evmget(1) — Commands
NAME
evmget − Retrieves stored events
SYNOPSIS
evmget [-e] [-f filter_expr] [-h hostname[:port_no]]...
OPTIONS
-eTerminates after validating the supplied command parameters. This feature can be used to check the syntax of a filter expression or to verify the ability to establish a remote connection.
-f filter_expr
Outputs only events which match the filter_expr. See the EvmFilter(5) reference page for the syntax of filter_expr.
-h hostname[:port_no]
Attempts to connect to the EVM daemon on the host hostname, rather than to the local daemon.
This option may be repeated to obtain events from several hosts. If the name of the local host is specified, a remote connection is made to the local daemon.
If :port_no is specified, port_no is used for TCP communication with the remote EVM daemon; otherwise, the evm port number found in /etc/services is used. If no entry is found in /etc/services, the reserved default value of 619 is used. The port number must be the same as the portnum specified in the EVM daemon configuration file, /etc/evmdaemon.conf. In most cases, the default should be used.
OPERANDS
None
DESCRIPTION
The evmget command retrieves stored events and outputs them to stdout as EVM events. Events are obtained from a configured set of log files and event channels, using channel-specific retrieval functions as specified in the channel configuration file. Events are output in raw (binary) form, and must be piped through evmshow if display is required.
Because events may be retrieved from more than one source, there is no guarantee that they will be returned in any particular order. Ordering can be controlled by piping the event stream through evmsort.
For security reasons, the ability to make a remote connection for event retrieval is controlled by the setting of remote_connection in the daemon configuration file, /etc/evmdaemon.conf.
RESTRICTIONS
The evmget command rejects attempts to output raw events to a terminal device.
The evmget command will retrieve only events for which the user has access authorization. See evm.auth(4) for details on access authorization.
EXAMPLES
The following example uses evmget to retrieve events and pipes the events through evmshow to display the events.
evmget | evmshow | more
In the following example, all available events are retrieved and piped to evmshow for formatting.
evmget | evmshow -t "@timestamp @@"
This example retrieves only events which have a priority value of at least 500. The raw events are sorted into descending timestamp order and stored in a file.
evmget -f "[priority >= 500]" | evmsort -s @timestamp- > my_eventfile
This example uses a stored filter to retrieve all AdvFS events, sorts them into ascending timestamp order (the default order), and displays them.
evmget -f "@sys:advfs" | evmsort | evmshow -t "@timestamp @@"
This example retrieves events from two remote hosts, sorts them into chronological and hostname order, and displays them.
evmget -f "[priority >= 600]" -h kipper -h sniffer |
evmsort -s "@timestamp:@host_name" |
evmshow -t "@timestamp @host_name%8 @@"
EXIT VALUES
The following exit values are returned:
0Successful completion
not 0An error occurred
FILES
/etc/evmchannel.confLocation of the EVM channel configuration file.
/etc/evmdaemon.conf
Location of the EVM daemon configuration file.
/etc/servicesDefinition of the sockets and protocols used for Internet services.
SEE ALSO
Commands: evmpost(1), evminfo(1), evmshow(1), evmsort(1), evmwatch(1)
Files: evmchannel.conf(4), evmdaemon.conf(4), evmfilterfile(4), services(4)
Event Management: EVM(5)
EVM Events: EvmEvent(5)
Event Filter: EvmFilter(5)