********************************************************************** ** ** ** TEXT FILE LIMITATIONS: ** ** ** ** The text extract for this document does not capture tables very ** ** well, mainly because of the 75-column, monospaced character ** ** limitation. Be aware that large data tables probably will not ** ** wrap properly in this text file. ** ** ** ** In addition, the text extract cannot capture figure images. ** ** You can see only placeholders (captions) for the figures. ** ** ** ** You may see references to italic or bold fonts that are visible ** ** in the original document but not in this text extract. ** ** ** ********************************************************************** ========================================================================= Compaq Analyze User Guide ------------------------------------------------------------------------- Compaq Analyze is a rules-based hardware fault management diagnostic tool that provides error event analysis and translation. The multi-event correlation analysis feature of Compaq Analyze provides the capability to analyze events stored in the system's binary event log file and events from other sources. The Compaq Analyze User Guide provides information about the features of Compaq Analyze and explains how to operate the software. Rev. 10/23/00-A Operating System: Microsoft Windows NT 4.0 and Windows 2000 Compaq Tru64 UNIX versions 4.0E to 5.1 Compaq OpenVMS Alpha versions 7.1-2, 7.2, 7.2-1, and 7.2-1H1 Software Version: Compaq Analyze 3.1 October 2000 Copyright 2000 Compaq Computer Corporation Compaq and the Compaq logo Registered in U.S. Patent and Trademark Office. Tru64 and OpenVMS are trademarks of Compaq Information Technologies Group, L.P. in the United States and other countries. Microsoft, Windows, Windows NT, and MS-DOS are trademarks of Microsoft Corporation in the United States and other countries. Intel is a trademark of Intel Corporation in the United States and other countries. UNIX is a trademark of The Open Group in the United States and other countries. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software. Valid license from Compaq required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. This service tool software is the property of, and contains confidential technology of Compaq. Possession and use of this software is authorized only pursuant to the Proprietary Service Tool Software License contained in the software or documentation accompanying this software. Compaq service tool software, including associated documentation, is the property of and contains confidential technology of Compaq Computer Corporation. Service customer is hereby licensed to use the software only for activities directly relating to the delivery of, and only during the term of, the applicable services delivered by Compaq or its authorized service provider. Customer may not modify or reverse engineer, remove or transfer the software or make the software or any resultant diagnosis or system management data available to other parties without Compaq's or its authorized service provider's consent. Upon termination of the services, customer will, at Compaq's or its service provider's option, destroy or return the software and associated documentation in its possession. Printed in U.S.A. ========================================================================= ***Contents*** Preface Overview Intended Audience Documentation Conventions Further Information 1 Introduction 1.1 Description of Compaq Analyze 1.2 Compaq Service Tools 1.3 WEBES and Compaq Analyze Processes 1.3.1 Director 1.3.2 Web Interface 1.4 Starting the Director 1.5 Stopping the Director 1.6 Monitoring WEBES Processes 1.7 Log Files 1.7.1 Location 1.7.2 Logging Level 1.8 License Agreement 1.9 Service Obligations 1.10 Environment Setup 1.11 Nomenclature Differences 1.12 Advanced Options 1.12.1 Unanalyzed Event Logger 2 Command Line Interface (CLI) 2.1 Overview 2.1.1 Standalone CLI 2.1.2 Conventions 2.2 Command Syntax 2.2.1 Setting the Default Syntax 2.2.2 Showing the Default Syntax 2.3 Command Verbs 2.3.1 CA Command Verbs 2.3.2 DESTA Commands 2.4 Command Parameters 2.5 Analysis 2.5.1 Manual Analysis 2.5.1.1 Performing Manual Analysis 2.5.1.2 Specifying Input Files 2.5.1.3 Saving Output to a File 2.5.2 Automatic Analysis 2.5.2.1 Viewing Automatic Analysis Reports 2.5.2.2 Logging Automatic Analysis Reports 2.5.3 Analysis Output 2.6 Translation 2.6.1 Performing Translation 2.6.2 Specifying Input Files 2.6.3 Saving Output to a File 2.6.4 Filtering Log Files 2.6.5 Output Type 2.6.6 Translation Output 2.7 Summary of Events 2.7.1 Specifying Input Files 2.7.2 Filtering Log Files 2.7.3 Indexed Output 2.7.4 Example Output 2.8 Creating New Binary Event Log Files 2.8.1 Specifying Input Files 2.8.2 Saving Output to a File 2.8.3 Filtering Log Files 2.9 Modifying Commands 2.9.1 Input Files 2.9.2 Output Files 2.9.3 Filtering 2.10 Knowledge Rulesets 2.11 Configuration 2.12 Notification 2.13 Service Obligations 2.13.1 Show 2.13.2 Override 2.14 Getting Help 2.15 Advanced Operations 2.15.1 Simulate Automatic Analysis 2.15.2 Translating All Events 2.15.3 Event Type Filtering 2.15.4 Manipulate Service Obligation 2.15.4.1 Change 2.15.4.2 Install 2.15.5 FRU Tree 2.15.5.1 Input Files 2.15.5.2 Example 2.15.6 Rebuild Frame Knowledge 3 Web Interface 3.1 Description 3.1.1 Translation 3.1.2 Analysis 3.1.2.1 Automatic 3.1.2.2 Manual 3.1.3 Notification 3.2 Accessing the Web Interface 3.2.1 Supported Web Browsers 3.2.2 Browser Setup 3.2.3 Browsers and the Web Interface 3.2.4 Starting the Web Interface 3.3 Toolbar 3.4 Navigation 3.5 The Navigation Tree 3.5.1 Groups 3.5.1.1 Adding Groups 3.5.1.2 Removing Groups 3.5.2 Nodes 3.5.2.1 Adding Nodes 3.5.2.2 Removing Nodes 3.5.2.3 Node Status 3.5.3 Categories 3.5.3.1 Adding Categories 3.5.3.2 Removing Categories 3.5.4 Log Files 3.5.4.1 System Log 3.5.4.2 Other Logs 3.6 Analysis Information 3.6.1 Automatic Analysis Features 3.6.2 Manual Analysis Features 3.6.3 Problem Reports 3.6.4 Summary 3.6.5 Events 3.6.6 Displaying Details 3.7 Processing Status 3.8 Settings 3.8.1 Viewing Text Error/Information Log Files 3.8.2 Director Settings 3.8.3 User Settings 3.8.4 Register Knowledge 3.9 Getting Help 3.9.1 Context Sensitive Help 3.9.2 On-Line User Guide 3.10 Log Off 3.11 Lost Connection 3.12 Service Obligation 3.13 Disabling the Web Service 3.14 Advanced Operations 3.14.1 Configuration Entries 3.14.2 Filtered Events 3.14.3 Example Log Files 4 Event Translation 4.1 Translation Defaults 4.2 Automatic Translation 4.3 Manual Translation 4.4 Viewing Translation Information 4.5 Interpreting Translation Information 4.5.1 Overall 4.5.2 Frame 4.5.3 Field 4.6 Typical Frame of a Translated Binary Event 4.7 Advanced Operations 4.7.1 Simulation of Automatic Translation 5 Event Analysis 5.1 Analysis Rules 5.2 Instance Files 5.3 Managing Rule Sets 5.3.1 Viewing Registered Rules 5.3.2 Registering and Unregistering Rule Sets 5.3.2.1 CLI 5.3.2.2 Web Interface 5.4 Automatic Analysis 5.5 Manual Analysis 5.6 Viewing Analysis Information 5.7 Interpreting Analysis Information 5.7.1 Managed Entity 5.7.2 Service Obligation 5.7.3 Brief Description 5.7.4 Callout ID 5.7.5 Severity 5.7.6 Reporting Node 5.7.7 Full Description 5.7.8 FRU List 5.7.9 Evidence 5.8 Advanced Operations 5.8.1 Regenerating a Problem Report using Automatic Analysis 5.8.2 Simulation of Automatic Analysis 5.8.2.1 Analysis of a Log File 5.8.2.2 Analysis of all Event Logs in a Directory 5.8.2.3 Simulated Analysis Cleanup 5.8.3 Configuration of Analysis 5.8.3.1 Modifying the Configuration 5.8.3.2 DeCOR Class File 5.8.3.3 Automatic and Manual Analysis Instance Files 5.8.3.4 Watch Flags 6 Configuration 6.1 Getting the Configuration 6.2 Changing the Configuration 6.2.1 CLI 6.2.2 Web Interface 6.3 Global Configuration Attributes 6.3.1 Changing the Attributes 6.3.2 Changing Ports 6.3.3 Changing the Report Type 6.4 Component Configuration Attributes 6.4.1 Common Attributes 6.4.2 Extended Attributes 6.5 Profiles 6.6 Creating and Resetting the Configuration 6.7 Advanced Operations 6.7.1 Logging Level 6.7.1.1 CLI 6.7.1.2 Web Interface 7 Notification 7.1 Automatic Notification 7.2 Configuring SMTP Mail Notification 7.3 Customer Profile File 7.3.1 Profile File Contents 7.3.2 Path Setup 7.4 Enabling and Disabling SICL Notification 7.5 Configuring CRSS Notification 7.5.1 Enabling and Disabling QSAP Notification 7.5.2 Event Log Settings A Sample Outputs A.1 Sample Analysis Output A.2 Sample Translated Event Output A.2.1 Full A.2.2 Brief A.3 Sample Configuration Entry A.4 Text Error/Information Log File Output B Known Messages in Compaq Analyze B.1 Configuration File Created B.2 Start-up Errors in DUReader, Binlog, and Scavenge B.3 Security Properties Not Found B.4 JIT Compiler Not Found B.5 Two Instances of "desta_exec" Glossary Index  ========================================================================= ***List of Figures*** 1-1 Compaq Analyze Running on a UNIX and a Windows Machine. 3-1 Logon Window 3-2 The Web Interface 3-3 Toolbar 3-4 Collapsed Tree 3-5 Navigation Tree 3-6 Add Group 3-7 Remove Group 3-8 Add Node 3-9 Remove Node 3-10 Activate Node 3-11 Activating Node Message 3-12 Unable to Activate Node Message 3-13 Add Category 3-14 Remove Category 3-15 Add Log File Tab 3-16 Remove Log File Tab 3-17 Analysis Started Message 3-18 Analysis Failed Message 3-19 Synchronize and Clear Buttons 3-20 Reprocess Button 3-21 Problem Report Tab 3-22 Summary Tab 3-23 Events Tab 3-24 Navigation Buttons 3-25 Status Icons 3-26 Settings Window 3-27 User Settings 3-28 Log Off Message 3-29 Profile Already Logged On Message 3-30 Lost Connection Message 3-31 Configuration Entries Tab 3-32 FRU Table Button 3-33 Add Log File Tab - Advanced 5-1 Rules Files 6-1 Settings 6-2 Selecting an Service 6-3 Attribute Display 7-1 Event Log Settings Dialog Box  ========================================================================= ***List of Tables*** User Guide Contents 1-1 Unanalyzed Event Logger Attributes 2-1 Syntax Conventions 2-2 Syntax Designators 2-3 Default Syntax 2-4 Command Verbs - ca (multiple syntax) 2-5 Command Verbs - ca (single syntax) 2-6 Command Verbs - desta 2-7 Manual Analysis Commands 2-8 Translation Commands 2-9 Summary Commands 2-10 Create New Log File Commands 2-11 Specifying an Input File 2-12 Specifying an Output File 2-13 General Filtering Rules 2-14 Filtering Statements 2-15 Event Type Keywords 2-16 FRU Tree Commands 3-1 Web Interface Components 3-2 Toolbar 3-3 Automatic Analysis Features 5-1 Problem Severity Levels 6-1 Ports  ========================================================================= ***Preface*** Compaq Analyze is a rules-based hardware fault management diagnostic tool that provides error event analysis and translation. The multi-event correlation analysis feature of Compaq Analyze provides the capability to analyze events from a variety of sources, including those stored in the system's binary event log file. Overview The Compaq Analyze User Guide describes the features of Compaq Analyze and explains how to use the application. The organization of the guide is described here. User Guide Contents Chapter ----- Contents ----- Chapter 1 Describes the product, post-installation procedures and processes. Chapter 2 Provides information about the Command Line Interface. Chapter 3 Provides detailed information about the web interface. Chapter 4 Describes the translation of system events. Chapter 5 Explains the analysis rules. Chapter 6 Discusses the Compaq Analyze configuration settings. Chapter 7 Describes how to configure automatic notification. Appendix A Shows sample output files. Appendix B Describes Compaq Analyze messages. Intended Audience The Compaq Analyze User Guide is intended for system managers and service personnel who use the Compaq Analyze software. Documentation Conventions The following conventions are used in this manual: User entries Information that should be entered exactly as it appears in the document is shown in bold. Variables Information that will vary depending on your computer or user profile is shown in italics. System Output Responses from the system are shown in a monospaced font. Directories Directory paths do not include the installation directory path. Thus, if you installed WEBES in the following directory: C:\Program Files\compaq\svctools\ A reference to the ca directory would indicate: C:\Program Files\compaq\svctools\ca\. Further Information Compaq Analyze is a member of the Web-Based Enterprise Service (WEBES) suite of products. For more information on the other WEBES applications, visit the support web site at the following URL: http://www.support.compaq.com/svctools For information about the supported products and limitations of the current release, refer to the Compaq Analyze Release Notes. Information about the supported operating systems is contained in the WEBES Install Guide along with detailed installation instructions for each operating system. Additional information about WEBES is available in the WEBES Release Notes.  ========================================================================= 1 ***Introduction*** This chapter describes Compaq Analyze, the supported platforms, the post-installation setup procedures, the WEBES and Compaq Analyze processes, the procedures used to start and stop the Director, the locations of WEBES Director log files, and the nomenclature differences. - Description of Compaq Analyze - Compaq Service Tools - WEBES and Compaq Analyze Processes - Starting the Director - Stopping the Director - Monitoring WEBES Processes - Log Files - License Agreement - Service Obligations - Environment Setup - Nomenclature Differences 1.1 Description of Compaq Analyze Compaq Analyze is a fault analysis utility designed to provide analysis for single error/fault events, as well as multiple event and complex analysis. Compaq Analyze provides system analysis that uses other error/fault data sources in addition to the traditional binary error log. Compaq Analyze provides background automatic analysis by monitoring the active binary error log and processing events as they occur. The events in the binary error log file are checked against the analysis rules. If one or more of the events in the binary error log file meets the conditions specified in the rules, the analysis engine collects the error data and creates a problem report containing a description of the problem and any corrective actions required. Once the problem report is created, it is distributed in accordance with the customer's notification preferences. 1.2 Compaq Service Tools Compaq has implemented a common Application Programming Interface (API) for many of its service tools called Web-Based Enterprise Service (WEBES). The tools included in the current WEBES release are: - Compaq Analyze - Compaq Crash Analysis Tool (CCAT) - Revision and Configuration Management (RCM) Compaq Analyze utilizes the common components of WEBES and adds it own functionality. The other WEBES service tools can be installed along with Compaq Analyze and utilize the same common components. 1.3 WEBES and Compaq Analyze Processes Each WEBES-based service tool adds functionality to the Director, a process (or set of processes) that executes continuously. Compaq Analyze provides the Director with the capability to capture and interpret hardware events. Event analysis can be performed automatically or at the request of an outside process. Compaq Analyze includes a web browser interface that enables you to interact with the Director. Although only one Director can run on a machine at any time, many web browser connections can be active simultaneously, all connected to the single Director. ***Note*** WEBES (Web-Based Enterprise Service) and DESTA (Distributed Enterprise Service Tools Architecture) refer to the same common components. 1.3.1 Director The Director manages the machine it is running on and can communicate to Directors on other machines through various communication mechanisms, such as TCP/IP sockets. Figure 1-1 shows an example of two machines running Compaq Analyze processes. Figure 1-1 Compaq Analyze Running on a UNIX and a Windows Machine. In the example, a UNIX machine and an Windows machine, each running a single Director, communicate with each other over a network. The web interface running on the UNIX machine is connected to the Director on the Windows machine and can display the analysis results from binary event log files on the Windows machine. A telnet session running on the Windows machine can issue CLI commands that are processed by the UNIX machine's director. Note that it is not necessary to have the Director running on the local machine for either type of remote connection. The Director captures, translates, and analyzes events as well as routing messages for the Compaq Analyze system. The Director is idle except for the following circumstances: - Events are received for processing - Messages arrive from other Compaq Analyze processes on the same machine - Messages arrive from a Director on another machine - Another WEBES tool within the Director, performs any task The Director is automatically started along with the machine and should not require any intervention. See Sections 1.4 and 1.5 for more information regarding starting and stopping the Director. 1.3.2 Web Interface Using a web browser, such as Netscape Communicator or Internet Explorer, you can connect: - directly to the URL of the Director on the same machine as the browser - directly to the URL of the Director on a remote machine - indirectly to a remote Director through a direct connection to the Director on the local or a remote machine. The web interface can monitor multiple nodes by communicating with the Directors on other machines. You can establish a direct connection to the Director on any machine reachable by its TCP/IP socket port, and, through that connection, view the Compaq Analyze processes on other nodes (via Director-to-Director communication). You do not need to have WEBES installed or running on the web browser's machine to connect directly to the Director on a remote machine. Chapter 3 of this guide describes how to use the web interface. 1.4 Starting the Director The Director is automatically started during system startup. Under normal operation, you should not need to manually start the Director. However, if circumstances require it, you can manually start the Director by following the instructions for your operating system. Tru64 UNIX Enter /usr/sbin/desta start at a shell prompt. The "root" superuser should restart the Director, since only the superuser has privileges to access the system binary error log (/var/adm/binary.errlog). OpenVMS Enter desta start at the OpenVMS command line prompt. The user that restarts the Director must have all privileges set. Without the necessary privileges, the Director will not be able to read the system binary error log (SYS$ERRORLOG:ERRLOG.SYS). Windows Select Programs | Compaq Service Tools | Web-Based Enterprise Service | Start Director from the Start menu. or Enter net start DESTA_Service in a Command Prompt window to start the DESTA_Service Windows service that starts the Director. You also can start DESTA_Service from the Services utility in the Control Panel. 1.5 Stopping the Director Under normal operation, you should not need to stop the Director. However, if circumstances require you to stop the director, follow the instructions for your operating system. Tru64 UNIX Enter /usr/sbin/desta stop at a shell prompt. Any user can stop the Director. OpenVMS Enter desta stop at a prompt. Any user can stop the Director. Windows Select Programs | Compaq Service Tools | Web-Based Enterprise Service | Stop Director from the Start menu. A Stop Director icon appears in the Task Bar, then disappears when the Director's shutdown has completed. You can also stop the Director by stopping the DESTA_Service Windows service. To stop the service, enter net stop DESTA_Service at the command prompt or use the Services utility in the Control Panel. 