!++ ! ! HELP FILE for System Event Analyzer ! !Copyright 1999-2004 Hewlett-Packard Company ! !Confidential computer software. Valid license from !Hewlett-Packard required for possession, use or copying. !Consistent with FAR 12.211 and 12.212, Commercial Computer !Software, Computer Software Documentation, and Technical !Data for Commercial Items are licensed to the U.S. Government !under vendor's standard commercial license. ! !-- 1 WSEA $ WSEA System Event Analyzer (SEA) is a fault analysis utility designed to provide analysis for single error/fault events, as well as multiple event and complex analysis. SEA provides system analysis that uses other error/fault data sources in addition to the traditional binary error log. SEA provides background automatic analysis by monitoring the active binary error log and processing events as they occur. The events in the binary error log file are checked against the analysis rules. If one or more of the events in the binary error log file meets the conditions specified in the rules, the analysis engine collects the error data and creates a problem report containing a description of the problem and any corrective actions required. Once the problem report is created, it is distributed in accordance with the customer's notification preferences. SEA provides the following functionality: o Analysis Processes binary event logs according to the registered rules and produces problem reports. o Translation Translate the events in a binary log file to ASCII text. o Summary Provide information about the type and number of events contained in a log file. o Log File Creation Filters the events in a binary log file and creates a new log file with the events that matched the filter criteria. o Rule Sets View the registered rule sets and add or remove them as necessary. o Service Obligations View and override service obligation information. o Notification Support system initiated call logging. Commands are formed using the SEA prefix followed by a syntax designator, if necessary, and one of the valid command verbs. The subtopics listed here indicate the command syntax in parentheses after the command name (if no command syntax is indicated then the command is syntax independent, and does not require a syntax designator). Additional information can be found on the Service Tools web site at the following URL: http://h18000.www1.hp.com/support/svctools/ 2 Syntax_Designator The syntax designator indicates which command syntax you are using. The valid syntax designators are as follows: n - New Common Syntax x - Old Common Syntax v - VMS DECevent Emulator You only need to include syntax designator in a command if the command does not use the default syntax. On installation, the new common syntax is set as the default. However, you can change the default using the SYNTAX command. Note: Changes to the default syntax affect all users on the system. In order to ensure that commands are processed correctly, it is recommended that you include a syntax designator with all commands that support multiple syntaxes. 2 SYNTAX (Syntax independent command that never includes a syntax designator) The SYNTAX command shows the current default syntax or changes the default syntax for CLI commands. Once you have changed the default, you no longer need to include a syntax designator for commands that use the chosen syntax. $ WSEA SYNTAX [syntax_designator] To show the default syntax enter the command without any modifiers. To change the default syntax, include the designator that indicates the desired default with the command. Be aware that commands with only one form do not use a syntax designator, regardless of the current default syntax. 3 Syntax_Designator The syntax designator indicates the command syntax you want to set as the default. The valid syntax designators are as follows: o N - New Common Syntax o X - Old Common Syntax o V - VMS DECevent Emulator 3 Examples $ WSEA SYNTAX Shows the current default command syntax. $ WSEA SYNTAX V Sets the VMS DECevent emulator as default command syntax. 2 LOG (Syntax independent command that never includes a syntax designator) Logs the problem reports generated by automatic analysis to the PROB.LOG file located in the LOGS directory. Logging output is flushed and the file is closed after each entry. $ WSEA LOG PROB [ON | OFF] 3 ON Turns on logging for automatic analysis. If the PROB.LOG file does not already exist, it is created. Otherwise, new entries are appended to the end of the file. 3 OFF Turns off logging for automatic analysis. 3 Examples $ WSEA LOG PROB ON Turns on logging for automatic analysis. $ WSEA LOG PROB OFF Turns off logging for automatic analysis. 2 REPORT (Syntax independent command that never includes a syntax designator) Displays any problem reports generated by automatic analysis on the screen or sends the results to a file. $ WSEA REPORT [OUTHTML | OUTTEXT ] output_file: o The name of the file where you want to save generated problem reports. If no output file is specified, any generated problem reports are shown on the screen. 3 Output_File The following conventions apply when specifying an output file: o Use the OUTHTML modifier to create output files in .HTML format. o Use the OUTTEXT modifier to create output files in plain text format. o The output file is created in the current directory unless you specify a different directory path. 3 Examples $ WSEA REPORT OUTTEXT AUTOANALYZE.TXT Saves the problem reports generated by automatic analysis to the file AUTOANALYZE.TXT. 2 SICL (Syntax independent command that never includes a syntax designator) When SEA generates a problem report, the report can be automatically routed to your service provider using DSNLink. This process is called System Initiated Call Logging (SICL). Be aware that you must have DSNLink installed and configured in order to use SICL with SEA. $ WSEA SICL [ON | OFF] Note: The enabling and disabling of SICL using DSNlink has changed from WSEA SICL [ON|OFF] to DESTA SICL [ON|OFF]. Please use the DESTA syntax and update any scripts that refer to the WSEA SICL command before this is completely phased out in a future release. 3 ON Turns on DSNLink-based automatic notification. 3 OFF Turns off DSNLink-based automatic notification. 