[prev in list] [next in list] [prev in thread] [next in thread] 

List:       evlog-developers
Subject:    [evlog-dev] [ANNOUNCE]  Enterprise Event Logging v1.4.0 is available for i386
From:       "Larry Kessler" <lkessler () us ! ibm ! com>
Date:       2002-06-12 14:59:21
[Download RAW message or body]

The project's homepage is http://evlog.sourceforge.net/

A summary of new features:

1. Log Management -- The evlogmgr command provides the ability to
 delete events from log file(s) that match user-specified criteria,
 compact and truncate log file(s), and manage the overall disk
 space required for log file(s).  The use of logrotate is no longer
 required.

2. Enhanced printk (available only for kernel version 2.4.18):

  * For printk() messages written into evlog's kernel event buffer
  the source file name, line number, and function name where
  printk() was called, as well as the original message, can be
  captured in each event record.

 * The log_event_type in these event records contains a unique
  value computed from the source file name, function name, and
  printk() format string.  This will help facilitate simple queries
  and more straightforward setup of event notification for
  specific printk() invocations.

  * And finally, the evlview command has a new option, --syslog,
  which displays the   printk() message from event records in the
  typical "syslog" format.  For example:

      May 30 09:29:42 host-1235 kernel: device ide1(22,0)

These new capabilities offer several possibilities for utilizing
Event Logging's features with existing printk() messages, while
having no impact on the normal operation of syslog.

3. Events with severity of EMER, CRIT and ALERT, and events with
 log_facility of AUTHPRIV, are fdatasync-ed (committed to physical
 disk) before event notification is sent.

4. Added fflush(stdout) when "evlview -n > file" option is used.
 Previously, buffered events were not committed to the file if the
 user does ctrl-c.  Also, a  change was made for "evlview -n" so
 that it would not terminate when the new evlogmgr command was
 executed.

5. Two new log_flags values in the event record:

  EVL_INTERRUPT (0x10) - Indicates that the event was logged from
   interrupt context.
  EVL_PRINTK_MESSAGE  (0x20) - indicates that event was originally
   written with the printk() function.   The log_facility will
   always be LOG_KERN for this event type.

6. Changes / additions to the evlview command:

 * Added the following options to the evlview command:
  -N | --newlines Specifies the exact number of newlines
                                between events.
  -p | --private  Specifies viewing of events from the
                                private log file
  -d | --datefmt  Provides custom date formatting using
                               the strftime() function
  -m | --syslog   See item (2) above for details
  -R | --recid    Optional with the --new option.  Specifies the
                displaying of events from the log file with record
                ids greater than or equal to the specified
                recid before displaying new events.

 * log_event_type is now displayed in hex instead of decimal.

 * Added "host" as a non-standard attribute, which displays the
   local hostname with each event if used with the evlview
   command.




_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
evlog-developers mailing list
evlog-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/evlog-developers
[prev in list] [next in list] [prev in thread] [next in thread]