1.6 Monitoring WEBES Processes You can monitor the WEBES Director process using the following command: desta status This command generates a brief message describing the current state of the DESTA Director process. The states that may be reported are given here: - The Director's status could not be determined. - The Director is NOT running. - The Director's status file indicates it is running, but the process ID was not found, so the Director process is NOT running. - The Director is running. - The Director is starting up. - The Director is shutting down. If the status is undetermined, or you want more detailed information about sub-processes, you may want to use the monitoring procedures specific to your operating system. Tru64 UNIX All WEBES processes are started with the wrapper program desta_exec. The processes currently running can be displayed with the command: ps ugxww | grep desta_exec | grep -v "grep desta_exec" Example output is shown here: root 59899 0.0 0.0 2.11M 8K pts/1 I N 16:34:12 0:00.04 sh -c /usr/opt/compaq/svctools/bin/desta_exec -ss 512K -ms 8M -mx 1024M root 59901 0.0 0.0 2.11M 56K pts/1 I N 16:34:28 0:00.06 sh -c /usr/opt/compaq/svctools/bin/desta_exec -ss 256K -ms 8M -mx 24M -w root 59903 0.0 2.7 16.8M 3.4M pts/1 S N 16:34:28 0:01.71 /usr/opt/compaq/svctools/bin/desta_exec -ss 256 -ms 8 -mx 24 -w root 59904 0.0 17.8 31.5M 22M pts/1 S N 16:34:12 5:43.56 /usr/opt/compaq/svctools/bin/desta_exec -ss 512 -ms 8 -mx 1024 thomas 158960 0.1 5.1 15.9M 6.4M pts/2 S + 13:49:43 0:01.86 /usr/opt/compaq/svctools/bin/desta_exec -ss 512 -ms 8 -mx 1024 com/compaq/svctools/ca/cli/ManuallyAnalyze hscir1.zpd thomas 158989 0.0 0.1 2.11M 192K pts/2 S + 13:49:43 0:00.02 sh -c /usr/opt/compaq/svctools/bin/desta_exec -ss 512K -ms 8M -mx 1024M com.compaq.svctools.ca.cli.ManuallyAnalyze hscir1.zpd The processes beginning with sh -c are parent processes of the desta_exec processes, which do not start with sh -c. (Use the j option to the ps command instead of g to see the process and parent process IDs). The processes without parameters after the -mx nnnn field constitute the Director's set of processes. Processes containing parameters are other WEBES processes. In the example above, the user thomas is manually analyzing the file hscir1.zpd using the Compaq Analyze CLI, shown by the parameter ...ca.cli.ManuallyAnalyze... . OpenVMS Use the following command to show the processes running on an OpenVMS machine: show system (or sho sys for short) Example output is shown here: OpenVMS V7.1-2 on node FIGARO 16-DEC-1999 15:32:50.14 Uptime 14 21:05:23 Pid Process Name State Pri I/O CPU Page flts Pages 00000101 SWAPPER HIB 16 0 0 00:04:10.34 0 0 00000106 IPCACP HIB 10 10 0 00:00:00.00 30 23 00000107 ERRFMT HIB 8 33813 0 00:00:10.05 189 61 00000109 OPCOM HIB 7 1709 0 00:00:00.30 416 41 ... 00000797 DESTA Director HIB 6 110831 0 00:03:14.75 112196 8192 M 0000079A JOHNSON_3 HIB 6 37957 0 00:01:22.05 7612 1102 MS 000006B5 THOMAS_1 HIB 4 8967 0 00:00:03.04 11610 1771 MS In the above example, the DESTA Director parent process is shown. That process has also spawned a subprocess named JOHNSON_3, since the user JOHNSON started the Director, but the relation is not apparent from the output. Other WEBES processes, such as Compaq Analyze Command Line Interface commands, appear named after the user that started them, such as THOMAS_1 in this example, although it is not apparent that the process is a WEBES process. Windows Use the Windows Task Manager to monitor processes in Windows. Start the Task Manager by pressing Ctrl+Alt+Del, and then pressing the Task Manager button. Once the Task Manager window appears, click the Processes tab to view the running processes. All WEBES processes are started with the wrapper program DESTA_exec.exe, so all WEBES processes appear in the Task Manager list as such. You can distinguish the Director set of processes from other WEBES processes by looking at the Base Priority of the DESTA_exec.exe processes. The Director processes always run at Low priority. All other WEBES processes run at Normal or High priority. Because the Director runs as a Windows service, there is an additional process named DESTAService.ex, which wraps the DESTA_exec.exe processes of the Director and runs for the lifetime of the Director. The DESTAService.ex process runs at Low priority. If the Base Priority column is not shown in the Task Manager list, chose Select Columns from the View pull-down menu. In the window that appears, click Base Priority, then OK. 1.7 Log Files Compaq Analyze processes warnings and informational messages from the Director in log files. ***Note*** These warning and informational message files are different from binary event log files. See Section 1.11 for more information about the different log files. If Compaq Analyze appears to execute incorrectly, or does not respond as expected, check the Director log files for messages that may help you restart or recover. The files can be copied to new file names so that they are not overwritten later, and can be sent to your service provider for review. All WEBES processes log their messages either to files or to the terminal window. For common messages you may encounter, refer to the Compaq Analyze Release Notes or Appendix B. 1.7.1 Location The format of the log file messages is the same for all platforms, however, the file locations are operating system-dependent. Tru64 UNIX The Director and web interface log standard output and error messages to: /usr/opt/compaq/svctools/logs/desta_dir.log The Director appends to this log file each time it is started. OpenVMS The Director and web interface log standard output and error messages to: SVCTOOLS_HOME:[LOGS]DESTA_DIR.LOG The Director creates a new log file each time it is started. The previous log file is saved as: DESTA_DIR.LOG;n Where n is the previous version number of the VMS filename. Windows The locations given here assume that Compaq Analyze was installed in the default directory; if this is not the case, the location path will match the chosen installation directory. The Director (and web interface) logs its standard output messages to: C:\Program Files\compaq\svctools\logs\desta_dir_out.txt The Director's standard error messages are logged to: C:\Program Files\compaq\svctools\logs\desta_dir_err.txt The Director creates new log files each time it is started. The previous log files are renamed to desta_dir_err_backup.txt and desta_dir_out_backup.txt, overwriting any previous versions of those files. 1.7.2 Logging Level The messages logged by WEBES processes are stored in the Director log files described in Section 1.7.1. The minimum severity level, or logging level, indicates the lowest priority message that will be written to the files. Only messages that meet or exceed the minimum severity level are written to the Director log files. 1.8 License Agreement The first time you use the Compaq Analyze web interface, the license agreement is shown. To accept the terms of the license agreement, enter the serial number from your computer and press the Enter key. If you do not accept the agreement, you will not be able to use Compaq Analyze. 1.9 Service Obligations A service obligation specifies your service provider, service agreement information, and the duration of your agreement. During the WEBES installation process, you will be prompted to enter the service obligation information. This information is included with the results of translation and analysis. Although Compaq Analyze continues to function without a valid service obligation, local notification and reporting are disabled. In addition, the web interface will no longer operate after your service obligation has expired. Refer to Chapters 2 and 3 for information on viewing service obligations. Information about temporarily overriding the service obligation is contained in Chapter 2. 1.10 Environment Setup For more information on automatic notification and the Compaq Analyze configuration settings refer to the following sections: - To set up Simple Mail Transfer Protocol (SMTP) E-mail notification of problem reports, refer to Chapter 7. - To set up Automated Call Handling Service (ACHS) notification of problem reports, refer to Chapter 7. - To enable Qualified Service Access Point (QSAP) for use with Compaq Remote Support Service (CRSS), refer to Chapter 7. - If you wish to change how the Compaq Analyze components operate, you can change the system configuration using the web interface. Refer to Chapter 6 for more information about system configuration. You can modify the Compaq Analyze environment at any time. 1.11 Nomenclature Differences The term configuration is used in two different contexts in Compaq Analyze: - Hardware Configuration - identifying the Field Replaceable Unit (FRU) or hardware components currently installed in a machine. - System Configuration - identifying the current software settings of the Compaq Analyze system and each of the services it contains. Most of the settings can be changed using the Compaq Analyze interfaces. Log file is also used in two different contexts: - A log file containing text errors or information written by a Compaq Analyze or WEBES process, such as /usr/opt/compaq/svctools/logs/desta_dir.log on Tru64 UNIX - An error or event log file containing binary events written by the system event logger, such as /var/adm/binary.errlog, written by the binlogd daemon on Tru64 UNIX and translated and analyzed by Compaq Analyze  ========================================================================= 2 ***Command Line Interface (CLI)*** This chapter describes the Command Line Interface (CLI) for Compaq Analyze including its usage and functionality. - Overview - Command Syntax - Command Verbs - Analysis - Translation - Summary of Events - Creating New Binary Event Log Files - Input Files - Output Files - Filtering - Knowledge Rulesets - Configuration - Notification - Service Obligations - Getting Help 2.1 Overview The command line interface (CLI) provides a text-based interface for Compaq Analyze and a means to interact with the Director. The CLI enables both automatic and manual analysis (automatic analysis is the default). In automatic mode, Compaq Analyze monitors the binary system event logs for new events. When a event is appended to the binary event log, Compaq Analyze translates the event into a readable format. The decomposed event is passed to the Analyzer for fault analysis. Depending on the analysis of the event and the analysis of a history of events, a problem report may be generated. Manual mode enables you to specify binary event logs for translation and analysis, without interfering with automatic analysis. ***Note*** Most of the examples in this chapter use the Windows directory structure. If you are using a different operating system, you will need to modify the commands accordingly. 2.1.1 Standalone CLI The Director is not required to run all the CLI commands. The following CLI functions can be performed without the Director: - Manual Analysis - Translation - Summary Report - Create New Binary Log File Since these operations do not use the Director, you must have permission to access any log file that you want to process. In addition, messages that would otherwise be written to the Director's log files are included in the output for the command. The messages shown remain subject to the logging level. Refer to Chapter 1 for more information on log messages. 2.1.2 Conventions Table 2-1 describes the conventions used to show CLI commands in this manual. Table 2-1 Syntax Conventions Convention ----- Meaning ----- Bold Command text. Bold is used for information that must be typed as it appears here. For example, command verbs are shown in bold. Italic Variables. Italics are used for information that varies depending on your requirements. For example, inputfile indicates that you should enter the name of the file you want to process. [ ] Optional Entries. Information shown in square brackets is not required. You may or may not include these optional modifiers. In most cases the optional entries pertain to input files, output files and filtering commands. | Mutually Exclusive Entries. The bar separates mutually exclusive entries. 2.2 Command Syntax You interact with the CLI by issuing commands from the command prompt. Some Compaq Analyze operations can be performed using several different commands, or syntaxes. The supported syntaxes are: - Common Syntax - DECevent Emulation (UNIX and VMS) - New Common Syntax You can enter commands using any of the supported command formats. If desired, you can switch between the different syntaxes. ***Note*** The DECevent emulator is only supported on UNIX and VMS systems. In addition, the DECevent emulator only supports some of the commands. Refer to Table 2-4 for a list of the commands supported by the DECevent emulator. If you are using a command syntax other than the default, you must include a syntax designator in the command. Table 2-2 shows the syntax designators. Table 2-2 Syntax Designators Syntax Name ----- Syntax Designator ----- Command Preface ----- Common Syntax x ca (ca x if the default syntax is not set to the common syntax) DECevent Emulator (UNIX) u ca u DECevent Emulator (VMS) v ca v New Common Syntax n ca n 2.2.1 Setting the Default Syntax When Compaq Analyze is installed, the common syntax is the default for the CLI. As a result, when you enter commands in the common syntax you do not need to include a syntax designator. If you want, you can change the default syntax. Any commands that use the default syntax do not require a syntax designator. To specify a default syntax, use the following command: ca syntax syntax_designator Where syntax_designator refers to the letter corresponding to the desired default syntax (see Table 2-2 for the designator associated with each syntax). For example, to set the new common syntax as the default syntax, use the following command: ca syntax n Once the syntax is set, you can enter commands in your chosen syntax without specifying the syntax designator. Table 2-3 shows how the default syntax setting affects commands. Table 2-3 Default Syntax Command Syntax ----- Default Syntax Translation Command Format ----- Not Default Syntax Translation Command Format ----- Common Syntax ca trans ca x trans DECevent Emulator (UNIX) ca -a ca u -a DECevent Emulator (VMS) ca /tra ca v /tra New Common Syntax ca tra ca n tra ***Note*** Changes to the default syntax affect all the users on a system. Thus, if another user changes the default syntax, your session may not function as expected. You can avoid this situation by using a syntax designator with all the commands that support multiple formats. 2.2.2 Showing the Default Syntax To show the current default syntax, use the following command: ca syntax 2.3 Command Verbs The CLI supports both Compaq Analyze commands and Director commands. Compaq Analyze commands use the ca preface and Director commands use the desta preface. ***Note*** If you enter the command ca without any command verb or parameters, Compaq Analyze defaults to translation. In this case, the system event log is translated and the output is sent to the screen. 2.3.1 CA Command Verbs The Compaq Analyze commands that support multiple syntaxes are formed using the following convention: ca syntax_designator command_verb Where syntax_designator indicates which syntax you are using (if it is not the default syntax) and command_verb indicates the action you want to perform. The syntax designator is not necessary if you are using the default syntax. Table 2-4 provides an overview of the available ca command verbs that support multiple syntaxes. Table 2-4 Command Verbs - ca (multiple syntax) Common Syntax ----- DECevent Emulator (UNIX) ----- DECevent Emulator (VMS) ----- New Common Syntax1 ----- Description ----- analyze ana /ana ana (analyze) Switches to manual mode and analyzes one or more binary event logs. See Section 2.5.1 for more details. trans -a /tra tra (translation) Switches to manual mode and translates one or more binary event logs. This command does not send the results to analysis. See Section 2.6 for more details. summ -o sum /sum sum (summarize) Returns a summary of all the events contained in a binary event log. See Section 2.7 for more details. filterlog -b /bin bin (binary) Applies a filter to an existing binary event log and creates a new binary event log containing the subset of events returned after filtering. See Section 2.8 for more details. help help /help help Displays a text-based help file. The text-file describes the syntaxes supported by your operating system. fru fru /fru fru (Advanced) Displays the FRU tree for the system. If you specify a input file, the FRU tree associated with that file is shown. 1 The new common syntax allows abbreviations. You only need to enter the first three letters of a command verb to initiate the command. The full command verb is shown in parenthesis. The Compaq Analyze ca commands that only support one syntax are formed using the following convention: ca command_verb Where command_verb indicates the action you want to perform. Table 2-5 provides an overview of the available ca command verbs that only support one syntax. Table 2-5 Command Verbs - ca (single syntax) Verb ----- Description ----- report Displays the active problem reports generated from automatic analysis. See Section 2.5.2.1 for more details. log Toggles the logging of automatically generated problem reports on or off. See Section 2.5.2.2 for more details. listrk List the paths of the knowledge files registered with DeCOR. See Section 2.10 for syntax information and Chapter 5 for more details on rule sets. regknw Registers or unregisters one or more knowledge (*.krs) files for use during automatic and manual event analysis. See Section 2.10 for syntax information and Chapter 5 for more details on rule sets. sicl Toggles on or off the Compaq Analyze System Initiated Call Logging (SICL) feature, which automatically log calls with Compaq Services if DSNLink is installed on the system. See Section 2.12 for syntax information and Chapter 7 for more details on SICL. 2.3.2 DESTA Commands The Director commands are formed using the following convention: desta command_verb Where command_verb indicates the action you want to perform. Table 2-6 describes the command verbs used with desta. Table 2-6 Command Verbs - desta Verb ----- Description ----- msg Changes the Compaq Analyze port configuration settings. See Section 2.11 for more details on port settings. qsap Toggles on or off the Compaq Analyze Qualified Service Access Point (QSAP) feature, which automatically log calls with Compaq Services. See Section 2.12 for syntax information and Chapter 7 for more details on QSAP. servob Overrides your Compaq Analyze service obligation. See Section 2.13 for more details. start Starts the Director if it has been stopped. See Chapter 1 for more details on starting the Director. status Shows the current status of the Director. See Chapter 1 for more details on the Director's status. stop Manually stops the Director. See Chapter 1 for more details on stopping the Director. 2.4 Command Parameters Parameters are used to specify binary log files for processing, designate output files, and create filters. In most cases, Compaq Analyze allows you to specify parameters in any order. For example, the following commands using the new common syntax are equivalent: ca n tra myinput.zpd out myoutput.txt index=(start:10) brief ca n brief index=(start:10) out myoutput.txt myinput.txt tra Notice that even the placement of the command verb (tra in this case) may be changed. Be aware of the following exceptions to the order independence rule: - With the common syntax, the command verb must be the first parameter. - The parameters of the common syntax filterlog command must be entered in the specified order. See Section 2.8 for more on the filterlog command. - If you are using the new common syntax sum command and you want to generate indexed output, the index parameter must immediately follow the sum command verb. Otherwise, Compaq Analyze will assume you are using the index filter keyword. Refer to Section 2.7 for more on the sum command. 2.5 Analysis If the Director is installed, automatic analysis is initiated when you start your machine. This means that Compaq Analyze automatically analyzes the default event log file and generates reports as necessary. With manual analysis you can select a binary event log for immediate processing. For more information on analysis and the default analysis settings, refer to Chapter 5. 2.5.1 Manual Analysis Use manual analysis to analyze a binary event log other than the system event log. To switch to manual mode, analyze binary event logs, and output the generated reports, use the analysis command. For more information on manual analysis operations and output, refer to Chapter 5. 2.5.1.1 Performing Manual Analysis You can manually analyze binary event logs using any command syntax. Table 2-7 describes the commands used for manual analysis: Table 2-7 Manual Analysis Commands Command Syntax ----- Format ----- Common Syntax ca x analyze [inputfile] [outtext | outhtml outputfile] DECevent Emulator (UNIX) ca u ana [-f inputfile] [> outputfile] DECevent Emulator (VMS) ca v /ana[/out=outputfile] [inputfile] New Common Syntax ca n ana [inputfile] [out | outhtml outputfile] 2.5.1.2 Specifying Input Files By default, manual analysis processes the system event log. If you want to process a different binary log file, you must specify the input file location and name. See Section 2.9.1 for more information on working with input files. 2.5.1.3 Saving Output to a File If you would like to save the generated reports to a file, rather than display them on the screen, you need to specify the file format, location and name. See Section 2.9.2 for more information on working with output files. 