3 Examples $ WSEA SICL ON Turns on SICL. $ WSEA SICL OFF Turns off SICL. 2 ANA(N) (New Common Syntax) The ANA command processes a binary event log according to the registered rule sets and displays any problem reports that result. Problem reports are generated when a event or events from the log file correspond to a rule that produces a callout. $ WSEA N ANA [INPUT ] [OUT | OUTHTML ] input_file: o The name of the binary log file you want to analyze. If no input file is specified, the binary system event log is processed. output_file: o The name of the file where you want to save generated problem reports. If no output file is specified, any generated problem reports are shown on the screen. If you are specifying both a input file and an output file, the input file information must preceed the output file information. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with commas. o The wildcard character (*) can be used to specify files. 3 Output_File The following conventions apply when specifying an output file: o Use the OUTHTML modifier to create output files in .HTML format. o Use the OUT modifier to create output files in plain text format. o The output file is created in the current directory unless you specify a different directory path. 3 Examples $ WSEA N ANA INPUT [.COMMON.CA.EXAMPLES]HSCIR1.ZPD OUT REPORT.TXT Analyzes the file HSCIR1.ZPD and saves the results in a text file named REPORT.TXT. $ WSEA N ANA INPUT [.COMMON.CA.EXAMPLES]*.SYS OUTHTML HTMLREPORT.HTML Analyzes all the files with a .SYS extension in the examples directory and saves the problem reports to a HTML file named HTMLREPORT.HTML. 2 AUT(N) (New Common Syntax) Turns automatic event processing (autoanalysis) on or off. $ WSEA N AUT [ON | OFF] 3 ON Turns on automatic event processing. 3 OFF Turns off automatic event processing. 3 Examples $ WSEA N AUT ON Turns on autoanalysis. $ WSEA N AUT OFF Turns off autoanalysis. 2 BIN(N) (New Common Syntax) Creates a new binary log file from a subset of the events in an existing log file. The BIN command compares the events in a log file to a filter statement. Any events that match the filter criteria are added to a new log file. You must specify both a input file and a output file with the BIN command. $ WSEA N BIN INPUT OUT [] [SKIPCONFIG] input_file: o The name of the original binary event log. output_file: o The name of the new binary event log. You must specify a single output file. filter_statement: o The criteria used to select events from the input file. If you do not specify a filter statement, all the events in the input_file are added to the output_file. 3 Filter_Statement Filter statements contain the following components: o Filter Parameter: The type of information you want to filter. o Value: What information must be present in a event in order for it to match the filter. The available parameters are shown here along with their meaning. o NODE= Filters based on the node responsible for the event. o BEGIN= Filters based on when the event occurred. Events that occurred before the given time are not processed. o END= Filters based on when the event occurred. Events that occurred after the given time are not processed. o SINCE= Filters based on when the event occurred. Events that occurred before the given time are not processed. o INCLUDE= Filters based on event type. You must use one of the supported keywords in conjunction with this filter. o EXCLUDE= Filters based on event type. You must use one of the supported keywords in conjunction with this filter. o INDEX= Filters based on the events position in the log file. o REVERSE Processes events in reverse order. Keep the following guidelines in mind when creating a filter: o Multiple filters in the same command are separated by an ampersand (&). o When you enter a date and time stream, you can use any date format that is recognized by Java. The following is an example of an acceptable format: dd-mmm-yyyy[,hh:mm:ss] The entire time string (hh:mm:ss) is optional. o You can use the YESTERDAY and TODAY keywords in conjunction with a date-based filter. o You can enter a relative date. For example, entering -3 indicates events from the last three days. o You can specify a range of values for the INDEX filter using the following syntax: INDEX=(START:nn,END:nn) o The following keywords are supported by the INCLUDE and EXCLUDE filters: o o MCHK All machine check events. o o MCHK_SYS All system machine checks. o o MCHK_CPU All cpu machine checks. o o MCHK_ENV All environmental machine checks. o o MCHK_CORR Correctable machine checks. o o MCHK_UNCORR Uncorrectable machine checks. 3 SKIPCONFIG Prevents configuration entries from being added to the output file. 3 Examples $ WSEA N BIN INPUT [.COMMON.CA.EXAMPLES]HSCIR1.ZPD OUT NEWLOG.SYS INDEX=(START:10) Processes the events in the file HSCIR1.ZPD and adds all the events after the first ten to a log file named NEWLOG.SYS $ WSEA N BIN INPUT [.COMMON.CA.EXAMPLES]DS20.ERRLOG OUT NEWLOG.SYS ENTRY_TYPE=MCHK & BEGIN=4-APR-2000 Processes the events in the file DS20.ERRLOG and adds all the machine check events that occurred after 4 April 2000 to a log file named NEWLOG.SYS. 2 HELP(N) (New Common Syntax) Displays online help for SEA. $ WSEA N HELP 3 Examples $ WSEA N HELP Shows the SEA command line help. 2 LIS(N) (New Common Syntax) Lists the registered rule sets along with their version. $ WSEA N LIS 3 Examples $ WSEA N LIS Lists the rule sets registered for the system you are logged into. 2 REG(N) Registers analysis rule sets. Registered rule sets are used by analysis to process events. You can either specify rule sets or work with the default files. If you do not use any of the optional modifiers, all the default rule sets are registered. $ WSEA N REG $ WSEA N REG rule_set: o The name of the rule set you want to register. 3 Rule_Set The name of the rule set you want to register. The following guidelines apply when specifying rule sets: o If you do not use any arguments, all the default rule sets are registered. o The wildcard character (*) can be used to specify multiple filenames. 