples for a few different adapters:
| Adapter | Example |
|---|---|
| AS/400 Alert | The following entry matches all events of the SNA_Equipment_Malfunction
class from the origin 1.2.3.4:
Filter:Class=SNA_Equipment_Malfunction;origin=1.2.3.4 |
| UNIX Log File | The following entry matches all events of the Su_Success class
from the origin 126.32.2.14:
Filter:Class=Su_Success;origin=126.32.2.14 |
| OpenView | The following entry matches all events of the OV_Message class
from the origin 126.32.2.14:
Filter:Class=OV_Message;origin=126.32.2.14 |
| Windows NT | The following entry matches all events of the NT_Power_Failure
class from the origin 126.32.2.14:
Filter:Class=NT_Power_Failure;origin=126.32.2.14 |
When an adapter is unable to connect to the event server or IBM Tivoli Enterprise Console gateway, it sends the events to a file if the BufferEvents keyword is set to YES. You can filter events sent to a cache file, similar to filtering events for the event server by using the FilterCache keyword.
There are no default event cache filters in the configuration files shipped with adapters.
The following procedures describe how to filter events with the FilterCache and FilterMode keywords, when the event server is unavailable:
The following table shows some event buffer filter examples for a few different adapters:
| Adapter | Example |
|---|---|
| AS/400 Alert | The following entry matches all events of the SNA_Equipment_Malfunction
class from the origin 1.2.3.4:
FilterCache:Class=SNA_Equipment_Malfunction;origin=1.2.3.4 |
| UNIX Log File | The following entry matches all events of the Su_Success class
from the origin 126.32.2.14:
FilterCache:Class=Su_Success;origin=126.32.2.14 |
| OpenView | The following entry matches all events of the OV_Message class
from the origin 126.32.2.14:
FilterCache:Class=OV_Message;origin=126.32.2.14 |
| Windows NT | The following entry matches all events of the NT_Power_Failure
class from the origin 126.32.2.14:
FilterCache:Class=NT_Power_Failure;origin=126.32.2.14 |
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019