2.5.2 Automatic Analysis By default, when the Director is started Compaq Analyze initiates automatic analysis on the binary system event log. Using the CLI, you can view the reports generated by automatic analysis or save them to a file. For more information on automatic analysis and the problem reports generated by analysis, refer to Chapter 5. 2.5.2.1 Viewing Automatic Analysis Reports To view the active problem reports generated by automatic analysis, use the report command. Reports can be viewed in the command prompt window or saved to a file. The syntax for the report command is shown here: ca report [outtext | outhtml outputfile] If you do not include any optional parameters, the reports are shown on the screen. See Section 2.9.2 for more information about working with output files. 2.5.2.2 Logging Automatic Analysis Reports Compaq Analyze can automatically log generated problem reports in the prob.log file located in the logs directory. To turn automatic logging on, use the following command: ca log prob on To turn automatic logging off, use the following command: ca log prob off If the prob.log file already exists, the new data from subsequent logging operations is appended to the existing file. If you delete the prob.log file, it is automatically recreated during the next logging operation. Log output is flushed and the file is closed after each entry. 2.5.3 Analysis Output Refer to Appendix A for an example of a report generated by analysis. 2.6 Translation You can translate, or decompose, the events in a binary event log into a readable format using the translation command. Translation operates in manual mode, meaning you must enter the command every time you want to perform translation. For more information about translation and its default settings, refer to Chapter 4. 2.6.1 Performing Translation Translation is supported by all the Compaq Analyze syntanxes and Table 2-8 describes the commands used for translation: Table 2-8 Translation Commands Command Syntax ----- Format ----- Common Syntax ca x trans [inputfile] [outtext | outhtml outputfile] [filter "filterstatement"] [brief | full] DECevent Emulator (UNIX) ca u -a [-f inputfile] [brief | full] [filter flags] [> outputfile] DECevent Emulator (VMS) ca v /tra[/out=outputfile][/brief | /full][filter flags] [inputfile] New Common Syntax ca n tra [inputfile] [out outputfile] [filterstatement] [brief | full] 2.6.2 Specifying Input Files By default, manual translation processes the system event log. If you want to process a different binary log file, you must specify the input file location and name. See Section 2.9.1 for more information on working with input files. 2.6.3 Saving Output to a File If you would like to save the translated events to a file, rather than display them on the screen you need to specify the file format and name. See Section 2.9.2 for more information on working with output files. 2.6.4 Filtering Log Files You can specify the events from a binary event log file that you want to translate by defining a filter. For more information on filtering refer to Section 2.9.3. 2.6.5 Output Type You can specify either brief or full output for translation. Full output, which is the default, presents all the translation information for an event. Brief output only presents the information used by analysis. 2.6.6 Translation Output Refer to Appendix A for an example of a translated event and to see the difference between full and brief output. 2.7 Summary of Events You can use the CLI to view a summary of the events contained in a binary log file. Table 2-9 describes the command for each syntax. Table 2-9 Summary Commands Syntax ----- Format ----- Common Syntax ca x summ [index] [inputfile] DECevent Emulator (UNIX) ca u -o sum [-f inputfile] [filter flags] DECevent Emulator (VMS) ca v /sum[filter flags] [inputfile] New Common Syntax ca n sum [index] [inputfile] [out | outhtml outputfile] [filterstatement] 2.7.1 Specifying Input Files By default, the summary command returns information for the system event log. If you want to specify a different log file or multiple log files you can do so. See Section 2.9.1 for more information on working with input files. 2.7.2 Filtering Log Files You can specify the events from a binary event log file that you want to view a summary report for by defining a filter. For more information on filtering refer to Section 2.9.3. Summary report filtering is not supported by the common syntax. If you want to filter the events in a log file before generating a summary report, use another syntax. 2.7.3 Indexed Output By default, a tallied list of all the events in the binary event log files is generated. However, you can generate an indexed list of all the events using the index modifier. The indexed output is not available with the DECevent syntaxes. 2.7.4 Example Output The results of the summary command are displayed in the command prompt window. An example of the standard, tallied output is shown here: Log: /svctools_home/ca/examples/ds20_660_binary.errlog Qty Type Description ------ ------ ------------------------------------ 1 302 Tru64 UNIX Panic ASCII Message 1 300 Tru64 UNIX Start-up ASCII Message 1 660 UnCorrectable System Event 1 110 Configuration Event 1 310 Tru64 UNIX Time Stamp Message First Entry Date: Thu May 27 09:18:06 MDT 1999 Last Entry Date: Thu May 27 13:00:32 MDT 1999 An example of the indexed output is shown here: Log: /SVCTOOLS_HOME/ca/examples/ds20_660_binary.errlog Index Type Description Date/Time ------ ------ ---------------------------------- --------------------- 1 660 UnCorrectable System Event 05/27/99 09:18:06 MDT 2 302 Tru64 UNIX Panic ASCII Message 05/27/99 09:18:08 MDT 3 110 Configuration Event 05/27/99 09:19:57 MDT 4 300 Tru64 UNIX Start-up ASCII Message 05/27/99 09:19:57 MDT 5 310 Tru64 UNIX Time Stamp Message 05/27/99 13:00:32 MDT 2.8 Creating New Binary Event Log Files You can filter the contents of existing binary event logs and create a new binary event log file containing a subset of the events from the originals. When you create a new binary log file, Compaq Analyze checks the events in the original binary event log file against the filter statement. All the events that meet the criteria specified by the filter statement are added to the new binary event log file. The new binary event log file can then be used for analysis, translation, or any other Compaq Analyze process. The syntax for creating new binary event log files is as follows: Table 2-10 Create New Log File Commands Command Syntax ----- Format ----- Common Syntax ca x filterlog inputfile outputfile ["filterstatement"] DECevent Emulator (UNIX) ca u -b outputfile [-f inputfile(s)] [filter_flags] DECevent Emulator (VMS) ca v /bin=outputfile[/filter_flags] [inputfile(s)] New Common Syntax ca n bin [inputfile(s)] out outputfile [filterstatement] 2.8.1 Specifying Input Files By default, the system event log is used as the input file. If you want to process a different binary log file or files, you must specify the input file location and name. See Section 2.9.1 for more information on working with input files. ***Note*** You cannot use multiple input files with the common syntax. If you are using another syntax, you can specify multiple input files and merge them into a single binary log file (in this case, filtering occurs for each input file before events are written to the new file). Be aware that Compaq Analyze does not remove duplicate events. 2.8.2 Saving Output to a File You must specify a file name and location where the new binary output file will be saved. The output file parameter is mandatory when you are creating a new binary event log file. 2.8.3 Filtering Log Files You can specify the events from a binary event log file that you want to include in the new log file by defining a filter. If you do not define a filter, the new log file will contain all the events in the existing log file. For more information on filtering refer to Section 2.9.3. 2.9 Modifying Commands By default, the analysis, translation, summary and new binary log file commands all process the system event log. The output from analysis, translation and summary commands is displayed on the screen. You can change these defaults in order to process other binary log files and save the processing results to a file. With some of the commands you can further restrict the events that are processed by filtering the binary log file used for input. The following sections describe how to use these features. 2.9.1 Input Files Many of the commands used in manual mode enable you to specify an input binary event log file. Table 2-11 describes how to specify a input file using each syntax. Table 2-11 Specifying an Input File Syntax ----- Format ----- Example ----- Common Syntax Append the directory and filename of the desired input file to the end of the command. ca x analyze examples\ds20.errlog DECevent Emulator (UNIX) -f filename Where filename indicates the name and location of the input file. ca u ana -f examples/ds20.errlog DECevent Emulator (VMS) Append the directory and filename of the desired input file to the end of the command. ca v /ana [.examples]ds20.errlog New Common Syntax Include the directory and filename of the desired input file after the command verb. ca n ana examples\ds20.errlog When you are specifying an input file, the following guidelines apply: - Specifying an input file is optional. If you do not specify either a directory or a file, Compaq Analyze processes the binary system event log. An example of a command without any input file criteria is shown here: ca analyze This rule does not apply when you are using the common syntax filterlog command. Refer to Section 2.8 for more information. - You can use the relative directory structure to specify input files. Thus, if you were in the C:\program files\compaq\svctools\ca directory and you wanted to analyze the ds20.errlog binary event log located in the C:\program files\compaq\svctools\ca\examples directory, you could enter the following command: ca analyze examples\ds20.errlog - If you specify a directory but no file name, Compaq Analyze processes all the files with a .errlog, .sys, .zpd, or .evt extension located in the provided directory. An example of a command that only indicates a directory is shown here: ca analyze examples\ - Multiple filenames can be specified by separating them with spaces, as shown in the following example: ca analyze examples\ds20.errlog hscir1.zpd - You can use wildcards to specify multiple files. In the example shown here, all the files located in the \examples directory with a name that starts with ds and an .errlog extension are analyzed: ca analyze examples\ds*.errlog 2.9.2 Output Files With many commands, you can save the results of processing to a file rather than viewing the output on the screen. Table 2-12 describes how to specify a output file using each syntax. ***Note*** These output file guidelines do not apply when you are creating a new binary event log. Refer to Section 2.8 for more details. Table 2-12 Specifying an Output File Syntax ----- Format ----- Example ----- Common Syntax outtext filename outhtml filename The outtext option creates a text output file and the outhtml option creates a html output file. In both cases, filename refers to the directory and filename where you want to save the output. ca x analyze outtext results.txt ca x analyze outhtml results.html DECevent Emulator (UNIX) > filename Where filename indicates the name and location of the output file. The output file must be located at the end of the command. Output files are always saved in text format. ca u ana > results.txt DECevent Emulator (VMS) /out=filename Where filename indicates the name and location of the output file. Output files are always saved in text format. ca v /ana/out=results.txt New Common Syntax out filename outhtml filename The out option creates a text output file and the outhtml option creates a html output file. In both cases, filename refers to the directory and filename where you want to save the output. ca n ana out results.txt ca n ana outhtml results.html 2.9.3 Filtering Some of the CLI commands enable you to filter a binary event log file and only process a subset of the events. Filtering statements are different depending on the syntax you are using. Table 2-13 shows the general rules each syntax uses with filtering. Table 2-13 General Filtering Rules Syntax ----- Rules ----- Common Syntax Filtering can be used with the trans and filterlog commands. Use the filter keyword before the filter statement when filtering with the trans command. Filter statements must be enclosed in quotation marks. You can join multiple filter statements by using an ampersand (&) between them. Most filter parameters are not case sensitive. Exceptions are given in Table 2-14. DECevent UNIX Filtering can be used with the -a, -o sum, and -b commands. You can include multiple filter statements by using more than one filtering flag in a command. In this case, separate each flag with a space. DECevent VMS Filtering can be used with the /tra, /sum, and /bin commands. You can include multiple filter statements by using more than one filtering flag in a command. You do not need to put a space between flags. New Common Syntax Filtering can be used with the tra, sum, and bin commands. You can include multiple filter statements by separating them with comma and a space. You can abbreviate the filter parameters. You only need to enter the minimum number of letters required to uniquely identify a parameter. For example, index could be abbreviated as ind. Table 2-14 describes filtering statements for each syntax. Table 2-14 Filtering Statements Common Syntax ----- DECevent UNIX ----- DECevent VMS ----- New Common Syntax ----- dtb=date (date_time_begin) dte=date (date_time_end) -t s:date e:date /SIN=date /BEF=date begin=date since=date end=date Filters based on the time the event occurred. No events that occurred before the given start time or after the given end time are processed. The date can be entered in any format supported by Java (for example, dd-mmm-yyyy,hh:mm:ss). You do not need to include the time (hh:mm:ss) with the date. Be aware of the following guidelines: The DECevent UNIX syntax combines the start and end times are in a single filter statement. The new common syntax begin and since statements are equivalent. You can use the keywords YESTERDAY and TODAY with the DECevent syntaxes and the new common syntax. With the new common syntax begin and since keywords, you can enter a negative integer value to process based on a relative date. For example, entering -3 processes events from the last three days. rtdb=days (rel_time_days_begin) rtde=days (rel_time_days_end) rthb=hours (rel_time_hours_begin) rthe=hours (rel_time_hours_end) Filters based on the time the event occurred relative to the time the first or last event in the log file occurred. Filtering based on days and hours is supported. For example, using the filter rtdb=3 will processes all the events that occurred within three days of the first event in the file. et=nn et!=nn etnn (entry_type) Filters based on the numeric event type. Be aware of the following guidelines: With the = and != operators you can enter multiple entry types by separating them with commas. Instead of entering entry type numbers, you can use one of the supported keywords. Refer to Table 2-15 for the supported keywords. -i keyword -x keyword /INC(keyword) /EXC(keyword) include=keyword exclude=keyword FIlters based on the numeric entry type. You must enter a keyword rather than the actual entry type. Refer to Table 2-15 for information on supported keywords. cn=name cn!=name (computer_name) -H name /NOD=name node=name Filters based on the node responsible for generating the event. With the common syntax = and != operators you can enter multiple entry types by separating them with commas. The name argument is case sensitive. ost=n ost!=n (os_type) Filters based on the operating system type, using the numeric representation for each operating system. With the common syntax = and != operators you can enter multiple entry types by separating them with commas. idx=nn idx!=nn idxnn (event_index) -e s:nn e:nn /ENT=(S:nn,E:nn) index=nn index=(start:nn end:nn) Filters based on the event's position in the event log. With the common syntax = and != operators you can enter multiple entry types by separating them with commas. sort=keyword Used with a keyword to organize the output. The following keywords are supported: entry - sorts based on entry type from highest entry type number to lowest reventry - sorts based on entry type from lowest entry type number to highest time - sorts based on entry time from most recent to oldest revtime - sorts based on entry time from oldest to most recent idx - sorts based on the entry index number from highest to lowest revidx - sorts based on the entry index number from lowest to highest -R /REV reverse Processes the events in reverse order according to the event index number. Table 2-15 Event Type Keywords Keyword ----- Description ----- Supported Syntaxes ----- mchk-all All machine check events. Common Syntax mchk All machine check events. Common Syntax New Common Syntax mchk-sys All system machine check events. Common Syntax mchk-cpu All cpu machine check events. Common Syntax mchk-env All environmental machine check events. Common Syntax cam All SCSI entries logged by the CAM logger (199). DECevent New Common Syntax configurations Configuration entries (110). DECevent New Common Syntax control_entries System startup entries or new error log creation entries (32, 35, 300). DECevent New Common Syntax cpus Machine check entries for AXP (mchk-cpu). DECevent environmental_entries Power entries (mchk-env). DECevent New Common Syntax swxcr Entries logged by SWXCR (198). DECevent New Common Syntax machine_checks or mchks Events with machine checking information (mchk). DECevent New Common Syntax operating_system=value or os=value Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. DECevent New Common Syntax panic Crash re-start, system panic, or user panic entries (37, 302). DECevent New Common Syntax software_informationals or swi Events with lastfail, system startup, or system configuration information (volume mounts, volume dismounts, new error logs, timestamp entries) (32, 35, 37, 38, 39, 64, 65, 250, 300, 301, 310). DECevent New Common Syntax osf_entry Events logged on a Tru64 UNIX operating system. DECevent New Common Syntax mchk_sys All system machine check events. New Common Syntax mchk_cpu All cpu machine check events. New Common Syntax mchk_env All environmental machine check events. New Common Syntax Examples - Common Syntax The following examples show sample commands that use filtering. A description of what the filter does follows each example. ca x trans filter "computer_name=ComputerName" ca x filterlog inputfile.zpd outputfile.bin "computer_name=ComputerName" Processes events from the system described by ComputerName. ca x trans filter "computer_name!=ComputerName & date_time_begin=11-Jan-2000" ca x filterlog inputfile.zpd outputfile.bin "computer_name!=ComputerName & date_time_begin=11-Jan-2000" Processes events that did not occur on the system described by ComputerName that occurred after January 11, 2000. ca x trans filter "date_time_end=31-Jan-2000,20:33:57" ca x filterlog inputfile.zpd outputfile.bin "date_time_end=31-Jan-2000,20:33:57" Processes events that occurred before 8:33:57 PM on January 31, 2000. ca x trans filter "rel_time_days_begin=4" ca x filterlog inputfile.zpd outputfile.bin "rel_time_days_begin=4" Processes events that occurred no more than four days after the first event in the log file. ca x trans filter "rel_time_hours_end=35" ca x filterlog inputfile.zpd outputfile.bin "rel_time_hours_end=35" Processes events that occurred no more than 35 hours before the last event in the log file. ca x trans filter "entry_type=mchk-cpu" ca x filterlog inputfile.zpd outputfile.bin "entry_type=mchk-cpu" Processes all CPU machine check events. ca x trans filter "entry_type!=610,620,630" ca x filterlog inputfile.zpd outputfile.bin "entry_type!=610,620,630" Processes all events, except those of type 610, 620, and 630. Only the common syntax supports filtering based on specific entry types the other syntaxes must use keywords. ca x trans filter "entry_type>600" ca x filterlog inputfile.zpd outputfile.bin "entry_type>600" Processes all events with a type greater than 600. ca x trans filter "entry_type<300 & os_type=3" ca x filterlog inputfile.zpd outputfile.bin "entry_type<300 & os_type=3" Processes all events with a type less than 300 and an operating system of type 3. ca x trans filter "os_type!=1,2 & sort=revtime" ca x filterlog inputfile.zpd outputfile.bin "os_type!