3 Examples $ WSEA N REG DS10 Registers the DS10 rule set. $ WSEA N REG Registers the default rule sets. 2 RES(N) (New Common Syntax) The RES (RESET) command resets the automatic analysis database. This erases active callouts and stored analysis data (such as thresholding information). Configuration and scavenging information are both retained. Be aware that using this command may impact the results of future analysis. $ WSEA N RES 3 Examples $ WSEA N RES Resests the automatic analysis database. 2 STA(N) (New Common Syntax) The STA (STATUS) command displays the version of SEA along with the status of the service obligation and SICL. $ WSEA N STA Examples $ WSEA N STA Displays information about SEA. 2 SUM(N) (New Common Syntax) The SUM command shows a summary of the number of events contained in a log file and their type. The output is shown on the screen and can be formatted in two different ways. If you do not use any modifiers, the output shows the number of each type of event. $ WSEA N SUM [INDEX] [INPUT ] [OUT | OUTHTML ] [] input_file: o The name of the binary log file whose contents you want to see. If no input file is specified, the binary system event log is processed. output_file: o The name of the file where you want to save the summary. If no output file is specified, the summary is shown on the screen. filter_statement: o The criteria used to select events from the input file. 3 INDEX Displays a summary of the events in a log file along with their location in the file. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 Filter_Statement Filter statements contain the following components: o Filter Parameter: The type of information you want to filter. o Operator: The type of comparison. o Value: What information must be present in a event in order for it to match the filter. The available parameters are shown here along with their meaning. o NODE= Filters based on the node responsible for the event. o BEGIN= Filters based on when the event occurred. Events that occurred before the given time are not processed. o END= Filters based on when the event occurred. Events that occurred after the given time are not processed. o SINCE= Filters based on when the event occurred. Events that occurred before the given time are not processed. o INCLUDE= Filters based on event type. You must use one of the supported keywords in conjunction with this filter. o EXCLUDE= Filters based on event type. You must use one of the supported keywords in conjunction with this filter. o INDEX= Filters based on the events position in the log file. o REVERSE Processes events in reverse order. Keep the following guidelines in mind when creating a filter: o Multiple filters in the same command are separated by an ampersand (&). o When you enter a date and time stream, you can use any date format that is recognized by Java. The following is an example of an acceptable format: dd-mmm-yyyy[,hh:mm:ss] The entire time string (hh:mm:ss) is optional. o You can use the YESTERDAY and TODAY keywords in conjunction with a date-based filter. o You can enter a relative date. For example, entering -3 indicates events from the last three days. o You can specify a range of values for the INDEX filter using the following syntax: INDEX=(START:nn,END:nn) o The following keywords are supported by the INCLUDE and EXCLUDE filters: o o MCHK All machine check events. o o MCHK_SYS All system machine checks. o o MCHK_CPU All cpu machine checks. o o MCHK_ENV All environmental machine checks. o o MCHK_CORR Correctable machine checks. o o MCHK_UNCORR Uncorrectable machine checks. 3 Examples $ WSEA N SUM INCLUDE=MCHK Shows a tallied report of the machine check events in the system event log. $ WSEA N SUM INDEX INPUT [.COMMON.CA.EXAMPLES]DS20.ERRLOG Shows a indexed report of the events in the DS20.ERRLOG file. 2 TES(N) (New Common Syntax) The TES (TEST) command sends a test event to the system's error log which is then analyzed. The results of analysis are then distributed using the current notification procedures. $ WSEA N TES [NOSYSTEM] 3 NOSYSTEM The NOSYSTEM option sends a test event directly to SEA, bypassing the system error log. 3 Examples $ WSEA N TES Sends a test event to the system error log for analysis. $ WSEA N TES NOSYSTEM Sends a test event directly to SEA. 2 TRA(N) (New Common Syntax) Translates the events in a binary file to ASCII text. By default all the events in the system event log file are translated. $ WSEA N TRA [INPUT ] [OUT | OUTHTML ] [] [BRIEF | FULL] input_file: o The name of the binary log file you want to analyze. If no input file is specified, the binary system event log is processed. output_file: o The name of the file where you want to save translated events. If no output file is specified, the translated events are shown on the screen. The OUTTEXT option creates text output and the OUTHTML option creates HTML output. filter_statement: o The criteria used to select events from the input file. If you do not specify a filter statement, all the events in the input_file are translated. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 Output_File The following conventions apply when specifying an output file: o Use the OUTHTML modifier to create output files in .HTML format. o Use the OUT modifier to create output files in plain text format. o The output file is created in the current directory unless you specify a different directory path. 3 Filter_Statement Filter statements contain the following components: o Filter Parameter: The type of information you want to filter. o Operator: The type of comparison. o Value: What information must be present in a event in order for it to match the filter. The available parameters are shown here along with their meaning. o NODE= Filters based on the node responsible for the event. o BEGIN= Filters based on when the event occurred. Events that occurred before the given time are not processed. o END= Filters based on when the event occurred. Events that occurred after the given time are not processed. o SINCE= Filters based on when the event occurred. Events that occurred before the given time are not processed. o INCLUDE= Filters based on event type. You must use one of the supported keywords in conjunction with this filter. o EXCLUDE= Filters based on event type. You must use one of the supported keywords in conjunction with this filter. o INDEX= Filters based on the