evmdaemon.conf(4)evmdaemon.conf(4)NAMEevmdaemon.conf - EVM daemon configuration file
SYNOPSIS
authentdir directory sourcedir directory authtimeout
time_seconds synctimeout time_seconds portnum
port_number start_sync command remote_connection bool_par
max_msg_size message_size filterdir filter_dir
activity_monitor {
name detector
period detect_period
threshold detect_thold
holdoff detect_delay
}
service {
name service_name
command service_command
}
DESCRIPTION
The Event Manager (EVM) daemon configuration file, evmdaemon.conf, is a
text file that contains commands used to configure and start the Event
Manager. Any portion of a line from an unquoted number sign (#) to the
end of line is a comment. Blank lines are ignored. The following com‐
mands are recognized: Names the directory that is used to hold tempo‐
rary authentication files. The default is /var/evm/shared. Names the
root of the directory structure that should be searched for event tem‐
plate files. The default is /usr/share/evm/templates. Time to wait
for a newly established client to respond to an authentication request.
The default is 10 seconds. Time within which a synchronized client
must achieve synchronization completing a connection request and sub‐
scribing for events. The default is 30 seconds. The port number for
TCP communication with remote clients. If not specified, the evm port
number found in /etc/services is used if present; otherwise the
reserved default value of 619 is used. The complete command line for
programs that should be started as synchronized clients when the daemon
starts. This command should be enclosed in double quotation marks (").
Determines the permission for connections through a remote TCP port. If
bool_par evaluates to TRUE, remote connection is permitted. The
default is not permitted. The bool_par parameter should be True or
False.
Note
Only enable remote access if your system is running in a fully
secure environment. See the System Administration guide for
event management security considerations. The maximum number of
bytes the daemon will accept from any connection in a single
message. If a client attempts to send a message that is longer
than the specified size, the daemon immediately terminates the
connection without reading the message. This keyword can be used
to limit the sizes of events that can be posted, to prevent the
daemon from consuming excessive amounts of memory or CPU time by
handling very large events.
Note
Setting this value too low may prevent normal system events from
being posted.
If this keyword is not specified, a default value of 2 Mbytes is
used. If the keyword is specified and the supplied value is
less than 200 Kbytes or greater than 10 Mbytes, it is set auto‐
matically to the closest of those values.
The daemon accepts messages up to 200 bytes longer than the
specified size to allow for communication protocol overhead. A
colon-separated list of directories to be searched for filter
files in place of the standard locations. If specified, the dae‐
mon uses this value internally to evaluate filter strings that
reference pre-created filter files, and also passes it to ser‐
vice programs such as the event retrieval service program,
evmget_srv, by exporting the environment variable EVM_FILTERDIR.
This makes the path available to the event channels' get-func‐
tion scripts. The default value for this keyword is
/usr/share/evm/filters. See evmfilterfile(4) for more informa‐
tion.
If this keyword is not specified, a default value of 2 Mbytes is
used. If the keyword is specified and the supplied value is
less than 200 Kbytes or greater than 10 Mbytes, it is set auto‐
matically to the closest of those values.
The daemon accepts messages up to 200 bytes longer than the
specified size to allow for communication protocol overhead. A
parameter group that controls a daemon event monitoring facil‐
ity. An activity_monitor definition consists of: The type of
detector controlled by the group parameters. The size, in min‐
utes, of a periodically sliding time window over which events
will be counted. The number of events that will activate the
monitor if counted in period. The time delay, in minutes, after
activation of the activity monitor occurs before monitoring is
resumed. The evmreload command will reset the delay. Defines
services that are available through the daemon. A service defi‐
nition consists of the name of the service and the command line
that will be invoked when this service is requested. User-
defined services are not currently supported.
A service definition consists of: The name given to the service.
The command to be invoked when this service is requested. This
command should be enclosed in double quotation marks (").
The keywords described may be entered in a case-insensitive manner.
The allowable strings and the minimum number of characters is shown in
the following table. A minimum of zero (0) indicates that all charac‐
ters are required.
────────────────────────────
Keyword Minimum
────────────────────────────
activity_monitor 0
authtimeout 8
command 4
filterdir 7
holdoff 0
max_msg_size 7
name 0
period 0
portnum 4
remote_connection 0
service 7
sourcedir 7
start_sync 0
synctimeout 8
threshold 0
────────────────────────────
The activity monitor detectors recognized, and the action taken when
the monitor is activated are the following:
───────────────────────────────────────────────────
Detector Action
───────────────────────────────────────────────────
event_count post an event to alert the system
administrator
───────────────────────────────────────────────────
EXAMPLES
This is an example of an EVM daemon configuration file that does the
following: Specifies that event templates are found in the directory
/usr/share/evm/templates. Starts the EVM Logger and the EVM Channel
Manager as synchronized clients when the daemon is started. Defines a
service available through the EVM daemon. Establishes an activity mon‐
itor that will alert the system administrator if 500 events occur in
any 10 minute span. Once the system administrator has been alerted,
the activity monitor will remain dormant for four hours. Disables con‐
nections from remote hosts.
# Event template directory: sourcedir "/usr/share/evm/templates"
# Start the EVM Logger as a synchronized client: start_sync
"/usr/sbin/evmlogger \
-o /var/run/evmlogger.info \
-l /var/evm/adm/logfiles/evmlogger.log"
# Start the EVM Channel Manager as a synchronized client: start_sync
"/usr/sbin/evmchmgr \
-l /var/evm/adm/logfiles/evmchmgr.log"
# Event retrieval service definition: service { name
event_get
command "/usr/sbin/evmget_srv"
}
# Set up an activity monitor. activity_monitor {
name event_count # currently the only supported monitor
period 10 # count over a 10 minute period
threshold 500 # perform action after 500 events
holdoff 240 # wait 4 hours before resuming }
# Disable remote communication (set following to "true" to enable)
remote_connection false
FILES
Location of the EVM authorization file. Location of the EVM daemon
configuration file. Definition of the sockets and protocols used for
Internet services.
SEE ALSO
Commands: evmd(8), evmreload(8)
Files: evmfilterfile(4), services(4)
Event Management: EVM(5)
System Administration
evmdaemon.conf(4)