=1,2" Processes all events without an operating system type of 1 or 2. The translation command presents the output in reverse chronological order. ca x trans filter "entry_index>15" ca x filterlog inputfile.zpd outputfile.bin "entry_index>15" Processes all the events after the fifteenth event in the log file. Examples - DECevent UNIX The following examples show sample commands that use filtering. A description of what the filter does follows each example. ca u -a -H ComputerName ca u -o sum -H ComputerName ca u -b outputfile.bin -f inputfile.zpd -H ComputerName Processes events from the system described by ComputerName. ca u -a -t e:31-Jan-2000,20:33:57 ca u -o sum -t e:31-Jan-2000,20:33:57 ca u -b outputfile.bin -f inputfile.zpd -t e:31-Jan-2000,20:33:57 Processes events that occurred before 8:33:57 PM on January 31, 2000. ca u -a -i cpu ca u -o sum -i cpu ca u -b outputfile.bin -f inputfile.zpd -i cpu Processes all CPU machine check events. ca u -a -x operating_system=1 -R ca u -o sum -x operating_system=1 ca u -b outputfile.bin -f inputfile.zpd -x operating_system=1 Processes all events without an operating system type of 1. The translation command presents the output in reverse chronological order. ca u -a -e s:15 ca u -o sum -e s:15 ca u -b outputfile.bin -f inputfile.zpd -e s:15 Processes all the events after the fifteenth event in the log file. Examples - DECevent VMS The following examples show sample translation commands that use filtering. A description of what the filter does follows each example. ca v /tra/nod=ComputerName ca v /sum/nod=ComputerName ca v /bin=outputfile.bin/nod=ComputerName inputfile.zpd Processes events from the system described by ComputerName. ca v /tra/bef=31-Jan-2000,20:33:57 ca v /sum/bef=31-Jan-2000,20:33:57 ca v /bin/bef=31-Jan-2000,20:33:57 Processes events that occurred before 8:33:57 PM on January 31, 2000. ca v /tra/inc(cpu) ca v /sum/inc(cpu) ca v /bin=outputfile.bin/inc(cpu) inputfile.zpd Processes all CPU machine check events. ca v /tra/EXC(operating_system=1)/rev ca v /sum/EXC(operating_system=1) ca v /bin=outputfile.bin/EXC(operating_system=1) inputfile.zpd Processes all events without an operating system type of 1. The translation command presents the output in reverse chronological order. ca v /tra/ent=(s:15) ca v /sum/ent=(s:15) ca v /bin=outputfile.bin/ent=(s:15) inputfile.zpd Processes all the events after the fifteenth event in the log file. Examples - New Common Syntax The following examples show sample translation commands that use filtering. A description of what the filter does follows each example. ca n tra node=ComputerName ca n sum node=ComputerName ca n bin inputfile.zpd out outputfile.bin node=ComputerName Processes events from the system described by ComputerName. ca n tra end=31-Jan-2000,20:33:57 ca n sum end=31-Jan-2000,20:33:57 ca n bin inputfile.zpd out outputfile.bin end=31-Jan-2000,20:33:57 Processes events that occurred before 8:33:57 PM on January 31, 2000. ca n tra include=mchk_cpu, mchk_sys reverse ca n sum include=mchk_cpu, mchk_sys ca n bin inputfile.zpd out outputfile.bin include=mchk_cpu, mchk_sys Processes all CPU machine check and system machine check events. The translation command presents the output in reverse chronological order. ca n tra index=(start:15) ca n sum index=(start:15) ca n bin inputfile.zpd out outputfile.bin index=(start:15) Processes all the events after the fifteenth event in the log file. 2.10 Knowledge Rulesets Rulesets are used in conjunction with analysis. The events in a binary log file are compared with rulesets. Depending on the results of this comparison problem reports are generated. The following commands are used to work with rulesets. ca listrk - lists the registered rulesets used by analysis (see Chapter 5 for more information). ca regknw - registers or unregisters the rulesets used by analysis (see Chapter 5 for more information). 2.11 Configuration The Compaq Analyze configuration settings control port numbers and other features. The following commands can be used to change the configuration. desta msg -chgport nnn - changes the socket ports (see Chapter 6 for more information). ***Note*** There are more configuration settings that can be changed using the web interface. Refer to Chapter 6 for more information on configuration. 2.12 Notification SICL and QSAP are both used for automatic notification. With automatic notification, the results of analysis are sent to your service provider. The following CLI commands can be used to turn automatic notification on and off. ca sicl - turns SICL notification on and off (see Chapter 7 for more information). desta qsap - turns QSAP on and off (see Chapter 7 for more information). 2.13 Service Obligations Your service obligation describes the details of your service agreement. You can view an existing service obligation or override an expired obligation from the command line. See Chapter 1 for more information about service obligations. 2.13.1 Show To view the service obligation for a machine, enter the following command: desta servob show This displays all the information associated with your service obligation. The following example depicts the service obligation information: WEBES Service Obligation Status ------------------------------- Service Obligation: Valid Service Obligation Number: 50036123 System Serial Number: 50036123 Service Provider Company Name: Compaq 2.13.2 Override If you need to view the analysis or translation results on a computer without a valid service obligation, you can override the service obligation using the following command: desta servob override Overriding does not change the service obligation; rather, it enables your service provider to use Compaq Analyze without a valid service obligation. Overriding the obligation enables you to view Compaq Analyze report output for one hour regardless of your obligation status. The following example shows the prompts that appear when you override the service obligation along with sample answers: WEBES Service Obligation Override --------------------------------- Service Provider Company Name? Compaq Service Provider Employee Name? Jack Smith Service Provider Employee ID#? 000000000000 ___. WARNING on March 28, 2000 7:36:01 AM MST (0.037 sec elapsed) Obligation Information Changed as follows: Obligation overridden for service provider until Tue Mar 28 08:36:01 MST 2000 by Jack Smith (000000000000) of Compaq on Tue Mar 28 07:36:01 MST 2000 Current Thread[main,5,main] The override information is included in the output resulting from any subsequent analysis or translation operation. 2.14 Getting Help You can access help from the CLI using the command for your operating system: - Tru64 UNIX - man ca, man desta, and ca help - OpenVMS - help ca and help desta, and ca /help - Windows - ca help Help is also available through the User Guide. There are four different User Guide formats installed by the kit: - Adobe Acrobat Format (located in the \svctools\ca\docs\pdf directory) - ASCII Text Format (located in the \svctools\ca\docs\txt directory) - HTML Help Format (located in the \svctools\ca\html\help directory) - HTML Format (located in the \svctools\ca\html\ns3help directory) ***Note*** To navigate the HTML formats, use your browser to open the start.html file. If you are a VMS user and your browser is Netscape 3.03, you will need to use the HTML format rather than the HTML Help format. The JavaScript used in the HTML Help format is not supported in Netscape 3.03.  ========================================================================= 3 ***Web Interface*** This chapter describes how to access and use the Compaq Analyze web interface. - Description - Accessing the Web Interface - Toolbar - Navigation - The Navigation Tree - Analysis Information - Processing Status - Settings - Getting Help - Log Off - Service Obligation - Disabling the Web Service 3.1 Description The web interface provides browser-based access to Compaq Analyze. You can use the web interface to connect to the Director on your local machine or on remote machines and process their binary event log files. Processing a log file involves translation and analysis. 3.1.1 Translation Event information in the system event log is stored in binary format. Translation is the process of converting this binary data into readable text. The web interface performs translation as part of analysis, and translation information is shown along with analysis results. See Section 3.6 for more information on how the web interface presents translation information. Refer to Chapter 4 for more information on translation, interpreting translated events, and default translation settings. 3.1.2 Analysis The information from binary event log files can be used to detect hardware failures on the system. When the system writes an event to a binary event log file, Compaq Analyze processes the event according to the registered rule sets. The rule sets contain the information necessary to interpret events. When an event matches the conditions described in the rule sets, Compaq Analyze creates a problem report containing information about the event and proposed resolutions. This process is called analysis. See Section 3.6 for more information on how the web interface presents analysis information. Refer to Chapter 5 for more information on analysis and its results. The web interface can perform automatic and manual analysis. 3.1.2.1 Automatic When the Director is started, Compaq Analyze initiates automatic analysis. In automatic mode, Compaq Analyze continuously monitors the binary system event log and processes events as they arrive. Problem reports are generated as necessary. For more information about automatic analysis operations and output, refer to Chapter 5. 3.1.2.2 Manual Manual analysis also compares the events from log files to the registered rule sets and generates problem reports. However, unlike automatic analysis, you must manually select each binary event log file you want to process. For more information about manual analysis operations and output, refer to Chapter 5. 3.1.3 Notification The results of automatic analysis can be sent to remote systems using SMTP or SICL. Refer to Chapter 7 for more information on notification. 3.2 Accessing the Web Interface The following sections contain information about accessing the web interface. 3.2.1 Supported Web Browsers The web interface requires a web browser program that supports Java 1.1 applets and HTML frames. The minimum browser versions for each operating system are provided here: - Tru64 UNIX - Netscape version 3.0.3 through 4.x (version 4.5 and later recommended) and Internet Explorer version 4.0 and later - OpenVMS - Netscape version 3.0.3 - Windows - Netscape version 3.0.3 through 4.x (version 4.5 and later recommended) and Internet Explorer version 4.0 and later Be aware, the web interface may display differently in Netscape and Internet Explorer. 3.2.2 Browser Setup The setup options that must be configured in order to use the web interface are described here: - Netscape and Internet Explorer - Configure your browser to bypass your proxy server when you connect to the Director on your local machine. - Internet Explorer - The "Use HTTP 1.1" option must be enabled for the web interface to function properly. To enable the option, select Internet Options from the Tools menu. From the Options window, select the Advanced tab and make sure the check box next to "Use HTTP 1.1" is selected. 3.2.3 Browsers and the Web Interface Depending on the browser you use, there are several issues that impact how the web interface is displayed. - Netscape and Internet Explorer - Do not use your browser's Back button unless you are viewing the details of a problem report or translated event. Using the Back button may have unexpected results. - Netscape and Internet Explorer - Do not use your browser's Refresh button at the top of your browser while using the Web Interface. The Refresh button terminates the active profile's Compaq Analyze session. In order to use the profile, you must manually log out the profile name and then logon to Compaq Analyze again. - Netscape and Internet Explorer - The web interface is composed of three frames (the toolbar, the navigation tree, and the display frame). If, at any time, one of these frames is not updated with the latest information or does not load, you should refresh the frame. To refresh a frame, right-click in the desired frame and either select the Reload Frame (Netscape) or Refresh (Internet Explorer) option from the pop-up menu. - Netscape and Internet Explorer - During heavy processing, you may see JavaScript errors. You can safely ignore these errors. Depending on the error message, respond in one of the following ways: - Click the OK button on the error dialog box to resume using Compaq Analyze. - If the dialog box asks if you want to continue running scripts, click the Yes button to continue using Compaq Analyze. - Netscape - Once you logon to Compaq Analyze, you cannot resize the browser window. In addition, the browser window cannot be resized, even after you logoff Compaq Analyze. To resize your browser window after using Compaq Analyze, open a new window and close the window where Compaq Analyze was running. - Internet Explorer - Include the full URL in the address line of your browser, including http:// (for example, http://14.77.189.23:7902/ rather than 14.77.189.23:7902/). 3.2.4 Starting the Web Interface It is not necessary to have the Director running on your machine in order to use Compaq Analyze. In fact, WEBES need not be installed on the browser's machine at all. However, WEBES must be installed and the Director must be running on the target machine in order to connect to its Compaq Analyze system. Therefore, before using the web interface, you must ensure the Director is started on the target machine. There is no need to run the Director on your local machine unless it is the target. Chapter 1 describes web interface connections further. Use the following procedure to access the web interface: 1. Start the Director on the machine(s) you want to connect to, if they have not been started already. Refer to Chapter 1 for details. 2. Start your web browser. 3. Enter the URL of a target machine to connect to it. - To connect to a remote host, enter: http://hostname.domain.com:7902 Substitute the target machine's hostname and domain. - To connect to the same machine that the web browser is running on, enter: http://localhost:7902 In some network configurations, the name localhost may not be recognized. Enter the machine's hostname or its IP address (such as http://14.77.189.23:7902) instead. If you use Internet Explorer, be aware that you must include the http:// for the page to load. 4. Enter the profile name you want to use in the Logon window (Figure 3-1) and either click the Logon button or press Enter. See Chapter 6 for more information on profiles. Figure 3-1 Logon Window The web interface main screen is shown in Figure 3-2. Figure 3-2 The Web Interface The value of the URL field appears as follows: http://hostname:7902/&profile:username&connId=nnn Where hostname indicates the machine you logged into, username indicates your profile, and nnn represents your numeric connection ID. The components of the web interface display are described in Table 3-1. Table 3-1 Web Interface Components Component ----- Description ----- Title Bar Shows the software version, active profile, and operating system. Toolbar Provides access to the on-line help and system configuration. See Section 3.3 for more information. Navigation Tree Lists the available groups, nodes, and log files. Display Frame Displays interactive windows and system information. Information Bar Displays messages from the browser and context sensitive help information. See Section 3.9.1 for more information on the web interface's context sensitive help. Initially, the display frame shows product information. 3.3 Toolbar Figure 3-3 shows the web interface toolbar. Figure 3-3 Toolbar Table 3-2 describes the toolbar commands: Table 3-2 Toolbar Component ----- Description ----- Help Button Opens a new browser window containing the on-line user guide. See Section 3.9 for more information on getting help. Settings Button Opens the system settings window in the display frame. See Section 3.8 for more information on changing the settings. Log Off Button Ends the Compaq Analyze session and returns you to the Logon Window (Figure 3-1). See Section 3.10 for more details. 3.4 Navigation Compaq Analyze can connect to many different computers and each computer can have many different binary event log files available for analysis. It is possible to monitor numerous binary event log files generated by different computers all from a single web interface. In order to simplify the process of monitoring these diverse information sources, the web interface uses a hierarchical navigation tree composed of groups, nodes, and binary event log files. The entries in the navigation tree are as follows: - Groups - multiple computers that are logically associated. Groups contain one or more nodes. - Nodes - individual computers. Each node has its two types of log files. - Log Files - system information stored in binary files. Each node has two types of binary event log files: - System Log - the binary system event log where the computer writes system information. - Real Time Monitoring - automatic analysis results. - Full View - manual analysis results for the system event log. - Other Logs - any other binary event log files saved on the computer. These can include old files, files from other systems, and examples. The tree structure can be collapsed to the group level (Figure 3-4). Figure 3-4 Collapsed Tree Click on the expansion symbol for an entry to view its contents. Once an entry is expanded, the expansion symbol changes to a collapse symbol. To hide the contents again, click the collapse symbol. An example of an expanded tree is shown in Figure 3-5. Figure 3-5 Navigation Tree Each entry in the frame has a name and an icon that indicates its type. For example, in Figure 3-5 you can tell that the jarjar.cxo.dec.com node is inactive because of its icon. You can customize the navigation tree by adding and removing groups, nodes, catagories, and binary event log files (see Section 3.5). In addition, you can view the results of automatic analysis and initiate manual analysis from the navigation tree (see Section 3.6). 3.5 The Navigation Tree The first time you run the web interface using your profile, only one entry appears in the navigation tree. The machine that you logged into is listed as a node under the Default Group. You can customize the navigation tree display by creating new groups, adding nodes to groups, and selecting log files. ***Note*** After you submit changes to the navigation tree, Compaq Analyze refreshes the display. The refresh process may take a few seconds. If your changes do not appear after 20 seconds, you may need to manually refresh the frame. Refer to Section 3.2.3 for information on refreshing the web interface. 3.5.1 Groups All the groups are listed in the navigation tree. If a group includes nodes, an expansion symbol appears next to its name in the tree. To view the nodes under a group, click the expansion symbol. From the navigation tree, you can create new groups and remove existing groups. 3.5.1.1 Adding Groups To add new groups use the following procedure: 1. Click the Compaq Analyze link at the top to the navigation tree. The Group Maintenance window appears in the display frame. 2. Select the Add Groups tab at the bottom of the window (Figure 3-6). Figure 3-6 Add Group 3. Select the location for the new group from the list of groups. 4. Use the radio buttons to indicate whether you want the group located before, after, or nested under the selected group. 5. Enter the group name in the entry box. If you enter a group name that is already in the navigation tree at the same level, Compaq Analyze will not create a new group. 6. Click the Add New Group button. The new group appears in the navigation tree. ***Note*** If you do not enter a group name before you click the Add New Group button, Compaq Analyze will create a group named "newGroup". 3.5.1.2 Removing Groups ***Note*** Removing a group removes all the nodes and files contained in the group as well as all the lower level groups nested under the removed group. To remove existing groups use the following procedure: 1. Click the Compaq Analyze link at the top to the navigation tree. The Group Maintenance window appears in the display frame. 2. Select the Remove Groups tab at the bottom of the window (Figure 3-7). Figure 3-7 Remove Group 3. Select the group name from the list of available groups. If you want to remove multiple groups, use one of the following methods: - Hold the Ctrl key and click on each desired group name. - If the groups you want to remove are listed together, hold the Shift key and click on the first and last group to select all the groups between them. 4. Click the Remove Selected Group(s) button. The selected groups are removed from the navigation tree. 3.5.2 Nodes When you expand a group in the navigation tree, the nodes contained in that group are shown. Every node can be expanded by clicking on the expansion symbol next to its name. Expanding a node reveals the log file types included in that node, the system log and other logs. You can add and remove nodes from the groups in the navigation tree. ***Note*** Unless the system is accessible through the nameserver, you must use the IP address instead of the name of the node. For example, the hostname of a Windows machine using Dynamic Host Configuration Protocol (DHCP) is not listed with the nameserver, and therefore must be added using its IP address instead of its hostname. 