events position in the log file. o REVERSE Processes events in reverse order. Keep the following guidelines in mind when creating a filter: o Multiple filters in the same command are separated by an ampersand (&). o When you enter a date and time stream, you can use any date format that is recognized by Java. The following is an example of an acceptable format: dd-mmm-yyyy[,hh:mm:ss] The entire time string (hh:mm:ss) is optional. o You can use the YESTERDAY and TODAY keywords in conjunction with a date-based filter. o You can enter a relative date. For example, entering -3 indicates events from the last three days. o You can specify a range of values for the INDEX filter using the following syntax: INDEX=(START:nn,END:nn) o The following keywords are supported by the INCLUDE and EXCLUDE filters: o o MCHK All machine check events. o o MCHK_SYS All system machine checks. o o MCHK_CPU All cpu machine checks. o o MCHK_ENV All environmental machine checks. o o MCHK_CORR Correctable machine checks. o o MCHK_UNCORR Uncorrectable machine checks. 3 BRIEF Generates brief output, rather than the full translation output. 3 FULL Generates full translation output. This is the default output setting. 3 Examples $ WSEA N TRA OUTHTML SYSLOG.HTML Translates the events in the system event log and saves the results in a file named SYSLOG.HTML. $ WSEA N TRA INPUT [.COMMON.CA.EXAMPLES]DS20.ERRLOG OUTTEXT SYSLOG.TXT EXCLUDE=MCHK_CORR Translates the all events in the file DS20.ERRLOG except for the correctable machine check events. The results are saved in a file named SYSLOG.TXT. $ WSEA N TRA NODE=MYCOMPUTER & INDEX=10 BRIEF Translates the tenth event from the system event log on the machine named MYCOMPUTER. The brief output is displayed on the screen. 2 UNR(N) (New Common Syntax) Unregisters rule sets so they are no longer used by analysis to process events. You can either specify rule sets or work with the default files. If you do not use any of the optional modifiers, all the default rule sets are unregistered. $ WSEA N UNR $ WSEA N UNR rule_set: o The name of the rule set you want to unregister. 3 Rule_Set The name of the rule set you want to unregister. The following guidelines apply when specifying rule sets: o If you do not use any arguments, all the default rule sets are registered. o The wildcard character (*) can be used to specify multiple filenames. 3 Examples $ WSEA N UNR DS10 Unregisters the DS10 rule set $ WSEA N UNR Unregisters the default rule sets. 2 ANALYZE(X) (Old Common Syntax) The ANALYZE command processes a binary event log according to the registered rule sets and displays any problem reports that result. Problem reports are generated when a event or events from the log file correspond to a rule that produces a callout. $ WSEA X ANALYZE [] [OUTTEXT | OUTHTML ] input_file: o The name of the binary log file you want to analyze. If no input file is specified, the binary system event log is processed. output_file: o The name of the file where you want to save generated problem reports. If no output file is specified, any generated problem reports are shown on the screen. If you are specifying both a input file and an output file, the input file information must preceed the output file information. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 Output_File The following conventions apply when specifying an output file: o Use the OUTHTML modifier to create output files in .HTML format. o Use the OUTTEXT modifier to create output files in plain text format. o The output file is created in the current directory unless you specify a different directory path. 3 Examples $ WSEA X ANALYZE [.COMMON.CA.EXAMPLES]HSCIR1.ZPD OUTTEXT REPORT.TXT Analyzes the file HSCIR1.ZPD and saves the results in a text file named REPORT.TXT. $ WSEA X ANALYZE [.COMMON.CA.EXAMPLES]*.SYS OUTHTML HTMLREPORT.HTML Analyzes all the files with a .SYS extension in the examples directory and saves the problem reports to a HTML file named HTMLREPORT.HTML. 2 FILTERLOG(X) (Old Common Syntax) Creates a new binary log file from a subset of the events in an existing log file. The FILTERLOG command compares the events in a log file to a filter statement. Any events that match the filter criteria are added to a new log file. You must specify both a input file and a output file with the FILTERLOG command. $ WSEA X FILTERLOG [<"filter_statement">] [SKIPCONFIG] input_file: o The name of the original binary event log. output_file: o The name of the new binary event log. You must specify a single output file. filter_statement: o The criteria used to select events from the input file. The filter statement must be enclosed in quotation marks. If you do not specify a filter statement, all the events in the input_file are added to the output_file. 3 Filter_Statement Filter statements contain the following components: o Filter Parameter: The type of information you want to filter. o Operator: The type of comparison. o Value: What information must be present in a event in order for it to match the filter. The available parameters are shown here along with their abbreviated name, their valid operators, and their meaning. o COMPUTER_NAME (CN) =, != Filters based on the node responsible for the event. o DATE_TIME_BEGIN (DTB) = Filters based on when the event occurred. Events that occurred before the given time are not processed. o DATE_TIME_END (DTE) = Filters based on when the event occurred. Events that occurred after the given time are not processed. o REL_TIME_DAYS_BEGIN (RTDB) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred after the given number of days from the first event are processed. o REL_TIME_DAYS_END (RTDE) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred within the given number of days from the first event are processed. o REL_TIME_HOURS_BEGIN (RTHB) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred after the given number of hours from the first event are processed. o REL_TIME_HOURS_END (RTDE) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred within the given number of hours from the first event are processed. o ENTRY_TYPE (ET) =, !=, <, > Filters based on the numeric entry type of the event. o OS_TYPE (OST) =, != Filters based on the numeric identifier for the node's operating system. o EVENT_INDEX (IDX) =, !