E.4  DECevent UNIX Syntax

DECevent UNIX syntax commands use the following format:

wsea u command_verb
Where command_verb indicates the action you want to perform.

Table E–5 describes the commands supported by the DECevent UNIX syntax:

Table E–5 Command Verbs—wsea (DECevent UNIX syntax) 
Command Verb
Description
ana
Performs manual analysis one or more binary event logs. See Section E.4.1 for more details.
-a
Translates one or more binary event logs, but does not analyze the events. See Section E.4.2 for more details.
-o sum
Returns a summary of all the events contained in a binary event log. See Section E.4.3 for more details.
-b
Applies a filter to an existing binary event log and creates a new binary event log containing the subset of events returned after filtering. See Section E.4.4 for more details.
hlp
Displays a text-based help file. The text-file describes the new common syntax.

E.4.1  Manual Analysis

To perform manual analysis with the DECevent UNIX syntax use the following command:

wsea u ana [-f inputfile] [> outputfile]
inputfile—enter the path and name of a binary log file. See Section E.4.5.1 for more details.
outputfile—enter the path and name where you want the output saved. See Section E.4.5.2 for more details.

E.4.2  Translation

To perform translation with the DECevent UNIX syntax use the following command:

wsea u -a [-f inputfile] [brief | full] [filter flags] [> outputfile]
inputfile—specify the path and name of a binary log file. See Section E.4.5.1 for more details.
Select the desired report type using the brief or full modifier.
filter flags—enter filter flags to limit the events translated. See Section E.4.5.3 for more details.
outputfile—specify the path and name where you want the output saved. See Section E.4.5.2 for more details.

E.4.3  Summary of Events

To view a summary of the events in a log file with the DECevent UNIX syntax use the following command:

wsea u -o sum [-f inputfile] [filter flags]
inputfile—provide the path and name of a binary log file. See Section E.4.5.1 for more details.
filter flags—enter filter flags to limit the events translated. See Section E.4.5.3 for more details.

E.4.4  Creating New Binary Event Log Files

To create a new binary event log file with the DECevent UNIX syntax use the following command:

wsea u -b outputfile [-f inputfile(s)] [filter_flags]
outputfile—provide the path and name of the new log file.
inputfile—provide the path and name of the binary log file you want to filter to create a new log file. See Section E.4.5.1 for more details.
filter flags—specify a filter to restrict the events added to the new log file. See Section E.4.5.3 for more information.

E.4.5  Modifying Commands

By default, the analysis, translation, summary and new binary log file commands all process the system event log. The output from analysis, translation and summary commands is displayed on the screen. You can change these defaults in order to process other binary log files and save the processing results to a file. With some of the commands you can further restrict the events that are processed by filtering the binary log file used for input. The following sections describe how to use these features.

E.4.5.1  Input Files

To change the input file used by a command, use the following modifier:

-f filename
Where filename indicates the path and name of the desired binary log file.

For example:

wsea u ana -f examples/ds20.errlog

When you are specifying an input file, the following guidelines apply:

E.4.5.2  Output Files

Note


These output file guidelines do not apply when you are creating a new binary event log. Refer to Section E.4.4 for more details.


To specify an output file, add the following modifier to the end of a command:

> filename
The modifier creates a text output file. The filename indicates the path and name where you want to save the output.

The following examples show commands that specify output files:

wsea u ana > results.txt

E.4.5.3  Filtering

The -a, -o sum, and -b commands enable you to filter a binary event log file and only process a subset of the events. You can include multiple filter statements by using more than one filtering flag in a command. In this case, separate each flag with a space.

Table E–6 describes the DECevent UNIX filtering statements.

Table E–6 Filtering Statements (DECevent UNIX syntax) 
Filter Statement
Description
-t "s:date e:date"
Filters based on the time the event occurred. No events that occurred before the given start time or after the given end time are processed. The date can be entered in any format supported by Java (for example, dd-mmm-yyyy,hh:mm:ss). You do not need to include the time (hh:mm:ss) with the date. Be aware of the following guidelines:
  • The DECevent UNIX syntax combines the start and end times are in a single filter statement.
  • You can use the keywords YESTERDAY and TODAY.
  • -i keyword
    -x keyword
    Filters based on the numeric entry type. You must enter a keyword rather than the actual entry type. Refer to Table E–7 for information on supported keywords.
    -H name
    Filters based on the node responsible for generating the event. The name argument is case sensitive.
    -e s:nn e:nn
    Filters based on the event's position in the event log. The first event in the file is event index 1.
    -R
    Processes the events in reverse order according to the event index number.
    Table E–7 Event Type Keywords (DECevent UNIX syntax) 
    Keyword
    Description
    cam
    All SCSI entries logged by the CAM logger (199).
    configurations
    Configuration entries (110).
    control_entries
    System startup entries or new error log creation entries (32, 35, 300).
    cpus
    Machine check entries for AXP (mchk-cpu).
    environmental_entries
    Power entries (mchk-env).
    swxcr
    Entries logged by SWXCR (198).
    machine_checks
    mchks
    Events with machine checking information (mchk).
    operating_system=value
    os=value
    Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system.
    panic
    Crash re-start, system panic, or user panic entries (37, 302).
    software_informationals
    swi
    Events with lastfail, system startup, or system configuration information (volume mounts, volume dismounts, new error logs, timestamp entries) (32, 35, 37, 38, 39, 64, 65, 250, 300, 301, 310).
    osf_entry
    Events logged on a Tru64 UNIX operating system.

    Examples – DECevent UNIX

    The following examples show sample commands that use filtering.

    Processes events from the system described by ComputerName:

    wsea u -a -H ComputerName
    wsea u -o sum -H ComputerName
    wsea u -b outputfile.bin -f inputfile.zpd -H ComputerName

    Processes events that occurred before 8:33:57 PM on January 31, 2000:

    wsea u -a -t "e:31-Jan-2000,20:33:57"
    wsea u -o sum -t "e:31-Jan-2000,20:33:57"
    wsea u -b outputfile.bin -f inputfile.zpd -t "e:31-Jan-2000,20:33:57"

    Processes all CPU machine check events:

    wsea u -a -i cpu
    wsea u -o sum -i cpu
    wsea u -b outputfile.bin -f inputfile.zpd -i cpu

    Processes all events without an operating system type of 1. The translation command presents the output in reverse chronological order:

    wsea u -a -x operating_system=1 -R
    wsea u -o sum -x operating_system=1
    wsea u -b outputfile.bin -f inputfile.zpd -x operating_system=1

    Processes all the events after the fifteenth event in the log file:

    wsea u -a -e s:15
    wsea u -o sum -e s:15
    wsea u -b outputfile.bin -f inputfile.zpd -e s:15