3.5.2.1 Adding Nodes Any computer where the Director is running can be added to your web interface navigation tree as a node. To add additional nodes use the following procedure: 1. Determine the group you want to add nodes to, and click the link for that group. The Node Maintenance window appears in the display frame. 2. Select the Add Nodes tab at the bottom of the window (Figure 3-8). Figure 3-8 Add Node 3. Select the location for the new node from the list of nodes in the group. 4. Use the radio buttons to indicate whether you want the node located before or after the selected node. 5. Enter the node name in the entry box. Be aware that if you enter the name of a node you are already connected to, Compaq Analyze will add the node again. This will overwrite any Other Logs settings associated with the node. 6. Click the Add New Node button. ***Note*** If you do not enter a node name before you click the Add New Node button, Compaq Analyze will create a node named "newNode". You can only display the results of automatic analysis if there is a node named "newNode" on the system. Adding a node enables you to display the results of automatic analysis for that node's system event log. 3.5.2.2 Removing Nodes ***Note*** Removing a node removes all the additional binary event log files contained in the node from the navigation tree. To remove existing nodes use the following procedure: 1. Determine the group you want to remove nodes from, and click the link for that group. The Node Maintenance window appears in the display frame. 2. Select the Remove Nodes tab at the bottom of the window (Figure 3-9). Figure 3-9 Remove Node 3. Select the node name from the list of available nodes. If you want to remove multiple nodes, use one of the following methods: - Hold the Ctrl key and click on each desired node name. - If the nodes you want to remove are listed together, hold the Shift key and click on the first and last node to select all the nodes between them. 4. Click the Remove Selected Node(s) button. If a node is contained in multiple groups, removing it from one of the groups will not affect its presence in the other groups. 3.5.2.3 Node Status Nodes are either active or inactive. By default, when you connect to a node or load a profile that connects to other nodes, all the nodes are active. A node is only classified as inactive if Compaq Analyze cannot connect to it. Inactive nodes appear in the navigation tree with a red "X" through their icon. If a node is inactive, you can try to connect to it again at a later time. To connect to a inactive node use the following procedure: 1. Click the expansion icon next to the node. The only available option is "Activate this node" (Figure 3-10). Figure 3-10 Activate Node 2. Click the "Activate this node" link. If the director on the remote node is accessible, a message appears in the display frame (Figure 3-11) and the navigation tree is updated to show the new status. Figure 3-11 Activating Node Message If the director is not accessible, a message appears in the display frame (Figure 3-12) and the navigation tree is not changed. Figure 3-12 Unable to Activate Node Message 3.5.3 Categories Categories provide a method for grouping the log files listed under the Other Logs folder. If you use categories, Compaq Analyze provides another layer of folders under the Other Logs folder. This feature may be useful if you monitor numerous log files. ***Note*** Categories are an optional feature that is disabled by default. If you want to use categories, you must enable the feature using the User Settings tab on the Settings window (see Section 3.8). 3.5.3.1 Adding Categories Once you have enabled the categories feature, you can add categories to the navigation tree. To add categories use the following procedure: 1. Determine the node you want to add categories to, and click the Other Logs entry for that node. The Category Maintenance window appears in the display frame. 2. Select the Add Categories tab at the bottom of the window (Figure 3-13). Figure 3-13 Add Category 3. Select the location for the new category from the list of the node's existing categories. 4. Use the radio buttons to indicate whether you want the category located before, after, or nested under the selected category. 5. Enter the category name in the entry box. Be aware that if you enter the name of a existing category, Compaq Analyze will not create a new category. 6. Click the Add New Category button. ***Note*** If you do not enter a node name before you click the Add New Category button, Compaq Analyze will create a category named "newCat". 3.5.3.2 Removing Categories ***Note*** Removing a category removes all the binary event log files contained in the category from the navigation tree. To remove existing categories use the following procedure: 1. Determine the node you want to remove categories from, and click the Other Logs entry for that node. The Category Maintenance window appears in the display frame. 2. Select the Remove Category tab at the bottom of the window (Figure 3-14). Figure 3-14 Remove Category 3. Select the category name from the list of available categories. If you want to remove multiple categories, use one of the following methods: - Hold the Ctrl key and click on each desired category name. - If the categories you want to remove are listed together, hold the Shift key and click on the first and last category to select all the categories between them. 4. Click the Remove Selected Categories button. If a log file is contained in multiple categories, removing it from one of the categories will not affect its presence in the others. 3.5.4 Log Files Each node has two types of binary event log files; the binary system event log and all other binary event logs. Thus, each node in the navigation tree includes two sub-entries, one for each log type. 3.5.4.1 System Log The system log is the binary event log file where system events are written. You cannot change this log file. Click the expansion symbol to view the analysis options for the system log in the navigation tree. - Real Time Monitoring - shows the results of automatic analysis in the display frame. - Full View - manually analyzes the system event log and processes all the events in the file. See Sections 3.1.2 and 3.6 for more information on analysis. 3.5.4.2 Other Logs The Other Logs entry in the navigation tree contains entries for binary event log files other than the system event log. These can include the example binary log files included with Compaq Analyze or any other binary event log file located on the node. Initially, there are no sub-entries under the Other Logs entry in the navigation tree. If you are using categories, the Other Logs entry contains the categories you have created and the categories contain entries for binary event log files. See Section 3.6 for more information on manually analyzing a log file. Adding Other Logs If you want to process a binary event log file saved on the node, you must add it using the following procedure: ***Note*** If you are using categories, click on a category name to add log files rather than the Other Logs entry. 1. Click on the Other Logs entry for the desired node in the navigation tree. Once the Other Logs window opens in the display frame, select the Add Files tab (Figure 3-15). Figure 3-15 Add Log File Tab 2. Enter the path and filename of the desired binary log file in the Other Log field. 3. Click the Add Log File to Tree button. 4. Repeat the process until all the desired files are added. The binary event log file is added to the navigation tree under the Other Logs entry or appropriate category for the node. Removing Other Logs You can remove binary event log files from the navigation tree with the following procedure: ***Note*** If you are using categories, click on a category name to remove log files rather than the Other Logs entry. 1. Click on the Other Logs entry for the desired node in the navigation tree and select the Remove Files tab (Figure 3-16). Figure 3-16 Remove Log File Tab 2. Select the log file name from the list of available files. If you want to remove multiple log files, use one of the following methods: - Hold the Ctrl key and click on each desired log file name. - If the files you want to remove are listed together, hold the Shift key and click on the first and last file to select all the files between them. 3. Click the Remove Selected Log File(s) button. After you remove a file, the navigation tree is refreshed to reflect your changes. 3.6 Analysis Information Analysis information can be viewed using any of the following methods: - To view the results of automatic analysis on a node, either select System Log or the Real Time Monitoring entry under System Log. - To manually analyze a node's system event log and display the results, click the Full View entry under System Log. - To manually analyze a different binary event log file and view the results, click the log file name under Other Logs. When analysis is successfully started, the log file's icon is animated and a status message similar to the following is shown in the display frame (Figure 3-17). Figure 3-17 Analysis Started Message If the file cannot be processed for any reason, a message similar to the one in Figure 3-18 is shown. Figure 3-18 Analysis Failed Message Once the file is processed, the icon in the toolbar changes to reflect the status of the log file (see Section 3.7). To view the analysis results in the display frame, click the log file's entry in the navigation tree. ***Note*** You can view the results of analysis before a file has finished processing. Once Compaq Analyze has finished reading a file and has begun analysis, you can click on the file to display any problem reports and events that have been generated so far. Refer to Section 3.7 for information on how to determine when analysis has started. Be aware that if you view the results before processing is completed, Compaq Analyze will not automatically update the display when it finishes analyzing the file. Once analysis completes, you must click the tab you are viewing again to see the full results. Both automatic and manual analysis results are shown in the display frame. The information is divided between the following tabs: - Problem Reports - results of analysis - Events - translation of the events contained in the log file 3.6.1 Automatic Analysis Features When you are performing automatic analysis, the buttons shown in Figure 3-19 appear in the display windows. Figure 3-19 Synchronize and Clear Buttons The synchronize and clear buttons are available on both tabs, and appear under the last entry listed. These buttons are described in Table 3-3. Table 3-3 Automatic Analysis Features Option ----- Description ----- Synchronize Refreshes the display tabs to show all the entries (problem reports, events, and configuration entries) found with automatic analysis. All the active problem reports are listed, as well as the events logged by the system since the node was activated with the web interface. Clear Removes all the entries (problem reports, events, and configuration entries) from the display tabs. To add entries again, press the Synchronize button. 3.6.2 Manual Analysis Features When you are performing manual analysis, the button shown in Figure 3-20 appears in the display windows. Figure 3-20 Reprocess Button The reprocess button appears at the bottom of the window for each tab. It is used to reprocess binary log files so they reflect changes to the report type. Refer to Chapter 6 for more information on changing the report type. 3.6.3 Problem Reports The Problem Reports tab displays the reports that were generated by analysis. Initially, all the problem reports that resulted from analyzing a binary event log file are listed. An example of the problem report list is shown in Figure 3-21. Figure 3-21 Problem Report Tab To view the details of a specific report, click on its entry in the list of available problem reports. The report details are shown in the display frame. Refer to Appendix A for an example of a problem report. 3.6.4 Summary The Summary tab describes the event types contained in the binary event log file. Each event type is listed along with the number of occurances. The time stamps for the first and last events are listed under the summary information. (Figure 3-22). Figure 3-22 Summary Tab 3.6.5 Events The Events tab provides translation information for the events in the binary event log file. Initially, the events are listed in reverse chronological order (Figure 3-23). Figure 3-23 Events Tab Events that have been processed are listed along with date and time information. Events that have not completed processing yet appear without date and time information. Be aware that when you perform manual analysis, not all events require processing. For example, duplicate events and event types not useful to analysis are not processed. As a result, even after analysis completes the date and time information for these events is not shown. You can still display these events just like any other event. To view the text of a translated event in the display frame, click on the desired entry in the list of events. Compaq Analyze includes information about the source of the event and the time it was created at the top of the detailed display. Refer to Appendix A for an example of a translated event. 3.6.6 Displaying Details Compaq Analyze displays the results of analysis in a list in the display frame. You can view the details of any entry by clicking on it in the list. In order to make viewing events easier, navigation buttons are available at the top of each detailed entry. The navigation buttons are shown in Figure 3-24. Figure 3-24 Navigation Buttons The buttons are used to move between entries in the list, you can view the details for other events in the list using the Previous and Next buttons. Click the Index button to redisplay the list of entries in the display frame. If there is no event in the list for the Next or Previous button to display, you will receive an informational message and detailed entry will not change. ***Note*** If your user settings display event details in a separate window, the Index button will not be available and clicking the Previous and Next buttons will not open additional new windows. See Section 3.8.3 for more information on user settings. 3.7 Processing Status You can quickly determine the status of automatic or manual analysis by looking at the icons in the navigation tree. Figure 3-25 shows the icons used to indicate analysis results. Figure 3-25 Status Icons When automatic analysis generates a problem report exclamation points are added to the icons for the node, system log, and real time monitoring. The icon changes remain until the problem reports list is viewed and the tree is refreshed. If another problem report is generated after the tree is refreshed, exclamation points are added to the icons again. You can also determine the results of manual analysis on a binary event log file by checking the icons. The normal icon is used until processing is completed. If processing has completed and problem reports were generated, an exclamation point is added to the icon. If processing has completed and no problem reports were generated, a check mark is added to the icon. Unlike the icon changes associated with automatic analysis, the manual analysis icon changes remain visible until you log off the web interface session. In addition to the icon-based status indicators, you can also determine the processing status by positioning the cursor over the file name in the navigation tree and reading the status message at the bottom of the window. Status messages are shown in the information bar (see Figure 3-2). 3.8 Settings You can use the web interface to change the director and user configuration settings, modify the registered rule sets, and view the Director and Compaq Analyze informational log files. To access this information, click the Settings button from the toolbar. The Settings window opens in the display frame (Figure 3-26). Figure 3-26 Settings Window 3.8.1 Viewing Text Error/Information Log Files ***Note*** Informational log files cannot be viewed on OpenVMS systems. Only Tru64 UNIX and Windows systems display the text-based informational log files. Therefore, the "View Compaq Analyze Logs" link is not visible when you are logged into a OpenVMS machine. You can view the text-based error/information log files from the Settings window (Figure 3-26) by clicking the "View Compaq Analyze Logs" link. The log files are concatenated into one large file for display and shown in a separate browser window. The following log files are shown (refer to Chapter 1 for information on the log files): Tru64 UNIX All the log files in the /logs directory are shown, for example: - webes_delete.log - webes_install.log - setld_error.log - wcc_install.log - desta_dir.log - ca_delete.log - ca_install.log - ccat_install.log Windows All the log files in the \logs directory are shown; generally, the following log files are shown for Windows systems: - desta_dir_err.txt - desta_dir_err_backup.txt - desta_dir_out.txt - desta_dir_out_backup.txt 3.8.2 Director Settings You can view the configuration settings for the Director by selecting the Director Settings tab. Chapter 6 describes how to change the Director settings. 3.8.3 User Settings The user settings change how the navigation tree handles log files other than the system log. To access the user settings, click the User Settings tab (see Figure 3-27). Figure 3-27 User Settings The User Settings window presents the following options: - Save File Lists in Other Logs Select this option if you want the navigation tree to save a record of all the log files listed under Other Logs when you log off Compaq Analyze. If this option is selected, the log files will remain in the navigation tree until you manually remove them. If this option is not selected, the Other Logs section of the tree will be empty when you logon. - Use Categories With Other Logs Select this option to use categories with log files. Refer to Section 3.5.3 for more on categories. - Put Entries in a Separate Window Opens a new browser window for the details of a problem report or event selected from the list of entries. The list of entries will remain open in the original window If you modify the user settings, click the Update button so your changes take effect. 3.8.4 Register Knowledge The web interface can register new rule sets for use with analysis from the Register Knowledge tab. Refer to Chapter 5 for more information on rule sets and analysis. 3.9 Getting Help The web interface provides context sensitive help and a link to the user guide. 3.9.1 Context Sensitive Help Position the cursor of your mouse over an element from the toolbar or navigation tree to view a brief description of the option in the information bar at the bottom of the browser window. 3.9.2 On-Line User Guide Click on the Help button from the Compaq Analyze toolbar (the question mark in the yellow oval) to view an HTML version of the Compaq Analyze User Guide. The help opens in a new browser window. 3.10 Log Off When you want to end your web interface session, click the Log Off button located in the toolbar. After you log off, the message in Figure 3-28 appears. Figure 3-28 Log Off Message Once your session has closed, the Logon window (Figure 3-1) appears. You will need to log off if you want to use your profile from a different machine. ***Note*** If you do not log off when you end your Compaq Analyze session, your profile will continue to use resources on the WEBES Director until either the Director is restarted or you log off. If you attempt to log on to Compaq Analyze using a profile that is already logged on, the error message in Figure 3-29 appears. Figure 3-29 Profile Already Logged On Message Click the Log Off Username button to free the profile so you can use it. 3.11 Lost Connection If your connection to the Director is lost for any reason, the message in Figure 3-30 appears in the toolbar. Figure 3-30 Lost Connection Message If you lose the connection to the Director, you may need to log off your profile before you can use it to access the web interface again (see Section 3.10 for more information about logging off). 