=, <, > Filters based on the events position in the log file. o SORT = Organizes the output. Keep the following guidelines in mind when creating a filter: o Filtering statements need to be enclosed in quotes. o The parameters are not case sensitive. o The abbreviations can be used instead of typing the full parameter name. o Multiple values for the = and != operators should be delimited by commas. The date and sort filters do not support multiple values. o Multiple filters in the same command are separated by an ampersand (&). o The argument of the COMPUTER_NAME filter is case sensitive. o When you enter a date and time stream, you can use any date format that is recognized by Java. The following is an example of an acceptable format: dd-mmm-yyyy[,hh:mm:ss] The entire time string (hh:mm:ss) is optional. o You may either type values for the EVENT_TYPE filter directly or use one of the following keywords: o o MCHK-ALL All machine check events. o o MCHK All machine check events. o o MCHK-SYS All system machine checks. o o MCHK-CPU All cpu machine checks. o o MCHK-ENV All environmental machine checks. o The SORT filter supports the following keywords: o o ENTRY Orders output from the lowest entry type number to the highest. o o REVENTRY Orders output from the highest entry type number to the lowest. o o TIME Sorts output in chronological order. o o REVTIME Sorts output in reverse chronological order. o o IDX Orders output from the lowest entry number to the highest. o o REVIDX Orders output from the highest entry number to the lowest. 3 SKIPCONFIG Do not process configuration entries in the input file. 3 Examples $ WSEA X FILTERLOG [.COMMON.CA.EXAMPLES]HSCIR1.ZPD NEWLOG.SYS "IDX>10" Processes the events in the file HSCIR1.ZPD and adds all the events after the first ten to a log file named NEWLOG.SYS $ WSEA X FILTERLOG [.COMMON.CA.EXAMPLES]DS20.ERRLOG NEWLOG.SYS "ENTRY_TYPE=660 & DTB=4-APR-2000" Processes the events in the file DS20.ERRLOG and adds all the events that have a type of 660 and occurred after 4 April 2000 to a log file named NEWLOG.SYS. 2 HELP(X) (Old Common Syntax) Displays online help for SEA. $ WSEA X HELP 3 Examples $ WSEA X HELP Shows the SEA command line help. 2 LISTRK(X) (Old Common Syntax) Lists the registered rule sets along with their version. $ WSEA X LISTRK 3 Examples $ WSEA X LISTRK Lists the rule sets registered for the system you are logged into. 2 REGKNW(X) (Old Common Syntax) Registers or unregisters rule sets. Registered rule sets are used by analysis to process events. You can either specify rule sets or work with the default rules. If you do not use any of the optional modifiers, all the default rule sets are registered. $ WSEA X REGKNW $ WSEA X REGKNW [R | U ] rule_set: o The name of the rule set you want to register or unregister. 3 R Registers rule sets. If you do not specify a rule set, all the default rule sets are registered. Files that are already registered are skipped. 3 U Unregisters rule sets specified. 3 Rule_Set The name of the rule set you want to register or unregister. The following guidelines apply when specifying rule sets: o If you do not use any arguments, all the default rule sets are registered. o The wildcard character (*) can be used to specify multiple filenames. 3 Examples $ WSEA X REGKNW R DS10 Registers the DS10 rule set. $ WSEA X REGKNW U DS10 Unregisters the DS10 rule set. 2 SUMM(X) (Old Common Syntax) The SUMM command shows a summary of the number of events contained in a log file and their type. The output is shown on the screen and can be formatted in two different ways. If you do not use any modifiers, the output shows the number of each type of event. $ WSEA X SUMM [INDEX] [] input_file: o The name of the binary log file whose contents you want to see. If no input file is specified, the binary system event log is processed. 3 INDEX Displays a summary of the events in a log file along with their location in the file. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 Examples $ WSEA X SUMM Shows a tallied report of the events in the system event log. $ WSEA X SUMM INDEX [.COMMON.CA.EXAMPLES]DS20.ERRLOG Shows a indexed report of the events in the DS20.ERRLOG file. 2 TRANS(X) (Old Common Syntax) Translates the events in a binary file to ASCII text. By default all the events in the system event log file are translated. $ WSEA X TRANS [] [OUTTEXT | OUTHTML ] [FILTER <"filter_statement">] [BRIEF | FULL] input_file: o The name of the binary log file you want to analyze. If no input file is specified, the binary system event log is processed. output_file: o The name of the file where you want to save translated events. If no output file is specified, the translated events are shown on the screen. The OUTTEXT option creates text output and the OUTHTML option creates HTML output. filter_statement: o The criteria used to select events from the input file. The filter statement must be enclosed in quotation marks. If you do not specify a filter statement, all the events in the input_file are translated. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 Output_File The following conventions apply when specifying an output file: o Use the OUTHTML modifier to create output files in .HTML format. o Use the OUTTEXT modifier to create output files in plain text format. o The output file is created in the current directory unless you specify a different directory path. 3 Filter_Statement Filter statements contain the following components: o Filter Parameter: The type of information you want to filter. o Operator: The type of comparison. o Value: What information must be present in a event in order for it to match the filter. The available parameters are shown here along with their abbreviated name, their valid operators, and their meaning. o COMPUTER_NAME (CN) =, != Filters based on the node responsible for the event. o DATE_TIME_BEGIN (DTB) = Filters based on when the event occurred. Events that occurred before the given time are not processed. o DATE_TIME_END (DTE) = Filters based on when the event occurred. Events that occurred after the given time are not processed. o REL_TIME_DAYS_BEGIN (RTDB) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred after the given number of days from the first event are processed. o REL_TIME_DAYS_END (RTDE) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred within the given number of days from the first event are processed. o REL_TIME_HOURS_BEGIN (RTHB) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred after the given number of hours from the first event are processed. o REL_TIME_HOURS_END (RTDE) = Filters based on the time the event occurred relative to the time the first event in the log file occurred. Events that occurred within the given number of hours from the first event are processed. o ENTRY_TYPE (ET) =, !