HPE Community
Operating System - HP-UX
1830938 Members
1817 Online
110017 Solutions
New Discussion

Configuring EMS Event Notifications to Appear in Logwatch

 
Andrew Kaplan
Super Advisor

‎08-08-2008 03:15 PM

‎08-08-2008 03:15 PM

Configuring EMS Event Notifications to Appear in Logwatch

Hi there --

I am running a Logwatch server, and one of the 'client' computers is an HP-UX 11.11 system. I would like to have any EMS Event Notifications that appear in the syslog.log file to appear on the Logwatch server. Currently the following types of message are copied over to Logwatch:

# Copy the contents of the syslog file to the syslog server.
*.alert @
*.emerg @
mail.debug @
*.info;mail.none @

The EMS Event notification would look something like this:

Aug 8 13:25:56 cosmos2 EMS [4604]: ------ EMS Event Notification ------ Value: "SERIOUS (4)" for Resource: "/storage/events/tapes/SCSI_tape/0_3_1_0_4_0.11.0.255.0.0.1" (Threshold: >= " 3") Exec
ute the following command to obtain event details: /opt/resmon/bin/resdata -R 301727749 -r /storage/events/tapes/SCSI_tape/0_3_1_0_4_0.11.0.255.0.0.1 -n 301727776 -a

What syntax should I use to get the EMS notification to appear properly in logwatch? Thanks.
~
A Journey In The Quest Of Knowledge
0 Kudos
Reply
1 REPLY 1
Bill Hassell
Honored Contributor

‎08-08-2008 05:34 PM

‎08-08-2008 05:34 PM

Re: Configuring EMS Event Notifications to Appear in Logwatch

> *.alert @
> *.emerg @
> mail.debug @
> *.info;mail.none @

The above example is not very good. All syslog messages have a priority starting at debug and increasing to emerg, like this:

EMERG
ALERT
CRIT
ERR
WARNING
NOTICE
INFO
DEBUG

In syslog.conf, INFO means info priority and all higher importance messages will be logged. So last line:

*.info;mail.none @

will send all messages from INFO all the way up to EMERG to the logwatch server. That makes the the first two lines (*.alert, *.emerg) are redundant. And the third line:

mail.debug @

will send mail logs starting at the DEBUG level. So the above can be simplified to just:

mail.debug @
*.info;mail.none @

So all messages (including EMS) will be sent to the logwatch server.

HOWEVER: Absolutely *NO* spaces are allowed in the syslog.conf file. A space will disable the entire line without comment. And no space between @ and the server name. And the logwatch server must enabled to accept remote syslog messages.

As for EMS, while it does not appear to be documented anywhere, EMS uses the facility LOCAL1. And there are various priority levels with ERR and higher being the priority level for important problems. To send JUST the ERR (and higher) EMS messages, use this line:

local1.err @


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.