3.12 Service Obligation You can view service obligation information by entering the following URL: http://hostname:7902/obligation Where hostname refers to the machine name or IP address. An example of the service obligation information is shown here: Service Obligation: Valid Service Obligation Number: NI93202975 System Serial Number: NI93202975 Service Provider Company Name: Compaq Obligation Start Date: Sat May 13 00:00:00 MDT 2000 Obligation Ending Date: Sun May 13 00:00:00 MDT 2001 Time left on Obligation: 0 years, 355 days, 13 hours, 52 minutes, 57 seconds History of changes: 1. Sat May 13 15:46:22 MDT 2000: Installer (unknown) of Compaq Installation settings changed to start Sat May 13 00:00:00 MDT 2000 to Sun May 13 00:00:00 MDT 2001 (1 years, 0 days, 0 hours, 0 minutes, 0 seconds) 2. Sat May 13 15:46:11 MDT 2000: WEBES (Web-based Enterprise Service Common Components V3.0 (Build 12), member of WEBES V3.0 (Build 12)) of Compaq Set initial obligation: 0 years, 5 days, 0 hours, 0 minutes, 0 seconds ending Thu May 18 15:46:10 MDT 2000 Notifications to be sent 1. 0 years, 60 days, 0 hours, 0 minutes, 0 seconds 2. 0 years, 30 days, 0 hours, 0 minutes, 0 seconds 3. 0 years, 15 days, 0 hours, 0 minutes, 0 seconds 4. 0 years, 5 days, 0 hours, 0 minutes, 0 seconds 5. 0 years, 4 days, 0 hours, 0 minutes, 0 seconds 6. 0 years, 3 days, 0 hours, 0 minutes, 0 seconds 7. 0 years, 2 days, 0 hours, 0 minutes, 0 seconds 8. 0 years, 1 days, 0 hours, 0 minutes, 0 seconds 3.13 Disabling the Web Service The following procedure describes how to turn off the Compaq Analyze web service. 1. Stop the Director by entering desta stop at the command prompt. 2. Edit the ConfigDefaultsCA*.txt file in the config directory. - Tru64 UNIX - edit the following file: /usr/opt/compaq/svctools/config/ConfigDefaultsCADUnix.txt - OpenVMS - edit the following file: svctools_home:[config]ConfigDefaultsCAOpenVMS.txt - Windows - edit the following file: c:\Program Files\Compaq\Svctools\Config\ConfigDefaultsCAWindows.txt 3. Put a # in front of the line com.compaq.svctools.ca.services.web.CAWebService. The contents of the file should look similar to this: # ConfigDefaultsCAOpenVMS.txt # # Compaq Analyze Default Components, ** OpenVMS Version ** # # Default components of Compaq Analyze, to enroll the first time the # DESTA Director process is executed, as fully qualified Java class names. # After DESTA runs the first time, the file Configuration.dat will be # created, and it will be read on startup instead of ConfigDefaults*.txt. # # Duplicates are OK, so let's add the CommonDirector even though it's # also in ConfigDefaultsDESTA.txt, since we can't run the other services # without it. # com.compaq.svctools.desta.core.CommonDirector com.compaq.svctools.ca.services.analysis.EvtAnalyzer com.compaq.svctools.ca.services.decomposers.EvtDecomposer com.compaq.svctools.ca.services.eventreaders.SwccReader com.compaq.svctools.ca.services.web.CAWebService # # The next line is specific to OpenVMS com.compaq.svctools.ca.services.eventreaders.VMSReader # # Uncomment the next line if operation of the Unanalyzed Event Logging # service is desired. #com.compaq.svctools.ca.services.analysis.UnanalyzedEventLogger com.compaq.svctools.desta.services.notification.ACHSNotification 4. Delete the configuration.dat file from the following directories (assuming you used the default install directory): - Tru64 UNIX - /usr/opt/compaq/svctools/desta/config - OpenVMS - svctools_home:[desta.config] - Windows - C:\Program Files\Compaq\Svctools\desta\config 5. Restart the Director using the procedures described in Chapter 1.  ========================================================================= 4 ***Event Translation*** This chapter describes event translation, including automatic and manual translation, simulation testing of translation, and viewing and interpreting translation information. - Translation Defaults - Automatic Translation - Manual Translation - Viewing Translation Information - Interpreting Translation Information - Typical Frame of a Translated Binary Event 4.1 Translation Defaults By default some events are not processed. Under normal operation, correctable events are not translated. The events that are usually filtered include: - Correctable System events (entry types 620 and 630) - Correctable Error Throttling Notification events - Miscellaneous events not used by analysis, such as: - Time Stamp events - Volume Mount/Dismount events - Cold Start (System Boot) and Shutdown events - Software-related events 4.2 Automatic Translation Automatic translation, which is enabled by default, captures, translates, and displays events in the web interface as they are generated by the system or soon after. As long as the Director is running all the incoming events are processed without user intervention. Translated events are passed to all the web interfaces connected to the Director (on any machine). Translated events are also passed to the Analysis engine to be analyzed according to installed rules sets (see Chapter 5). 4.3 Manual Translation You can open a binary event log file and request that the events be translated. The resulting reports are only sent to your computer. This activity is known as manual translation. ***Note*** In the web interface, manual translation is combined with manual analysis. Thus, when you process a log file you will see the results of both activities. To translate events from a binary event log file, follow the steps outlined in Chapters 2 and 3 of this guide. On supported platforms, Compaq Analyze can read and translate error logs produced by any of the supported operating systems. For example, you can use the web interface running on your PC to connect to a Director running on a Tru64 UNIX machine to read, translate, and analyze an event file produced previously on an OpenVMS machine. 4.4 Viewing Translation Information Translation information is available from the the command line interface and the web interface. Refer to the following chapters for information on viewing translation information: - CLI - Chapter 2 - Web Interface - Chapter 3 4.5 Interpreting Translation Information A translated binary event consists of three layers of information: overall, frame, and field. 4.5.1 Overall The overall binary event contains one or more translated frames of information. There are several types of binary events, each identified by its class name. In addition to the frames, some other information is stored at the overall layer, such as: - The class name of the binary event (passed to Event Analysis but not displayed in the web interface) - The event's "match keys," a set of strings used in identifying analysis rules that may fire for this event (not shown by the web interface) 4.5.2 Frame A frame within an event consists of one or more translated fields of information. There are many types of frames, each identified by its label. Each frame type contains a defined set of fields. In addition to the fields, some other information is stored at the frame layer, such as: - The parent binary event of this frame - The frame's label, displayed at the beginning of each frame 4.5.3 Field A field within a frame consists of the following: - The parent frame of this field - The field's label, both as an identifier (not shown) and as displayable text - The field's value (of a type defined by the type of field) which is displayed in text form 4.6 Typical Frame of a Translated Binary Event A typical frame of a translated binary event appears as follows: Event: 2 Description: VMS Asychronous Device Attention at Mon Mar 01 20:59:59 MST 1999 f rom SABL15 File: ./ca/examples/rx_data.zpd =============================================================== OS_Type 2 -- OpenVMS AXP Hardware_Arch 4 -- Alpha CEH_Vendor_ID 3,564 -- Compaq Computer Corp Hdwr_Sys_Type 22 -- Unrecognized System Type Logging_CPU 0 -- CPU Logging this Event CPUs_In_Active_Set 0 Entry_Type 128,098 -- VMS Asychronous Device Attention DSR_Msg_Num 1,813 -- Compaq AlphaServer ES40 This frame contains eight fields: OS_Type, Hardware_Arch, CEH_Vendor_ID, Hdwr_Sys_Type, Logging_CPU, CPUs_In_Active_Set, Entry_Type, and DSR_Msg_Num. Each field has a single value, such as "22".  ========================================================================= 5 ***Event Analysis*** This chapter describes event analysis, including analysis rules, installing rule sets, automatic and manual analysis, simulation testing of automatic analysis, viewing analysis information, interpreting analysis information, and configuration of analysis. - Analysis Rules - Instance Files - Managing Rule Sets - Automatic Analysis - Manual Analysis - Viewing Analysis Information - Interpreting Analysis Information 5.1 Analysis Rules Binary events are analyzed by using DeCOR (the analysis engine used by both Compaq Analyze and its predecessor, DECevent) to apply rules to them. Rules are designed to fire when a particular criteria, such as a threshold, is met. For example, if the number of events within a given time frame exceeds the threshold specified in a rule set, the rule fires. Depending on the circumstances, a event may or may not fire any rules. In addition, a single event can fire multiple rules. When a rule fires, it may produce none, one, or multiple reports. A report may be generated immediately, or may be generated after a gestation time period defined by the rule. Each report is stored in a instance file. After the report's expiration time period, defined by the rules, the report is removed from the instance file. Analysis rules are coded by Compaq serviceability engineers or other domain knowledge specialists. These rules are stored in Knowledge Rule Set files, typically with the file extension .krs. A KRS file contains one or more rules. One or more rule set files can be installed, or "registered," into an analysis instance file at the same time. A rule set can later be "unregistered" if it is no longer applicable. ***Note*** It is possible to run Compaq Analyze without any rule sets registered (if the rule sets have been unregistered or deleted). However, if there are no registered rule sets, analysis will not generate any results. 5.2 Instance Files Compaq Analyze stores analysis data in instance files that include the following: - The paths and filenames of the KRS files to be used for analysis - Input entry classes, derived from data in the binary events - Intermediate data such as complex storage classes, derived during analysis - Output report classes (analysis results) Typically, the input classes are deleted after reports have been generated from them. Automatic analysis results (see Section 5.4) are stored in the following file: ca/data/decorEvtAuto.ins Manual analysis is separate from automatic analysis (see Section 5.4) in its use of data. The file ca/data/decorEvtManual.ins_seed contains only the paths and filenames of the KRS files. Before each manual analysis, this file is copied to decorEvtManual.ins in the same directory, which is used to store all data for this analysis only. Once analysis is complete, the file is renamed decorEvtManual.ins_prev-save, overwriting any file of the same name. In this way, each manual analysis is isolated from the results of all other manual analyses as well as from automatic analysis. Damaged Instance Files Compaq Analyze can detect and recover from an automatic analysis instance file that is damaged. However, if you believe the instance file is damaged and want to reset it to its original default state containing only the KRS filenames, do the following: 1. Stop all WEBES processes (see Section 1.5). 2. Delete the file decorEvtAuto.ins. 3. Restart the Director (see Section 1.4). 4. Re-register the default rule sets with the command ca regknw rdef (see Section 5.3). The manual analysis seed instance file decorEvtManual.ins_seed can be restored in the same way if it is damaged, although it is never changed except when rule sets are registered or unregistered. Contact the Compaq Analyze support team for assistance in diagnosing why an instance file may have been damaged. 5.3 Managing Rule Sets Compaq Analyze is installed with all rule sets pre-registered in the automatic and manual analysis instance files. These rule sets are the installed files with the .krs extension, in the same directory as the instance files. You can manipulate the rule sets in the following ways: - View the rule sets that are currently registered (see Section 5.3.1). - If you receive or create new analysis rule KRS files, you can register the new rule sets as needed into both instance files (see Section 5.3.2). - Unregister rule sets that are no longer needed (see Section 5.3.2). - Re-register all the default rule sets (see Section 5.3.2). 5.3.1 Viewing Registered Rules Using the CLI, you can view the rulesets that are registered for use with Compaq Analyze. The listrk command can be used in either automatic or manual mode, and provides a list of the paths and versions of the knowledge files registered with DeCOR. The syntax for the command is shown here: ca listrk Output An example of the output from a OpenVMS machine is shown here: Registered analysis knowledge files: Filename: /SVCTOOLS_HOME/ca/data/ds10.krs Revision: Rev_3_0_A Filename: /SVCTOOLS_HOME/ca/data/ds20.krs Revision: Rev_3_0_A Filename: /SVCTOOLS_HOME/ca/data/es40.krs Revision: Rev_3_0_A0 Filename: /SVCTOOLS_HOME/ca/data/gs320_ce_rule.krs Revision: Rev1_0 Filename: /SVCTOOLS_HOME/ca/data/gs320_se_rule.krs Revision: Rev_01 Filename: /SVCTOOLS_HOME/ca/data/gs320_startup_rule.krs Revision: Rev1_0 Filename: /SVCTOOLS_HOME/ca/data/gs320_uce_rule.krs Revision: Rev_01 Filename: /SVCTOOLS_HOME/ca/data/mcii.krs Revision: Revison_0 Filename: /SVCTOOLS_HOME/ca/data/storage.krs Revision: Rev_0.2 5.3.2 Registering and Unregistering Rule Sets You can register a set of rules (stored as KRS files) using the Compaq Analyze CLI or web interface; however, to unregister a rule set you must use the CLI. Registered files are used by the automatic analysis instance file decorEvtAuto.ins and the manual analysis seed instance file decorEvtManual.ins_seed, both of which are located in the ca\data directory. You can re-register all default rule sets from the command line. For example, you may need to do this if you delete either of the instance files, as described in Section 5.2. 5.3.2.1 CLI Use the regknw command to register or unregister knowledge rulesets in both the automatic and manual instance files. Registering and Unregistering Rule Sets The syntax for registering and unregistering rule sets is shown here (in all cases, the first command shown is used to register rule sets and the second command is used to unregister rule sets): ca regknw r knowledgeFileDir knowledgeFile ca regknw u knowledgeFileDir knowledgeFile Where knowledgeFileDir represents the directory where the knowledge file is saved and knowledgeFile represents the name or names of the desired knowledge files. Any number of directories and files can be supplied. When registering files, keep the following in mind: - If you do not use any arguments, you will be prompted as to whether you wish to register or unregister the default knowledge files. See Default Rule Sets for more information. - You can use the relative directory structure for the directory, as in the following examples: ca regknw r \ca\data\ds10.krs ca regknw u \ca\data\ds10.krs - Wildcards can be used to specify multiple filenames, as shown in the following examples: ca regknw r \ca\data\ds*.krs ca regknw u \ca\data\ds*.krs - If you specify a directory without a filename, all the files with a .krs extension in the directory are registered or unregistered. The following examples show commands without any file names: ca regknw r \ca\data\ ca regknw u \ca\data\ ***Note*** When you are specifying individual files to unregister, the file path(s) entered at the command line must exactly match the DeCOR file path. Specifying a relative path is usually sufficient. However, on OpenVMS systems, a relative or absolute path may not be translated into a format compatible with DeCOR. Use the ca listrk command to determine the proper path argument. Default Rule Sets The set of *.krs files located in the ca\data directory constitute the default rule sets. You can register all of the default rule sets with either of the following commands: ca regknw r ca regknw rdef The rdef command does not prompt for confirmation. You can unregister all of the default rule sets with either of the following commands: ca regknw u ca regknw udef The udef command does not prompt for confirmation. If you attempt to register a rule set that is already registered or unregister a rule set that is not registered, error messages will result. If you want to restore the automatic or manual instance files to their initial state, follow the procedures for damaged instance files, described in Section 5.2. 5.3.2.2 Web Interface To register a set of rules using the web interface, do the following: 1. Click on the Settings button in the toolbar. The Settings window appears in the display frame. 2. Click the Register Knowledge tab at the bottom of the window (Figure 5-1). Figure 5-1 Rules Files 3. Click on the name of the desired rule set to register it. 5.4 Automatic Analysis Automatic analysis is the immediate analysis of an event that has been captured and decomposed by Compaq Analyze as soon as the event is generated by the system (or shortly thereafter). No user intervention is required, and as long as the Director is running, Compaq Analyze analyzes any incoming events, regardless of any interfaces that may be running. Automatic analysis is always enabled. Be aware that automatic analysis does not use the time stamp information associated with events, rather events are assumed to have occured when the Director receives them. Problem reports resulting from automatic analysis are sent to all interfaces and to all recipients that are set up to be notified. See Chapter 7 for information about setting up notification services. Scavenge Automatic analysis processes events as they occur. However, when the Director is stopped, Compaq Analyze creates a marker that indicates the last event from the binary log file that was processed. When the system is restarted, Compaq Analyze processes all the events that occurred after the marker was created. This operation is referred to as scavenging. The scavenge operation finds events that are still pending processing and ensures that no events are missed, even when the system is restarted. The first time scavenge occurs, it processes the entire event log. Once this is complete, new events are processed as they occur. The scavenge operation always occurs four minutes after the Director is started. If the Director is started and stopped within four minutes, no scavenge occurs. ***Note*** Like automatic analysis, the scavenge operation does not use event time stamp information. As a result, if you stop the Director while your system continues to log events, you may receive unexpected analysis results when you restart the Director. For example, if you stop the Director for five days while your system continues to log events, when you restart the Director, the scavenge operation assumes that all the events from those five days occured at the current date and time. 5.5 Manual Analysis A user can open a binary event log file and request that the events be translated and analyzed, returning any problem reports to the requesting user. This activity is known as manual translation and analysis. Unlike automatic analysis, manual analysis relies on the time stamp information included with each event to determine when an event occured. Manual analysis can be performed from all the interfaces. Refer to the following chapters for information on manual analysis: - CLI - Chapter 2 - Web Interface - Chapter 3 Regardless of the platform it is installed on, Compaq Analyze can read and translate binary event logs produced by any of the supported operating systems. 5.6 Viewing Analysis Information You can use any of the Compaq Analyze interfaces to view analysis information from system generated events and binary event log files. Refer to the following chapters for more details on viewing analysis information - CLI - Chapter 2 - Web Interface - Chapter 3 5.7 Interpreting Analysis Information A report consists of a set of String and Value Pairs (SVP). A SVP can be short, for example: Entity Type: CPU A SVP also can be extensive, such as the Full Description or Evidence SVPs, which can contain many lines of information (see Appendix A for an output example). A problem report resulting from event analysis always contains the following Strings, with Values describing the analysis results. 5.7.1 Managed Entity The Managed Entity designator provides service information regarding the system on which the problem was found. This includes the system host name (typically the computer name for networking purposes), type of computer system, and the error event identification. The error event identification information uses new common event header Event_ID_Prefix and Event_ID_Count components. The Event_ID_Prefix refers to an OS-specific identification for this event type. The Event_ID_Count indicates the number of this event type that occurred. 