=, <, > Filters based on the numeric entry type of the event. o OS_TYPE (OST) =, != Filters based on the numeric identifier for the node's operating system. o EVENT_INDEX (IDX) =, !=, <, > Filters based on the events position in the log file. o SORT = Organizes the output. Keep the following guidelines in mind when creating a filter: o Filtering statements need to be enclosed in quotes. o The parameters are not case sensitive. o The abbreviations can be used instead of typing the full parameter name. o Multiple values for the = and != operators should be delimited by commas. The date and sort filters do not support multiple values. o Multiple filters in the same command are separated by an ampersand (&). o The argument of the COMPUTER_NAME filter is case sensitive. o When you enter a date and time stream, you can use any date format that is recognized by Java. The following is an example of an acceptable format: dd-mmm-yyyy[,hh:mm:ss] The entire time string (hh:mm:ss) is optional. o You may either type values for the EVENT_TYPE filter directly or use one of the following keywords: o o MCHK-ALL All machine check events. o o MCHK All machine check events. o o MCHK-SYS All system machine checks. o o MCHK-CPU All cpu machine checks. o o MCHK-ENV All environmental machine checks. o The SORT filter supports the following keywords: o o ENTRY Orders output from the lowest entry type number to the highest. o o REVENTRY Orders output from the highest entry type number to the lowest. o o TIME Sorts output in chronological order. o o REVTIME Sorts output in reverse chronological order. o o IDX Orders output from the lowest entry number to the highest. o o REVIDX Orders output from the highest entry number to the lowest. 3 BRIEF Generates brief output, rather than the full translation output. 3 FULL Generates full translation output. This is the default output setting. 3 Examples $ WSEA X TRANS OUTHTML SYSLOG.HTML Translates the events in the system event log and saves the results in a file named SYSLOG.HTML. $ WSEA X TRANS [.COMMON.CA.EXAMPLES]DS20.ERRLOG OUTTEXT SYSLOG.TXT "SORT=TIME" Translates the events in the file DS20.ERRLOG and saves the results in a file named SYSLOG.TXT in chronological order. $ WSEA X TRANS "CN=MYCOMPUTER & IDX=10" BRIEF Translates the tenth event from the system event log on the machine named MYCOMPUTER. The brief output is displayed on the screen. 2 /ANA(V) (DECevent Emulator) The /ANA command processes a binary event log according to the registered rule sets and displays any problem reports that result. Problem reports are generated when a event or events from the log file correspond to a rule that produces a callout. $ WSEA V /ANA[/OUT=] [] input_file: o The name of the binary log file you want to analyze. If no input file is specified, the binary system event log is processed. output_file: o The name of the file where you want to save generated problem reports. If no output file is specified, any generated problem reports are shown on the screen. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 Output_File Saves the results of processing to a file rather than displaying them on the screen. By default, output is saved as a text in the current directory; however, you can specify a different directory. 3 Examples $ WSEA V /ANA/OUT=ANALYZE.TXT Analyzes the entries from the default binary system event log and saves the results to a file named ANALYZE.TXT. $ WSEA V /ANA [.COMMON.CA.EXAMPLES]DS20.ERRLOG Analyzes the DS20.ERRLOG file from the [.COMMON.CA.EXAMPLES] directory and displays the results on the screen. 2 /BIN(V) (DECevent Emulator) Creates a new binary log file from a subset of the events in an existing log file. The /BIN command compares the events in a log file to a filter statement. Any events that match the filter criteria are added to a new log file. You must specify both a input file and a output file with this command. $ WSEA V /BIN=output_file[] [] output_file: o The name of the new binary event log. You must specify a single output file. input_file: o The name of the original binary event log. If no file is specified, the binary system event log is used. filter_flags: o The criteria used to select events from the input file. If you do not specify a filter statement, all the events in the input_file are added to the output_file. 3 Output_File The name of the new binary log file. If you want the file saved in a directory other than the default, you must specify both the path and filename. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 /REV Processes the events in the binary log file in reverse order. 3 /NOD=compname Filters the events in the binary log file based on the computer or node responsible for generating them. 3 /ENT=(S:nn;E:nn) Filters entries from the binary log file for processing based on their position in the event log. The S: indicates the first event to process and the E: indicates the last event to process. In both cases, nn refers to the entry number. 3 /SIN=date Filters the events in the binary log file based on the date they occured. The /SIN flag specifies a starting date and supports the YESTERDAY and TODAY keywords in addition to a date value (dd-mmm-yyyy). 3 /BEF=date Filters the events in the binary log file based on the date they occured. The /BEF flag specifies a ending date and supports the YESTERDAY and TODAY keywords in addition to a date value (dd-mmm-yyyy). 