Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Connect for Kids

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 69 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       evlnotify  -l | --list

       evlnotify  -a  |  --add  notify-action  [-o | --once-only]
       [-f | --filter filter]  [-p | --persistent]  [-u  |  --uid

       evlnotify  -d | --delete notify-id ...

       evlnotify  -c | --change  new-notify-action  notify-id

       evlnotify  -F | --file cmd-file


       The  evlnotify  command  lets  you  register actions to be
       taken when a specified event occurs. An action (command or
       shell  script)  will be executed on behalf of the user who
       registered it, except if that user is root; root  has  the
       option  of  specifying  an  alternate  user id (other than

       The  default  environment  settings   are   specified   in
       /etc/evlog.d/action_profile, which can be modified only by
       root. The action command, or script, can alter  its  envi­
       ronment. The initial default is as follows:


       A user attempting to issue the evlnotify command must have
       access to at least one of the log files (/var/evlog/event­
       log  or  /var/evlog/privatelog).  In addition to verifying
       that the user has read access to at least one of  the  log
       files,  an additional check is performed using a mechanism
       similar to the crontab command:

       · If the file /etc/evlog.d/action.allow exists,  then  the
         users listed therein can issue this command.

       · Otherwise,  if the file /etc/evlog.d/action.deny exists,
         but the action.allow file does  not  exist,  then  users
         listed  in  /etc/evlog.d/action.deny will not be allowed
         to issue the evlnotify command, and all others  will  be
         allowed to issue the command.

       · If neither the action.allow nor action.deny files exist,
         then all users can issue this command. Note that notifi­
         cations can only be modified or deleted by the users who
              For user ID of root, all  registered  notifications
              will be listed. For all other users, only the noti­
              fications containing a user ID matching that of the
              user  specifying  the  --list  option  will be dis­

       -a, --add notify-action
              Registers notify-action as the command line  to  be
              executed  when an event matching the specified fil­
              ter  is  logged.  The  command  line  may   contain
              %recid%  which  will  be  replaced  by the matching
              event  record  ID.   The  evlactiond  executes  the
              notify-action but does not wait for it to complete.
              This may require making  the  notify-action  script
              re-entrant, depending upon its purpose.

              The  --once-only  option  lets you specify that the
              action is to be performed only once when the  first
              matching  event  occurs.  The  default  is  for the
              action to be performed each time a  matching  event

              The  --persistent  option saves the registration to
              the /etc/evlog.d/action_registry file, so that when
              the  system  reboots,  the persistent registrations
              will be restored.

              The --filter option specifies a filter name or fil­
              ter  (query)  expression.  Only events matching the
              filter will trigger the notify-action. See the evl­
              query  man  page  for  details.   All  event record
              attributes from the  fixed  portion  of  the  event
              record  can  be  specified.  If no filter is speci­
              fied, then every new event received is considered a

              The  --uid  option is only allowed if user is root.
              userid specifies an alternative to root as the user
              id which executes the notify-action.

       -d, --delete notify-id,...
              Removes  each  of  the specified notifications. For
              user ID of root, any registered  notifications  can
              be removed. For all other users, only the notifica­
              tions containing a user ID  matching  that  of  the
              user specifying the --delete option can be deleted.
              The notify-id's that the user is allowed to  delete
              can be viewed with the --list option.

       -c, --change new-notify-action notify-id
              Changes  the  action  to  be  taken  when  an event
              matches the filter with identifier of notify-id  in
              and permissions defined for  the  other   evlnotify
              options.  For  example, a typical entry in the file
              may look like this:

              --add '/etc/mail_sysadm %recid%' --filter 'severity==CRIT'


       Example 1.
              evlnotify -a '/etc/mail_sysadm %recid%' -f 'severity=CRIT' -p

              This example registers  an  action  for  subsequent
              occurrence  of  events  whose severity is critical.
              When   such   an   event   occurs,    the    script
              /etc/mail_sysadm  is executed, and the record ID is
              passed as an argument. An entry is  also  added  to

       Example 2.

              evlnotify --list

              results in:

              1:severity=EMERG:/sbin/evlview -f 'recid=%recid%'
                -o /tmp/emerg_log:root:1:1
              2:severity=CRIT:/home/admin/testscript %recid%:joeusr:0:0

              The  fields  are described above in the description
              of the  --list option. The first item in the  list,
              Notify ID 1, indicates that when an emergency event
              is logged the  /sbin/evlview  command  is  executed
              with options that will cause the event record to be
              appended to the /tmp/emerg_log file.   User  ID  is
              root.  Since  the  "once  only" indicator is set to
              '1,' this action will take  place  only  once.  The
              persistent indicator is set to '1,' which indicates
              that the registration is persistent,  meaning  that
              is     it    read    from    the    action_registry
              (/etc/evlog.d/action_registry)  and   restored   on
              every boot-up.

              Notify ID 2 indicates that when a critical event is
              logged, /home/admin/testscript is  executed.   User
              ID is joeusr.


              Standard Event Log
              Users not allowed to register


       evlquery man page    Filter expression syntax rules

                        14 September 2001             EVLNOTIFY()

An undefined database error occurred. SELECT distinct pages.pagepath,pages.pageid FROM pages, page2command WHERE pages.pageid = page2command.pageid AND commandid =




Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can choose larger fonts by selecting a different themes.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds