Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

What does "EVM daemon: High event activity" mean -- what events?

Stuart Fuller_2
Valued Contributor

What does "EVM daemon: High event activity" mean -- what events?


============================ EVM Log event ===========================
EVM event name: sys.unix.evm.daemon.event_activity

This high priority event is posted by the Event Manager (EVM)
daemon when it detects a high number of events occurring over
several minutes.

Action: Use the event viewer or the evmget(1) command to review the
event log for the source of the activity. If the log does not show
high activity around the time at which this event was posted, it is
likely that the events were low priority, and hence were not
logged. You can monitor low-priority events by running the
evmwatch(1) command with an appropriate filter, or by temporarily
reconfiguring the EVM logger to log low-priority events.

Note: You can change the parameters which control the posting of
this event by modifying the daemon configuration file,
/etc/evmdaemon.conf.

======================================================================

Formatted Message:
EVM daemon: High event activity - exceeds 500 in 10 minutes

Event Data Items:
Event Name : sys.unix.evm.daemon.event_activity
Priority : 600
PID : 203
PPID : 1
Event Id : 71195
Timestamp : 23-Mar-2005 05:58:11
Host IP address : 19.3.200.100
Host Name : pt9500.pcse.poee.ford.com
User Name : root
Format : EVM daemon: High event activity - exceeds $count in
$period minutes
Reference : cat:evmexp.cat:100

Variable Items:
count (INT32) = 500
period (INT32) = 10

======================================================================
7 REPLIES
Venkatesh BL
Honored Contributor

Re: What does "EVM daemon: High event activity" mean -- what events?

From the outset, it seem to refer to some system event that is very frequently repeated. One example would be a CAM error that repeats due to a bad disk sector.

The EVM daemon was configured to report such events. From the information provided, I am not able to see the event in question. Looking at the event logs could provide you with more insight.
Michael Schulte zur Sur
Honored Contributor

Re: What does "EVM daemon: High event activity" mean -- what events?

Hi,

sysman provides a way to view those events.

greetings,

Michael
Mohamed K Ahmed
Trusted Contributor

Re: What does "EVM daemon: High event activity" mean -- what events?

You can also check the binary.errlog file using the diagnose command to find what errors are being reported, use the command dia -R | more and scroll using the space bar.
Also you can check the /var/adm/messages file

Mohamed
Don Ritchey
Frequent Advisor

Re: What does "EVM daemon: High event activity" mean -- what events?

Another avenue to seeing what is going on is to run the 'evmwatch' command to see what is occurring in real-time. The syslog, binary error logs and other logs are often filtered to eliminate low priority events, but I have found that the low priority events that are discarded are often the events causing this message. The following pipeline will show you all messages passing through the EVM subsystem and allow you to see everything, not just the ones that pass through the filters:

evmwatch -A -f "[priority >= 0]" | more

The '-A' flag indicates to filter the output through 'evmshow' to make the binary output of evmwatch readable, and the '-f' filter flag overrides any default filtering to show you everything.

Run this command during the periods when you have been getting the alert messages and see what is triggering them.

Best wishes,

Don
Mark Poeschl_2
Honored Contributor

Re: What does "EVM daemon: High event activity" mean -- what events?

Some of the daemons were made much more "chatty" as far as generating EVM events in recent releases. lpd and cron are particular offenders. I have yet to figure out a way to get them to shut up.
Stuart Fuller_2
Valued Contributor

Re: What does "EVM daemon: High event activity" mean -- what events?

Well, it turns out that for the time period indicated in the original post, there *were* more than 500 events in 10 minutes.

syslogd writes its events to EVM, and for the period immediately preceding the EVM mail message, there were over 8000 messages logged in syslog. The messages were from named (the DNS name server), having to do with our corporate name servers. That's another problem, for another day (since the problem has gone away for now).

Thanks for the responses!
Stuart Fuller_2
Valued Contributor

Re: What does "EVM daemon: High event activity" mean -- what events?

I'm closing this thread, as the solution was indicated in my previous reply.