3 /INC(keyword) The includes flag specifies event types for processing. When the binary log is processed, only the event types specified by the given keyword are included. The supported keywords are: 4 cam All SCSI entries logged by the CAM logger. (Entry type 199) 4 configurations Configuration entries. (Entry type 110) 4 control_entries System startup entries or new error log creation entries. (Entry types 32, 35, and 300) 4 cpus Machine check entries for AXP. (Entry types contained in mchk-cpu filter) 4 environmental_entries Power entries. (Entry types contained in mchk-env filter) 4 swxcr Entries logged by SWXCR. (Entry type 198) 4 machine_checks Also mchks. Events with machine checking information. (Entry types contained in mchk filter) 4 operating_system=value Also os=value. Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. 4 panic Crash re-start, system panic, or user panic entries. (Entry types 37 and 302) 4 software_informationals Also swi. Events with lastfail, system startup, or system configuation information. (Entry types 32, 35, 37, 38, 39, 64, 65, 250, 300, 301, and 310) 4 osf_entry Events logged on a Tru64 UNIX operating system. This keyword is the equivalent of using the operating_system keyword with a value of 1. 3 /EXC(keyword) The excludes flag specifies event types that should not be processed. When the binary log file is processed, all the event types specified by the keyword are skipped. The supported keywords are: 4 cam All SCSI entries logged by the CAM logger. (Entry type 199) 4 configurations Configuration entries. (Entry type 110) 4 control_entries System startup entries or new error log creation entries. (Entry types 32, 35, and 300) 4 cpus Machine check entries for AXP. (Entry types contained in mchk-cpu filter) 4 environmental_entries Power entries. (Entry types contained in mchk-env filter) 4 swxcr Entries logged by SWXCR. (Entry type 198) 4 machine_checks Also mchks. Events with machine checking information. (Entry types contained in mchk filter) 4 operating_system=value Also os=value. Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. 4 panic Crash re-start, system panic, or user panic entries. (Entry types 37 and 302) 4 software_informationals Also swi. Events with lastfail, system startup, or system configuation information. (Entry types 32, 35, 37, 38, 39, 64, 65, 250, 300, 301, and 310) 4 osf_entry Events logged on a Tru64 UNIX operating system. This keyword is the equivalent of using the operating_system keyword with a value of 1. 3 Examples $ WSEA V /BIN=NEWBIN.ZPD/SIN=07-JUN-2000/BEF=11-JUN-2000/EXC(CAM) Creates a new binary log file named NEWBIN.ZPD containing all the events from the binary system error log that occured between June 7, 2000 and June 11, 2000 except the CAM entries. $ WSEA V /BIN=NEWBIN.ZPD/INC(MACHINE_CHECKS) DS10.ERRLOG DS20.ERRLOG Creates a new binary log file named NEWBIN.ZPD containing all the MACHINE_CHECK entries from the DS10.ERRLOG and DS20.ERRLOG files. 2 /HELP(V) (DECevent Emulator) Displays on-line help for SEA. $ WSEA V /HELP 3 Examples $ WSEA V /HELP Shows the SEA command line help. 2 /SUM(V) (DECevent Emulator) The /SUM command shows a summary of the number of events contained in a log file and their type.The output shows the number of each type of event. $ WSEA V/SUM [] [] filter_flags: o Any modifiers used to filter the input file or specify an output file. input_file: o The name of the binary log file whose contents you want to see. If no input file is specified, the binary system event log is processed. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 /OUT=filename Saves the results of processing to a file rather than displaying them on the screen. By default, output is saved as a text in the current directory; however, you can specify a different directory by including the path along with the filename. 3 /REV Processes the events in the binary log file in reverse order. 3 /NOD=compname Filters the events in the binary log file based on the computer or node responsible for generating them. 3 /ENT=(S:nn;E:nn) Filters entries from the binary log file for processing based on their position in the event log. The S: indicates the first event to process and the E: indicates the last event to process. In both cases, nn refers to the entry number. 3 /SIN=date Filters the events in the binary log file based on the date they occured. The /SIN flag specifies a starting date and supports the YESTERDAY and TODAY keywords in addition to a date value (dd-mmm-yyyy). 3 /BEF=date Filters the events in the binary log file based on the date they occured. The /BEF flag specifies a ending date and supports the YESTERDAY and TODAY keywords in addition to a date value (dd-mmm-yyyy). 3 /INC(keyword) The includes flag specifies event types for processing. When the binary log is processed, only the event types specified by the given keyword are included. The supported keywords are: 4 cam All SCSI entries logged by the CAM logger. (Entry type 199) 4 configurations Configuration entries. (Entry type 110) 4 control_entries System startup entries or new error log creation entries. (Entry types 32, 35, and 300) 4 cpus Machine check entries for AXP. (Entry types contained in mchk-cpu filter) 4 environmental_entries Power entries. (Entry types contained in mchk-env filter) 4 swxcr Entries logged by SWXCR. (Entry type 198) 4 machine_checks Also mchks. Events with machine checking information. (Entry types contained in mchk filter) 4 operating_system=value Also os=value. Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. 4 panic Crash re-start, system panic, or user panic entries. (Entry types 37 and 302) 4 software_informationals Also swi. Events with lastfail, system startup, or system configuation information. (Entry types 32, 35, 37, 38, 39, 64, 65, 250, 300, 301, and 310) 4 osf_entry Events logged on a Tru64 UNIX operating system. This keyword is the equivalent of using the operating_system keyword with a value of 1. 3 /EXC(keyword) The excludes flag specifies event types that should not be processed. When the binary log file is processed, all the event types specified by the keyword are skipped. The supported keywords are: 4 cam All SCSI entries logged by the CAM logger. (Entry type 199) 4 configurations Configuration entries. (Entry type 110) 4 control_entries System startup entries or new error log creation entries. (Entry types 32, 35, and 300) 4 cpus Machine check entries for AXP. (Entry types contained in mchk-cpu filter) 4 environmental_entries Power entries. (Entry types contained in mchk-env filter) 4 swxcr Entries logged by SWXCR. (Entry type 198) 4 machine_checks Also mchks. Events with machine checking information. (Entry types contained in mchk filter) 4 operating_system=value Also os=value. Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. 4 panic Crash re-start, system panic, or user panic entries. (Entry types 37 and 302) 4 software_informationals Also swi. Events with lastfail, system startup, or system configuation information. (Entry types 32, 35, 37, 38, 39, 64, 65, 250, 300, 301, and 310) 4 osf_entry Events logged on a Tru64 UNIX operating system. This keyword is the equivalent of using the operating_system keyword with a value of 1. 3 Examples $ WSEA V /SUM MYLOG.ZPD Creates a summary of the events in the binary event log named MYLOG.ZPD. $ WSEA V /SUM/ENT(S:10)/EXC(CAM) Creates a summary of the events in the system binary event log excluding the first ten entries and all the CAM entries. 2 /TRA(V) (DECevent Emulator) Translates the events in a binary file to ASCII text. By default all the events in the specified system event log file are translated. $ WSEA V /TRA [/OUT=] [BRIEF | FULL] [] [] output_file: o File where you want to save the results of processing. filter_flags: o Any modifiers used to filter the input file or specify an output file. input_file: o The name of the file you want to process. 3 Input_File The following conventions apply when specifying an input file: o If no file or directory is specified, the binary system event log is processed. o You can use a relative directory structure when specifying an input file. o If you specify a directory without a file name, all the files in that directory with a .ERRLOG, .SYS, and .ZPD extension are processed. o Specify multiple input files by separating the names with spaces. o The wildcard character (*) can be used to specify files. 3 /OUT=Output_File Saves the results of processing to a file rather than displaying them on the screen. By default, output is saved as a text in the current directory; however, you can specify a different directory by including the path along with the filename. 3 /REV Processes the events in the binary log file in reverse order. 3 /NOD=compname Filters the events in the binary log file based on the computer or node responsible for generating them. 3 /ENT=(S:nn;E:nn) Filters entries from the binary log file for processing based on their position in the event log. The S: indicates the first event to process and the E: indicates the last event to process. In both cases, nn refers to the entry number. 3 /SIN=date Filters the events in the binary log file based on the date they occured. The /SIN flag specifies a starting date and supports the YESTERDAY and TODAY keywords in addition to a date value (dd-mmm-yyyy). 3 /BEF=date Filters the events in the binary log file based on the date they occured. The /BEF flag specifies a ending date and supports the YESTERDAY and TODAY keywords in addition to a date value (dd-mmm-yyyy). 3 /INC(keyword) The includes flag specifies event types for processing. When the binary log is processed, only the event types specified by the given keyword are included. The supported keywords are: 4 cam All SCSI entries logged by the CAM logger. (Entry type 199) 4 configurations Configuration entries. (Entry type 110) 4 control_entries System startup entries or new error log creation entries. (Entry types 32, 35, and 300) 4 cpus Machine check entries for AXP. (Entry types contained in mchk-cpu filter) 4 environmental_entries Power entries. (Entry types contained in mchk-env filter) 4 swxcr Entries logged by SWXCR. (Entry type 198) 4 machine_checks Also mchks. Events with machine checking information. (Entry types contained in mchk filter) 4 operating_system=value Also os=value. Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. 4 panic Crash re-start, system panic, or user panic entries. (Entry types 37 and 302) 4 software_informationals Also swi. Events with lastfail, system startup, or system configuation information. (Entry types 32, 35, 37, 38, 39, 64, 65, 250, 300, 301, and 310) 4 osf_entry Events logged on a Tru64 UNIX operating system. This keyword is the equivalent of using the operating_system keyword with a value of 1. 3 /EXC(keyword) The excludes flag specifies event types that should not be processed. When the binary log file is processed, all the event types specified by the keyword are skipped. The supported keywords are: 4 cam All SCSI entries logged by the CAM logger. (Entry type 199) 4 configurations Configuration entries. (Entry type 110) 4 control_entries System startup entries or new error log creation entries. (Entry types 32, 35, and 300) 4 cpus Machine check entries for AXP. (Entry types contained in mchk-cpu filter) 4 environmental_entries Power entries. (Entry types contained in mchk-env filter) 4 swxcr Entries logged by SWXCR. (Entry type 198) 4 machine_checks Also mchks. Events with machine checking information. (Entry types contained in mchk filter) 4 operating_system=value Also os=value. Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. 4 panic Crash re-start, system panic, or user panic entries. (Entry types 37 and 302) 4 software_informationals Also swi. Events with lastfail, system startup, or system configuation information. (Entry types 32, 35, 37, 38, 39, 64, 65, 250, 300, 301, and 310) 4 osf_entry Events logged on a Tru64 UNIX operating system. This keyword is the equivalent of using the operating_system keyword with a value of 1. 3 /BRIEF Generates brief output, rather than the full translation output. 3 /FULL Generates full translation output. This is the default output setting. 3 Examples $ WSEA V /TRA/OUT=TRANSLATE.TXT/NOD=MYCOMPUTER/REV MYLOG.ZPD Tranaslates a binary error log file named MYLOG.ZPD and routes the output to a file named translate.txt. Only the events from the computer named mycomputer are processed, and they are processed in reverse order. $ WSEA V /TRA/INC(SOFTWARE_INFORMATIONALS)/BEF=YESTERDAY Translates all the software informational events in the system's binary event log that occured before yesterday. Output is shown on the screen.