5.7.2 Service Obligation The Service Obligation designator provides information about the service provider and the state of the service contract. 5.7.3 Brief Description The Brief Description designator provides a high level description of the event. This typically includes whether the error event is related to the CPU, the system (PCI or Storage, for example), or the environmental subsystem within this managed entity. 5.7.4 Callout ID The Callout ID designator provides information about the analysis rule set. The last 12 characters can be used to determine the revision level of the current analysis rule set. All other characters within this designator are used for Compaq-specific reserved purposes. 5.7.5 Severity The Severity designator provides the service relevance of the occurrence of the problem found. The current severity hierarchy is shown in Table 5-1. Table 5-1 Problem Severity Levels Severity Level ----- Service Relevance ----- Comments ----- 1 Critical This level is not currently used due to system operation required for Compaq Analyze diagnosis. 2 Major Fatal event that typically requires service if not already administered. 3 Minor Non-Fatal or Redundant warning event that typically requires future service but system still operates normally. 4 Information System service event such as enclosure PCI or Fan door is open and only requires system door closure. 5 Unknown This level is not used currently. 5.7.6 Reporting Node The Reporting Node designator is the node from which the error was reported. It is synonymous with the Managed Entity host name when Compaq Analyze is used for system diagnosis for the system on which it is running. For future implementations, this may reflect a system server reporting about a client for which Compaq Analyze is performing diagnosis within an enterprise computing environment. 5.7.7 Full Description The full description designator provides detailed error information about the event. This can include the detected fault or error condition description, specific address or data bit where this fault or error occurred, and other service related information. 5.7.8 FRU List The Field Replaceable Units (FRU) List designator lists the most probable defective FRUs. This list indicates that qualified service needs to be administered to one or more of these FRUs. This information typically provides the FRU probability, manufacturer, system device type, system physical location, part number, serial number, and firmware revision level (if applicable to the FRU). 5.7.9 Evidence The Evidence designator provides the error event information that triggered the indictment. The evidence shown depends on the system that generated the error log and the registered rules. As a result the contents of the evidence field may vary.  ========================================================================= 6 ***Configuration*** This chapter describes configuration, including getting and changing the configuration, global and component configuration attributes, and creating and resetting the configuration. - Getting the Configuration - Changing the Configuration - Global Configuration Attributes - Component Configuration Attributes - Profiles - Creating and Resetting the Configuration 6.1 Getting the Configuration You can view the system configuration settings for your local Director from the web interface. To view the system configuration, use the following procedure: 1. Select the Settings button from the toolbar. The Configuration Settings window is shown in the display frame (see Figure 6-1). By default the Director Settings tab is selected. Figure 6-1 Settings 2. To view the details of a specific Global configuration attribute, click on the attribute name. The details are shown on the right side of the window. 3. To view the attributes of a different service, click on the WEBES Services drop-down menu. A list of services appears (see Figure 6-2). Figure 6-2 Selecting an Service 4. Choose one of the services currently enrolled into the system (see Figure 6-3). The attributes associated with service are listed on the left side of the window. The CAWebService was selected for this example. Figure 6-3 Attribute Display 5. To view the current value of an attribute, click on its name on the left side of the window (see Figure 6-3). The attribute's full name and current and default values, are displayed on the right side of the window along with a description of the attribute. Component Class Name (compName) was selected in this example. 6.2 Changing the Configuration You can modify the attribute configuration settings from the web interface or the CLI. Normally, it is not necessary to change the attribute settings. The following list describes the attributes that most often need changed, and an example of circumstances which might call for a change. - commSocketListenerPort (Communications, Socket Listener Port Number) - under Global Attributes. Used to change the communications port number. Do not change the commSocket ListenerPort attribute from the web interface, see Section 6.3.2 for information on configuring ports. You may need to change the port number if there is another, conflicting application. - commConnectionTimeout (Communications, Connection Handshake Timeout) - under Global Attributes. Used to change the amount of time that can elapse before the system times out. You may want to change the Timeout setting if your network is very slow and you want to allow more time for connections before timing out. - Report Type - under Global Attributes. Used to change the problem report display from detailed to brief. Unless you specifically need the full report output, you should use the brief report. See Section 6.3.3 for more information on changing the Report Type. - HTTPServerPort - under CAWebService Attributes. Used to change the port used for http communications. See Section 6.3.2 for more information on configuring ports. You may need to change the port number if there is a usage conflict. 6.2.1 CLI The CLI has limited configuration abilities. Socket Ports The socket ports can only be modified from the command line. Refer to Section 6.3.2 for details on changing the ports. 6.2.2 Web Interface Using the web interface, you can change attributes from the Configuration Settings window (see Figure 6-1). Attributes that can be changed have a New Setting field and three buttons in the System Configuration window. You must select an attribute to determine if it can be changed. To change the value of an attribute, enter the new value in the New Setting field. Depending on the attribute that you want to change, you may be able to select the new attribute value from a drop-down list or change a check-box setting. After changing attributes you have several choices. - Click the Change button to apply the changes to the current attribute. - Click the Reset button to change the values of the current attribute back to their last applied value. - Click the Default button to change the values of the current attribute to their default values. If you leave the Configuration Settings window without clicking the Change button, your modifications will be lost. 6.3 Global Configuration Attributes The attributes listed under "Global Attributes" affect every component in the Compaq Analyze system on the current machine, whether or not the component has been enrolled in the configuration. 6.3.1 Changing the Attributes Changes to the Logging attributes (prefaced with "log") take effect immediately. Changes to the Communications and Controller attributes (prefaced with "comm" and "ctrlr," respectively) take effect only when a new Compaq Analyze process is started (such as the Director or another process that connects to the Director). Be aware that changing a global configuration attribute affects both interfaces. 6.3.2 Changing Ports Table 6-1 describes the ports used by Compaq Analyze and indicates whether or not they can be configured. Table 6-1 Ports Port Number ----- Used For ----- Configurable ----- 7901 Connections to the director. Yes 7902 Web service (http communications) Yes 7903 Web service (http communications) No 1998 Service Cockpit No 8944 QSAP (see Chapter 7 for more details on QSAP) Yes 25 SMTP mail. This is the standard port used by TCP/IP systems for SMTP (see Chapter 7 for more details on configuring SMTP). No If a port is configurable, you can change the port number used. Most ports are configured using the web interface, however, the commSocketListenerPort, which is used for connections to the director, can only be modified from the CLI. Connections to the Director The commSocketListenerPort defines the TCP/IP socket port used by the Director to communicate with other processes on the same machine or on other machines on the network (Port 7901, by default). ***Note*** Do not change the commSocketListenerPort attribute with the web interface. If you do, the Director cannot be stopped from that point on. After the socket port is changed, only a service that is already connected can stop the Director running on the old port. To change the TCP/IP socket port attribute on all operating systems use the following command from the command prompt. desta msg -chgport nnn Where nnn is the new port number This command changes the port number and then stops the Director and all connected processes. After the Director has finished shutting down, you can safely restart it on the new port. The Director can only communicate with Directors on other machines that have the same TCP/IP socket port number defined in their configuration. 6.3.3 Changing the Report Type When you change between the Full Report Type and the Brief Report Type, the changes will not be visible in binary event logs that have already been processed. When you change the report type, the output from manual and automatic analysis is cached using the previous report type. To view the analysis results with the new report type, you will need to reprocess the binary log file. - To reprocess the system event log file, select Full View in the navigation frame and click the Reprocess button located in the display frame. - To reprocess any other log file, select its entry under the Other Logs heading in the navigation frame and click the Reprocess button located in the display frame. Refer to Chapter 3 for more information on manual analysis and the Reprocess button. 6.4 Component Configuration Attributes Attributes for all components fall into two categories (indistinguishable in the web interface): common attributes and extended attributes. (For additional information about configuration attributes, refer to Chapter 5.) 6.4.1 Common Attributes Attributes that each component contains by default are known as common attributes. They are still owned by their component, so the autoStart attribute for one component is independent from the autoStart attribute of another component. 6.4.2 Extended Attributes Attributes specific to a particular component are known as extended attributes. For example, the "watchFlags" attributes of the "EvtAnalyzer" component do not exist in any other components, since they only apply to the Event Analysis service. 6.5 Profiles When you are using the web interface, your changes to the configuration are saved in a profile. The profile for the current session is saved using the login name you entered (see Chapter 3). To restore your previous configuration settings when you restart the web interface, simply enter the same login name. Your profile is saved on the machine where you logged on; if you logon to a different machine the it will use the default settings. To customize the settings you will need to create a new profile and change the configuration settings. Thus, if you want to use the same configuration settings on several different machines, you will need to have a profile on each one. Only a single instance of a profile can be connected to any given Director. If you try to connect to a Director from several different browsers using the same profile, you will receive an error message. Be aware that the normal and advanced versions of a profile are considered to be the same profile. ***Note*** Profile names are case sensitive. Changing between upper case and lower case letters will create additional profiles. To access a profile, you must enter the profile name exactly as it was created. 6.6 Creating and Resetting the Configuration The first time that Compaq Analyze is started on a machine, a warning similar to the following is written to the Director log file. (See the WEBES Installation Guide and Chapter 1 of this guide for more on log files.) ___. WARNING on February 1, 1999 11:23:35 AM MST (0.023 sec elapsed) Configuration file /usr/opt/compaq/svctools/desta/config/Configuration.dat not found, creating it. Current Thread[main,5,main] This warning is expected and correct. The Configuration.dat file is created based on the contents of the ConfigDefaults*.txt file in the svctools/config directory. (The warning example shown is for a Tru64 UNIX system.) The classes named in those files will "enroll themselves" into the configuration, which is then saved as Configuration.dat, a binary file that should not be edited directly. Changes made from the web interface are saved in this file by the Director. This warning should not appear on subsequent starts of the Director. If the configuration becomes damaged, or you wish to return to the default configuration state when Analyze was first started, make sure no Compaq Analyze or WEBES processes are running (including the Director process), and delete the Configuration.dat file. When you restart Compaq Analyze, the file will be recreated with the standard defaults, using ConfigDefaults*.txt the same way as the first time Compaq Analyze was started.  ========================================================================= 7 ***Notification*** This chapter describes how to configure Simple Mail Transfer Protocol (SMTP), System Initiated Call Logging (SICL), and Compaq Remote Support Service (CRSS) for automatic notification as well as how to disable automatic notification. - Configuring SMTP Mail Notification - Customer Profile File - Enabling and Disabling SICL Notification - Configuring CRSS Notification 7.1 Automatic Notification Automatic notification enables you to distribute problem reports over e-mail without manual intervention. Be aware that problem reports generated by manual analysis are not sent out for notification. Only reports from automatic analysis are sent out. The following sections describe how to configure automatic notification. 7.2 Configuring SMTP Mail Notification Automatic notification provides the capability to send problem reports to recipients through the SMTP protocol. ***Note*** If you want to use SMTP (e-mail) automatic notification, your machine must either have connectivity to another SMTP server on the TCP/IP network, or it must have its own SMTP server. For further information on configuring your machine as a SMTP server, refer to your operating system documentation. Information on configuring an OpenVMS machine as a SMTP server is available at the following URL: http://www.openvms.digital.com:8000/72final/6526/6526profile_contents.html To set up SMTP (E-mail) notification of problem reports, you must edit the NotifyCA.txt file. You may have already entered the appropriate information during installation. If so, you will find the information stored in this file. Use any text editor to open the file and specify what server to use for sending E-mail notification and the users to whom messages should be sent. The NotifyCA.txt file is in the following locations, depending on your operating system: - Tru64 UNIX: /usr/opt/compaq/svctools/config - OpenVMS: svctools_home:[config] - Windows: install directory\config where install directory indicates the directory where Compaq Analyze was installed The basic format of the text file is as follows: SERVER=servername FROM=username1@server.xxx.com TO=username1@mailaddress1.com; username2@mailaddress2.com CC=username3@mailaddress3.com The servername must be either a machine currently running an SMTP server process, or localhost if the machine running Compaq Analyze is also an SMTP server. The users you identify in the TO and CC fields of the NotifyCA.txt file are automatically sent problem reports. Extraneous spaces are ignored and the semicolon can be used as a recipient separator in the TO and CC fields. The CC field is optional. For changes in the NotifyCA.txt file to take effect, you must stop the Director, then restart it. ***Note for UNIX*** If your environment does not allow for SMTP forwarding using the normal protocol, you can add the following line to the NotifyCA.txt file: CMD=mailx -s '%s' %t The mailx command can be replaced with any other command for sending mail. The %s is substituted for the subject line of the problem report. The %t is substituted with a space-separated list of the mail addresses specified on the TO= lines of the NotifyCA.txt file. Disabling and Enabling SMTP Notification The SMTP Notification service is enabled by default, but will not perform any notification until the configuration procedures described in this section are performed (unless the necessary information was provided during installation). To disable any notification of problem reports, use the web interface to deselect the "autoStart" checkbox in the SMTP Notification service's configuration attributes. The next time the Director is restarted, the Notification service will not be started, and no mail will be sent for problem reports. See Chapter 6 for more information regarding configuration. To re-enable the service, select the "autoStart" checkbox and restart the Director. 7.3 Customer Profile File You will need a customer profile file in order to automatically notify your Compaq qualified service provider of problems detected by Compaq Analyze. The profile file provides contact and system information used by your service provider. Normally, the customer profile file is named profile.txt and depending on your operating system, the file's location defaults to the following directory: - Tru64 UNIX: /usr/opt/compaq/svctools/data - OpenVMS: svctools_home:[data] - Windows: install directory\compaq\svctools\data where install directory indicates the directory where Compaq Analyze was installed You can change the name and location of the profile file, however, you will need to modify the path to reflect those changes (see Section 7.3.2). 7.3.1 Profile File Contents The installation process creates a profile file for you, however, if you need to change the file you can do so using a text editor. The file includes contact information, company information, and system information. If you modify the profile file, you should maintain the format of the information and save your changes in the appropriate directory. 7.3.2 Path Setup In order to use a profile file, you must specify the fully qualified path. Specify the path in the install directory\svctools\desta\config\desta.reg file (install directory refers to the directory where Compaq Analyze was installed). Add the following line to the desta.reg file: CA.ACHSProfile=filename Where filename is the path and name of the profile file. Be aware that backslash characters must be duplicated in order to be interpreted correctly. For example, on a Windows system using the default file name and location, the path statement would appear as follows: CA.ACHSProfile=C:\\Program Files\\compaq\\svctools\\data\\profile.txt 7.4 Enabling and Disabling SICL Notification SICL enables the Compaq Analyze software to log service calls with a Compaq Customer Support Center. Before you enable SICL notification make sure that you have DSNLink installed. SICL notification is enabled and disabled from the command prompt. The syntax is given below: Enable - ca sicl on Disable - ca sicl off Once you have entered the command to enable or disable SICL, you will be prompted to verify the action. To complete the process, answer the prompt. If you don't want to view the prompts, you can disable SICL with the following command: ca sicl off silent After enabling or disabling SICL, stop and restart the Director so the changes take effect. For more information on stopping and starting the Director, refer to Chapter 1. 7.5 Configuring CRSS Notification ***Note*** CRSS is only used with Windows Intel systems with the CRSS kit installed. Refer to Section 7.4 for information on configuring SICL for systems without the CRSS kit. CRSS provides automatic notification for Windows systems. For CRSS to function properly, you need to configure your system. 7.5.1 Enabling and Disabling QSAP Notification Before you can use CRSS, you will need to enable communications with a Qualified Service Access Point (QSAP) node. QSAP is enabled and disabled from the command prompt: Enable - desta qsap on Disable - desta qsap off When you disable QSAP, you will be prompted to verify the action. To complete the process, answer the prompt. To disable QSAP without being prompted, use the following command: desta qsap off silent 7.5.2 Event Log Settings If your event log is completely full no more events can be logged and CRSS will not be able to perform automatic notification. In order to ensure that the log does not fill, you should make sure the event log is set to automatically remove old events. Change the event log settings using the following procedure. 1. Open the Start menu and select Programs | Administrative Tools (Common) | Event Viewer. The Event Viewer opens. 2. Select Log Settings from the Log pull-down menu. The Event Log Settings dialog box opens (Figure 7-1). Figure 7-1 Event Log Settings Dialog Box 3. Select the Application Log using the drop-down list at the top of the dialog box. 4. Use the following settings for the Application Log: - Maximum Log Size - 2048 Kilobytes - Overwrite Events Older than 2 Days 5. Click the OK button to apply your changes.  ========================================================================= A ***Sample Outputs*** This appendix provides examples of translated event output and analysis output. - Sample Analysis Output - Sample Translated Event Output - Sample Configuration Entry A.1 Sample Analysis Output Problem Found: Memory Channel Link Transmit Error at Mon Apr 17 12:20:43 EDT 2000 Managed Entity: ------ Product Information ------ Computer Name: sabl28 Record Number: Prefix: xB7EA Service Obligation Data: Service Obligation: Valid Service Obligation Number: CSC1369 System Serial Number: A123456789 Service Provider Company Name: Compaq Brief Description: Memory Channel Link Transmit Error Callout ID: TPE03x0018x1011-08 Severity: 2 Reporting Node: sabl28 Full Description: ----- Standard HUB Error Description and FRU Callout ----- This reporting Adapter detected an error in the transmit FIFO path. ----------------------------------------------------------------- Most Probable Cause: This reporting CCMAB-AA Adapter. Next Most Probable Cause: The CCMLB-AA Linecard connected to this Adapter. FRU List: Standard Hub FRU List: Highest Probability: This Reporting CCMAB-AA Adapter Manufacturer: Compaq Description: PCI Memory Channel Adapter Location: PCI Slot: x00000009 Part Number: 54-24962-01 ------------------------------------------ Next Highest Probability: CCMLB-AA Manufacturer: Compaq Description: Memory Channel Linecard Interface Part Number: 54-24966-01 This Adapter is connected to the Linecard in slot 0 of the HUB. Evidence: Local Time of Event: Thu, 8 Apr 1999 15:45:38 -0400 Link Control and Status Register: x0000C07B Memory Channel Error Register: x12020258 A.2 Sample Translated Event Output The following samples show both full and brief translation output. A.2.1 Full Event: 2 Description: VMS Asychronous Device Attention at Mon Mar 01 20:59:59 MST 1999 f rom SABL15 File: ./ca/examples/rx_data.zpd =============================================================== OS_Type 2 -- OpenVMS AXP Hardware_Arch 4 -- Alpha CEH_Vendor_ID 3,564 -- Compaq Computer Corp Hdwr_Sys_Type 22 -- Unrecognized System Type Logging_CPU 0 -- CPU Logging this Event CPUs_In_Active_Set 0 Entry_Type 128,098 -- VMS Asychronous Device Attention DSR_Msg_Num 1,813 -- Compaq AlphaServer ES40 .... CPU Slots: 1 (500Mhz) .... PCI Slots: 10 .... MMB Slots: 8 (DIMMs) Chip_Type 8 -- EV6 21264 CEH_Device 49 CEH_Device_ID_0 x0000 0000 CEH_Device_ID_1 x0000 0000 CEH_Device_ID_2 x0000 0000 Unique_ID_Count 93 Unique_ID_Prefix 2 TLV_DSR_String AlphaServer 1200 5/533 4MB TLV_DDR_String TLV_Sys_Serial_Num NI73702WH1 TLV_Time_as_Local Mon, 1 Mar 1999 20:59:59 -0700 TLV_OS_Version X6O1-SSB TLV_Computer_Name SABL15 emb_ertcnt x0000 0016 emb_class 128 Bus Class emb_type 49 Memory Channel emb_bcnt 0 emb_errcnt 1 emb_func 0 ucb_name_len 10 ucb_name SABL15$MCA ucb_dtname_len 0 ucb_dtname Revision_Information x0000 0001 Family_ID x0000 0016 Member_MC_ID x0000 0007 MC_PCI_Bus_Number x0000 003D MC_PCI_Slot_Number x0000 0003 MC_PCI_Frame_Size x0000 00A4 Vendor_ID x1011 Device_ID_MC x0018 Bus_Cmd x0146 Bus_Status x0400 Rev_ID 176 RegProg x00 Sub_Class x80 Base_Class x02 Cache_Line_Size x00 Latency_Timer x10 Header_Type x00 BIST x00 Window_Cntl x08 PCITbar x78 0000 Base_Addr_1 x7800 0008 Base_Addr_2 x0000 0000 Base_Addr_3 x0000 0000 Base_Addr_4 x0000 0000 Base_Addr_5 x7800 0008 Cardbus_CIS x0000 0000 Sys_Vendor_ID x0000 Subsystem_ID x0000 Expansion_ROM_Base_Addrx07C0 0000 Interrupt_Line 12 Interrupt_Pin 1 Min_Gnt 0 Max_Lat 0 PCT_Data x0000 0000 MCLcsr x0000 C07A RPE[1] x1 Rx_Err_Ena[3] x1 Tx_Err_Ena[4] x1 MC_Int_Ena[5] x1 Port_Change_Ena[6] x1 Port_Change_Int[14] x1 INT_Summary[15] x1 PCIRbar xF800 0000 MCError x1202 0202 Rx_Err_on_Data[1] x1 Cntl_Packet_History[9]x1 Heartbeat_Ena[17] x1 Sum_Rx_Err[25] x1 Sum_Tx_Err[28] x1 MCPort x5642 0000 Line_Card_Slot[21:16]x02 Hub_Type[24:22] x1 Rsvd_1[25] x1 Heartbeat_Timeout_Sel[26]x1 Adapter_OK[28] x1 Hub_OK[30] x1 Config x0000 001F Port_Online x0000 0000 Cluser_Status_Low x0000 0002 Cluser_Status_High x0000 0000 Node_0_Low x0000 0000 Node_0_High x0000 0000 Node_1_Low x0000 0000 Node_1_High x0000 0000 Node_2_Low x0000 0009 Node_2_High x0000 0000 Node_3_Low x0000 0000 Node_3_High x0000 0000 Node_4_Low x0000 0009 Node_4_High x0000 0000 Node_5_Low x0000 0000 Node_5_High x0000 0000 Node_6_Low x0000 0000 Node_6_High x0000 0000 Node_7_Low x0000 0000 Node_7_High x0000 0000 A.2.2 Brief Event: 2 Description: VMS Asychronous Device Attention at Mon Mar 01 20:59:59 MST 1999 f rom SABL15 File: ./ca/examples/rx_data.zpd =============================================================== OS_Type 2 -- OpenVMS AXP Hardware_Arch 4 -- Alpha CEH_Vendor_ID 3,564 -- Compaq Computer Corp Hdwr_Sys_Type 22 -- Unrecognized System Type Logging_CPU 0 -- CPU Logging this Event CPUs_In_Active_Set 0 Entry_Type 128,098 -- VMS Asychronous Device Attention DSR_Msg_Num 1,813 -- Compaq AlphaServer ES40 .... CPU Slots: 1 (500Mhz) .... PCI Slots: 10 .... MMB Slots: 8 (DIMMs) Chip_Type 8 -- EV6 21264 CEH_Device 49 CEH_Device_ID_0 x0000 0000 CEH_Device_ID_1 x0000 0000 CEH_Device_ID_2 x0000 0000 Unique_ID_Count 93 Unique_ID_Prefix 2 TLV_DSR_String AlphaServer 1200 5/533 4MB TLV_DDR_String TLV_Sys_Serial_Num NI73702WH1 TLV_Time_as_Local Mon, 1 Mar 1999 20:59:59 -0700 TLV_OS_Version X6O1-SSB TLV_Computer_Name SABL15 emb_class 128 Bus Class emb_type 49 A.3 Sample Configuration Entry COMMON EVENT HEADER (CEH) V2.0 OS_Type 1 -- Tru64 UNIX Hardware_Arch 4 -- Alpha CEH_Vendor_ID 3,564 -- Compaq Computer Corp Hdwr_Sys_Type 35 -- GS40/80/160/320 Series Logging_CPU 0 -- CPU Logging this Event CPUs_In_Active_Set 1 Entry_Type 110 -- Configuration Event DSR_Msg_Num 1,968 -- Compaq AlphaServer GS160 Chip_Type 11 -- EV67 21264A CEH_Device 54 CEH_Device_ID_0 x0000 03FF CEH_Device_ID_1 x0000 0007 CEH_Device_ID_2 x0000 0007 Unique_ID_Count 0 Unique_ID_Prefix 32,640 TLV Section of CEH TLV_Time_as_Local Tue, 21 Mar 2000 07:11:16 -0700 TLV_Computer_Name wfsi21 TLV_DSR_String Compaq AlphaServer GS160 6/731 TLV_OS_Version Digital UNIX V4.0G (Rev. 1511) TLV_Sys_Serial_Num PROTO-WF21 Configuration Entry NOTE - CONFIGURATION ENTRY encountered in Event Log File. - A Decomposed Configuration Tree Report is available for this event, and may be selected seperately for display in certain user modes.  ========================================================================= B ***Known Messages in Compaq Analyze*** This appendix describes known messages sent by Compaq Analyze to its message logs (see Chapter 1 of this guide for more information on the message logs). Though they may appear to indicate problems, they are known and expected. - Configuration File Created - Start-up Errors in DUReader, Binlog, and Scavenge - Security Properties Not Found - JIT Compiler Not Found - Two Instances of "desta_exec" B.1 Configuration File Created ___. WARNING on February 1, 1999 11:23:35 AM MST (0.023 sec elapsed) Configuration file /usr/opt/compaq/svctools/desta/config/Configuration.dat not found, creating it. Current Thread[main,5,main] This warning is expected and correct the first time the Compaq Analyze Director is executed on a machine. See Chapter 6 of this guide for more information. B.2 Start-up Errors in DUReader, Binlog, and Scavenge ___. RECOVERED FROM ERROR on February 2, 1999 4:09:51 PM MST (1.263 sec elapsed) :16063208187:com.compaq.svctools.ca.services.eventreaders.DUReader:2 Error during connected read of Mailbox: Current Thread[Thread-10: com.compaq.svctools.ca.services.eventreaders.DUWaiter for com.compaq.svctools.ca.services.eventreaders.DUReader:2,5,main] EXCEPTION com.compaq.svctools.desta.core.DESTAException: binlog not open at com.compaq.svctools.ca.services.eventreaders.Binlogd.read(Compiled Code) at com.compaq.svctools.ca.services.eventreaders.DUReader.connect(Compiled Code) at com.compaq.svctools.ca.services.eventreaders.DUWaiter.run(Compiled Code) ___. RECOVERED FROM ERROR on February 2, 1999 4:10:01 PM MST (11.296 sec elapsed) Scavenge didn't start: Current Thread[Thread-11,5,main] EXCEPTION com.compaq.svctools.desta.core.DESTAException: timed out at com.compaq.svctools.ca.services.eventreaders.EvtReader.scavengeLog(Compiled Code) at com.compaq.svctools.ca.services.eventreaders.EvtReader$1.run(Compiled Code) These messages appear if a user without privileges to read the system error log file attempts to start the Director. The Director continues to execute, but events written to the system error log are not captured. The previous messages show examples for Tru64 UNIX. Other operating systems may show similar error messages. If the user starting the Director does have superuser privileges, then these messages may appear if the binlogd daemon is not running. If the command ps -ef | grep binlogd does not show a binlogd process running, it can be restarted by a superuser with the command /usr/sbin/binlogd. B.3 Security Properties Not Found security properties not found. using defaults. This message only appears on Tru64 UNIX systems when the desta or ca script is used to start a WEBES or Compaq Analyze process. It is expected and correct. The message is generated by the Java Virtual Machine when any Java code is started using Java Native Interface (JNI), an interface that Compaq Analyze uses. B.4 JIT Compiler Not Found dlopen: Cannot map library libsuncompiler.so (libsuncompiler.so) Warning: JIT compiler "suncompiler" not found. Will use interpreter. This message only appears on Tru64 UNIX systems when the standalone Java Runtime Environment (JRE) is installed instead of the full Java Development Kit (JDK). It is generated by the Java Virtual Machine when any Java code is started using the jre command and displays when the desta or ca script is used to start a Compaq Analyze process. It is expected and correct. B.5 Two Instances of "desta_exec" Refer to Section 1.3 for information on the WEBES processes. On Tru64 UNIX and Windows desta_exec is the wrapper executable around any WEBES process, not just the Director. With all WEBES products installed, desta start starts two instances of desta_exec. The first instance contains the DESTA Director and all WEBES services except the Crash Analyzer service (CCAT). The Director spawns this crash analyzer as the second instance, which is a subprocess of the Director. Because the DeCOR analysis engine (a C++ library) does not support multiple simultaneous databases and is not re-entrant, each service that wishes to use DeCOR separately must run in a separate process. There are two services that use the DeCOR library - Compaq Analyze's event analyzer, and CCAT's crash analyzer. The Compaq Analyze service runs in the main process with the Director, and CCAT's analyzer is spawned in a separate process at startup. All services started by the Director continue to run for the lifetime of the desta_exec processes. If CCAT is not installed, there is no second instance. On OpenVMS There may be two WEBES processes, but they are labelled differently in the SHOW SYSTEM output. The first process is labelled DESTA DIRECTOR. The second is normally SYSTEM_1 for example, if the SYSTEM user starts the Director. The numeric suffix may vary. WEBES processes are labelled USERNAME_n, where USERNAME is the user that started it, and n is the nth process started by that user.  ========================================================================= ***Glossary*** A ACHS Automatic Call Handling System. Within the service provider's customer service center, ACHS accepts incoming event analysis messages that were initiated by SICL. analysis The process of interpreting events from a binary event log and generating problem reports that describe any problems and possible corrective actions. There are two modes of analysis supported by Compaq Analyze, automatic and manual. attribute A component of a service. Some attributes can be configured by the user to modify how Compaq Analyze services operate. Automated Call Handling Service See ACHS. automatic One of the analysis modes supported by Compaq Analyze. In automatic mode, Compaq Analyze monitors the binary system event log, analyzes events, and generates reports without user intervention. B binary event log A log file containing system data saved in binary format. Binary error logs are processed by Compaq Analyze and the results of this analysis are presented in problem reports. Bit To Text See BTT. BTT Bit to Text. The process used to translate the events contained in a binary log file and produce text output. See also, translation. C CCAT Compaq Crash Analysis Tool. CCAT is a remote operating system failure analysis tool and is a WEBES component. CEH Common Event Header. The header format used for binary event logs on supported products. See the Compaq Analyze Release Notes for a list of the supported products. CLI Command Line Interface. The Compaq Analyze interface that uses the command prompt to interact with the system. The CLI processes commands entered at the command prompt and returns information and results as text, either to the terminal window or to designated output file(s). Command Line Interface See CLI. common attributes Standard configuration settings available for all Compaq Analyze services. Common Event Header See CEH. Compaq Analyze Compaq Analyze is a remote system event monitoring tool and is a WEBES component. Compaq Crash Analysis Tool See CCAT. Compaq Remote Support Service See CRSS. CRSS Compaq Remote Support Service. CRSS is the next generation of SICL and is capable of operating effectively in a distributed environment. D DeCOR The rules-based analysis engine used by DECevent, Compaq Analyze, and CCAT. Compaq Analyze uses DeCOR to apply rules to binary events and produce analysis results. Different rules are supplied with DECevent and CCAT. DESTA Distributed Enterprise Service Tools Architecture. DESTA is Compaq's high-availability system fault management architecture. DHCP Dynamic Host Configuration Protocol. DHCP is a protocol for automatic TCP/IP configuration that provides dynamic and static address allocation and management. Director The WEBES component responsible for managing a machine and communicating with other machines. Distributed Enterprise Service Tools Architecture See DESTA. DSNLink Automatic notification tool that sends the results of analysis to your service provider. Dynamic Host Configuration Protocol See DHCP. E event System data written to the binary event log. extended attributes Configuration settings unique to a single Compaq Analyze service. F field Component of a frame containing a label and its corresponding value. Field Replaceable Unit See FRU. frame Part of an event consisting of one or more translated fields of information. FRU Field Replaceable Unit. A hardware component installed on a system. G global attribute An attribute that affects all the Compaq Analyze interfaces. group Multiple nodes associated in the navigation frame of the web interface. H HTML Hypertext Markup Language. The tagging language used to format and display information on the web. Hypertext Markup Language See HTML. I instance file A file used by Compaq Analyze to store analysis data including, the paths and filenames of the KRS files to be used for analysis, the input entry classes, the intermediate data such as complex storage classes, and the analysis results. J Java Platform-independent, object-oriented programming language. K Knowledge Rule Set See KRS. KRS Knowledge Rule Set. Files that define what conditions must be met in order to trigger automatic analysis. Also known as rules or rule sets. L log file Either a binary file containing system events or a text file containing error and informational messages written by WEBES processes. M manual One of the modes of operation supported by Compaq Analyze. In manual mode, the binary log files and events to be analyzed must be specified by the user. N node A remote system accessed through its Director. notification Procedure for relaying analysis information to the interested parties. Compaq Analyze supports automatic notification via e-mail, SICL, or CRSS. P problem report The output generated by analysis. Reports contain information about errors and suggested corrective actions. profile Configuration information that is associated with a log on name. The profile contains information about Director settings and navigation frame appearance that can be propagated to future sessions. Q QSAP Qualified Service Access Point. The QSAP acts as a gateway for CRSS managed servers to connect with the outside world. Qualified Service Access Point See QSAP. R RCM Revision and Configuration Management. RCM is a remote system configuration tool and is a WEBES component. register The process of installing or activating a knowledge rule set. Revision and Configuration Management See RCM. rule and rule set See KRS. S service A component responsible for providing a Compaq Analyze function. service obligation An agreement with Compaq for the use of the WEBES tools. The service obligation defines the terms of your support agreement with Compaq. SICL System Initiated Call Logging. SICL refers to the concept of automatically sending fault and failure messages to the service provider's customer service center. The messages are then received by ACHS, analyzed, and acted upon as appropriate. Simple Mail Transfer Protocol See SMTP. SMTP Simple Mail Transfer Protocol. SMTP is a TCP/IP protocol governing e-mail transmission and reception. String and Value Pairs See SVP. SVP String and Value Pairs. The format used to present information in generated reports. The string describes the type of information presented and the value indicates the system specific information. system configuration The software settings for Compaq Analyze. The system configuration can be changed using any of the interfaces. System Initiated Call Logging See SICL. T TCP/IP Transmission Control Protocol/Internet Protocol. TCP/IP provides communication between computers across interconnected networks, even when the computers have different hardware architectures and operating systems. translation The process of converting binary event logs into readable output. See also BTT. Transmission Control Protocol/Internet Protocol See TCP/IP. U UniCensus The Tru64 UNIX version of RCM. unregister The process of removing or deactivating a knowledge rule set. W WBEM Web-Based Enterprise Management. WBEM is distributed, web-based system management. WCC WEBES Common Components. The WCC are the portions of WEBES that allow the tool suite to function as an integrated installation. The WCC are separate from the individual tools in the WEBES suite (Compaq Analyze, CCAT, and RCM) and are transparent to the user. Web-Based Enterprise Management See WBEM. Web-Based Enterprise Service See WEBES. WEBES Web-Based Enterprise Service. WEBES is an integrated set of web-enabled service tools that include: Compaq Analyze, Compaq Crash Analysis Tool (CCAT), and Revision Configuration Manager (RCM). See also DESTA, WBEM. WEBES Common Components See WCC. web interface The Compaq Analyze interface accessed through a web browser. The web interface uses graphical displays to present information and relies on a combination of mouse and keyboard actions to interact with the system.  ========================================================================= ***Index*** ********************************************************************** ** ** ** A NOTE ABOUT THE INDEX: ** ** ** ** Because of different font spacing and layout, the page count and ** ** configuration of this text extract varies from the original ** ** print version of the document. This process also prevents the ** ** text extract from accurately mapping the page numbers shown in ** ** the original index to the desired page in the text extract. ** ** ** ** To find information in this text file, open the file in a text ** ** editor and use a search command to find the desired word. (In ** ** fact, this technique generally provides a more thorough series ** ** of hits than the author's original index.) ** ** ** **********************************************************************