Chapter 3
This chapter discusses the Bit-To-Text translation feature, including the necessary privileges, the command verb, translating event files, filtering input events, selecting alternative reports, and translating events as they occur.
The DECevent utility enables you to produce Bit-To-Text ASCII reports derived from system event entries or user supplied event logs. The format of the ASCII report is determined by commands with flags, parameters, and selection keywords appended and entered on the command line interface (CLI). The maximum command line allowed is 255 characters. The DECevent bit-to-text feature performs the following:
Refer to Appendix A for a list of all DECevent utility independent directory files.
Tru64 UNIX users need superuser privileges to use the translation and reporting features of DECevent, unless the event log file protection privileges have been changed to allow all users to read the event log file.
The following DECevent utility command verb allows the translation of system event entries for Tru64 UNIX operating systems:
The -a flag is the default translation flag and does not need to be typed on the command line. Simply typing dia performs the same function as typing dia -a on the command line.
The DECevent utility uses the system event log file as the default input file. For Tru64 UNIX systems, the default file is /usr/adm/binary.errlog.
To produce a translated event report using the built-in defaults, use the following command:
This command by default produces a full report directed to the terminal screen, from the input event log file /usr/adm/binary.errlog.
The -a flag is understood on the command line and does not need to be entered. See Example 3-1 for an example of a full report.
Use the following command to select an alternate input file for translation other than the default system event log file:
In the previous example, errlog.sys has been selected as the alternate file to be translated. You must precede the name of the input file with the -f flag.
DECevent can translate multiple input files, as shown in the following example:
You can use asterisks (*) as wildcards to specify multiple input files. For example, if you want to translate all event log files located in the directory errlog, you could translate errlog_1.sys, errlog_2.sys, and errlog_3.sys with one file name, err*.sys, as shown in the following example:
You also can use the wildcards to translate multiple event log files in multiple directories, as shown in the following example:
To redirect the translated output to a file rather than to a terminal, enter the following command.
In the previous example, errlog_old.rpt is the output file into which the translated event information is written.
To reverse the order of the input event log file being read by the DECevent utility, use the following command:
This command allows events contained in the default system event log file to be displayed in reverse chronological order, with the most recent events displayed first. The default is to display events in forward chronological order. Note that when the -R command is used the entry numbers in the report are listed 1-N.
Use the following command to display events contained in the event log file errorlog.sys in reverse chronological order:
Use the following command to create a smaller binary event log file from a larger event log file, using selection criteria. The following command creates a binary output file:
With this command the binary file error_sublog.bin is created from the default input system event log file. No text report output is generated.
Sometimes you do not want all the information contained in the input event log file. The include ( -i ) and exclude ( -x ) flags allow you to filter input event log files to include or exclude event information.
To include only certain event types in the output report, use the -i flag, as shown in the following example:
% dia -i disk=rz disk=ra92 cpu
In the previous example, only the RZ? disks, RA92? disks, and CPU entries are included in the output report. To exclude certain event types in the output report, use the -x flag, as shown in the following example:
In the previous example, memory entries are excluded from the output report.
Appendix D shows complete listings of all selection criteria for these flags.
Date and time flags allow you to filter events by date and time occurrences. The date and time value is specified in the following format and defined in Table 3-1.
To select events between a certain time period on Tru64 UNIX systems, use the -t flag with the s and e parameters. You need both the s and e parameters on the command line to select events between certain time periods, as shown in the following example:
% dia -t s:15-jan-1993 e:20-jan-1993
To include events starting at a certain time for Tru64 UNIX systems, enter the following:
In the previous example, the output report will include all events that occurred after the date and time indicated. To include events before a certain time, enter the following command:
If no time is specified with a date, the default start time is midnight (00:00), and the default end time is 23:59:59.
If the entry position within the event log file is known, a range of entries can be specified. In the following example, only entries 20 through 60 inclusive are translated.
Either the s or e parameter can be omitted, but not both. If the e parameter is omitted, all entries from the starting entry indicated to the end of file are processed. If the s parameter is omitted, all events from the beginning through the end entry are processed.
The following sections describe different ways to produce reports.
To produce a full report, use the -o flag with the full report type, as shown in the following example:
The full report format provides a translation of all available information for each entry in the event log. The full report is the default report type and the flag does not need to be typed on the command line. Example 3-1 shows the format of a full report.
|
|
||
To produce a brief report, use the -o flag with the brief report type, as shown in the following example:
The brief report format provides translation of key information for each entry in the event log. Example 3-2 shows the format for a brief report.
|
|
||
To produce a terse report, use the -o flag with the terse report type, as shown in the following example:
The terse report format provides binary event information and displays register values and other ASCII messages in a condensed format. Example 3-3 shows the format for a terse report.
To produce a summary report, use the -o flag with the summary report type, as shown in the following example:
The summary report format provides a statistical summary of the event entries in the event log.
Example 3-4 shows the format for a summary report.
The -c flag allows events to be monitored as they occur in real time. This enables you to see the translated events immediately on the terminal, or to send translated events to an output file.
To monitor the event logger on Tru64 UNIX systems, enter the following command:
To send translated events to an output file instead of viewing the events on a terminal screen, enter the following command:
The previous command creates a brief report called brief.rpt.
Using the -o brief report type with the -c flag is strongly recommended. Using the -o summary report type with the -c flag is not allowed.