[prev in list] [next in list] [prev in thread] [next in thread]
List: evlog-developers
Subject: [evlog-dev] [ANNOUNCE] Enterprise Event Logging v1.4.0 is available for i386
From: "Larry Kessler" <lkessler () us ! ibm ! com>
Date: 2002-06-12 14:59:21
[Download RAW message or body]
The project's homepage is http://evlog.sourceforge.net/
A summary of new features:
1. Log Management -- The evlogmgr command provides the ability to
delete events from log file(s) that match user-specified criteria,
compact and truncate log file(s), and manage the overall disk
space required for log file(s). The use of logrotate is no longer
required.
2. Enhanced printk (available only for kernel version 2.4.18):
* For printk() messages written into evlog's kernel event buffer
the source file name, line number, and function name where
printk() was called, as well as the original message, can be
captured in each event record.
* The log_event_type in these event records contains a unique
value computed from the source file name, function name, and
printk() format string. This will help facilitate simple queries
and more straightforward setup of event notification for
specific printk() invocations.
* And finally, the evlview command has a new option, --syslog,
which displays the printk() message from event records in the
typical "syslog" format. For example:
May 30 09:29:42 host-1235 kernel: device ide1(22,0)
These new capabilities offer several possibilities for utilizing
Event Logging's features with existing printk() messages, while
having no impact on the normal operation of syslog.
3. Events with severity of EMER, CRIT and ALERT, and events with
log_facility of AUTHPRIV, are fdatasync-ed (committed to physical
disk) before event notification is sent.
4. Added fflush(stdout) when "evlview -n > file" option is used.
Previously, buffered events were not committed to the file if the
user does ctrl-c. Also, a change was made for "evlview -n" so
that it would not terminate when the new evlogmgr command was
executed.
5. Two new log_flags values in the event record:
EVL_INTERRUPT (0x10) - Indicates that the event was logged from
interrupt context.
EVL_PRINTK_MESSAGE (0x20) - indicates that event was originally
written with the printk() function. The log_facility will
always be LOG_KERN for this event type.
6. Changes / additions to the evlview command:
* Added the following options to the evlview command:
-N | --newlines Specifies the exact number of newlines
between events.
-p | --private Specifies viewing of events from the
private log file
-d | --datefmt Provides custom date formatting using
the strftime() function
-m | --syslog See item (2) above for details
-R | --recid Optional with the --new option. Specifies the
displaying of events from the log file with record
ids greater than or equal to the specified
recid before displaying new events.
* log_event_type is now displayed in hex instead of decimal.
* Added "host" as a non-standard attribute, which displays the
local hostname with each event if used with the evlview
command.
_______________________________________________________________
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
evlog-developers mailing list
evlog-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/evlog-developers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic