EMS Manual
Compiled Filters
EMS Manual—426909-005
5-2
Introduction to the Filter Language
Source of Event Messages
The collector or distributor executes the filter from the beginning for each event
message that it reads. The collector or distributor reads messages sequentially from its
event message source. Event messages are sent from subsystems to primary and
alternate collectors by WRITE or WRITEREAD procedures. For distributors, the event
message source is either a saved log file or the log files of one or more collectors. The
messages are arranged in the source in the order that they were logged. If more than
one collector is used as a message source for a distributor filter, the messages are
merged in log-time order and examined by the filter one by one.
Operations Not Controlled by the Distributor Filter
You must control the distributor to manage these aspects of message examination,
which are closely linked to filter operation:
The source of event messages, whether collector log-files or a saved log-file
The position in the event-message source of the first message to be examined by
the filter
The destination of event messages that have passed the filter or what processing
those messages undergo
For more information on start-up options for a distributor, see Section 13, EMS
Programs. For information on how to control a distributor programmatically, see
Section 17, Distributor Commands and Responses.
Introduction to the Filter Language
The filter language that is used to construct compiled filters provides features to
examine and compare message tokens and their values.
Filter Language Features
Filter parameters, which let you defer specification of token values until the filter is
loaded
A MATCH function, which determines whether a value in the message matches a
pattern; the pattern can include wild-card characters
PASS and FAIL statements, which select or reject the event message that the filter
is currently examining
An interface to TACL, which provides two advantages:
You do not need to declare the names of tokens in the filter; names of tokens
for NonStop Kernel subsystems are defined in standard definition files, which
you make available to the compiler. Many other definitions, for user
subsystems as well as NonStop Kernel subsystems, are available in the same
way.