********************************************************************** ** ** ** TEXT FILE LIMITATIONS: ** ** ** ** The text extract for this document does not capture tables very ** ** well, mainly because of the 75-column, monospaced character ** ** limitation. Be aware that large data tables probably will not ** ** wrap properly in this text file. ** ** ** ** In addition, the text extract cannot capture figure images. ** ** You can see only placeholders (captions) for the figures. ** ** ** ** You may see references to italic or bold fonts that are visible ** ** in the original document but not in this text extract. ** ** ** ********************************************************************** ========================================================================= Compaq Analyze and WEBES Advanced User Guide ------------------------------------------------------------------------- Compaq Analyze is a rules-based hardware fault management diagnostic tool that provides error event analysis and translation. The multi-event correlation analysis feature of Compaq Analyze provides the capability to analyze events stored in the system's binary event log file and events from other sources. The Compaq Analyze User Guide provides information about the features of Compaq Analyze and explains how to operate the software. The advanced guide contains additional information about operations useful to Compaq service personnel and system managers as well as additional information about working with the WEBES Director. Internal Use Only; Rev. 10/23/00-A Operating System: Microsoft Windows NT 4.0 and Windows 2000 Compaq Tru64 UNIX versions 4.0E to 5.1 Compaq OpenVMS Alpha versions 7.1-2, 7.2, 7.2-1, and 7.2-1H1 Software Version: Compaq Analyze 3.1 October 2000 Copyright 2000 Compaq Computer Corporation Compaq and the Compaq logo Registered in U.S. Patent and Trademark Office. Tru64 and OpenVMS are trademarks of Compaq Information Technologies Group, L.P. in the United States and other countries. Microsoft, Windows, Windows NT, and MS-DOS are trademarks of Microsoft Corporation in the United States and other countries. Intel is a trademark of Intel Corporation in the United States and other countries. UNIX is a trademark of The Open Group in the United States and other countries. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software. Valid license from Compaq required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. This service tool software is the property of, and contains confidential technology of Compaq. Possession and use of this software is authorized only pursuant to the Proprietary Service Tool Software License contained in the software or documentation accompanying this software. Compaq service tool software, including associated documentation, is the property of and contains confidential technology of Compaq Computer Corporation. Service customer is hereby licensed to use the software only for activities directly relating to the delivery of, and only during the term of, the applicable services delivered by Compaq or its authorized service provider. Customer may not modify or reverse engineer, remove or transfer the software or make the software or any resultant diagnosis or system management data available to other parties without Compaq's or its authorized service provider's consent. Upon termination of the services, customer will, at Compaq's or its service provider's option, destroy or return the software and associated documentation in its possession. Printed in U.S.A. ========================================================================= ***Contents*** Preface Overview Intended Audience Documentation Conventions Further Information 1 Introduction 1.1 Description of Compaq Analyze 1.2 Compaq Service Tools 1.3 WEBES and Compaq Analyze Processes 1.3.1 Director 1.3.2 Web Interface 1.4 Starting the Director 1.5 Stopping the Director 1.6 Monitoring WEBES Processes 1.7 Log Files 1.7.1 Location 1.7.2 Logging Level 1.8 License Agreement 1.9 Service Obligations 1.10 Environment Setup 1.11 Nomenclature Differences 1.12 Advanced Options 1.12.1 Unanalyzed Event Logger 2 Command Line Interface (CLI) 2.1 Overview 2.1.1 Standalone CLI 2.1.2 Conventions 2.2 Command Syntax 2.2.1 Setting the Default Syntax 2.2.2 Showing the Default Syntax 2.3 Command Verbs 2.3.1 CA Command Verbs 2.3.2 DESTA Commands 2.4 Command Parameters 2.5 Analysis 2.5.1 Manual Analysis 2.5.1.1 Performing Manual Analysis 2.5.1.2 Specifying Input Files 2.5.1.3 Saving Output to a File 2.5.2 Automatic Analysis 2.5.2.1 Viewing Automatic Analysis Reports 2.5.2.2 Logging Automatic Analysis Reports 2.5.3 Analysis Output 2.6 Translation 2.6.1 Performing Translation 2.6.2 Specifying Input Files 2.6.3 Saving Output to a File 2.6.4 Filtering Log Files 2.6.5 Output Type 2.6.6 Translation Output 2.7 Summary of Events 2.7.1 Specifying Input Files 2.7.2 Filtering Log Files 2.7.3 Indexed Output 2.7.4 Example Output 2.8 Creating New Binary Event Log Files 2.8.1 Specifying Input Files 2.8.2 Saving Output to a File 2.8.3 Filtering Log Files 2.9 Modifying Commands 2.9.1 Input Files 2.9.2 Output Files 2.9.3 Filtering 2.10 Knowledge Rulesets 2.11 Configuration 2.12 Notification 2.13 Service Obligations 2.13.1 Show 2.13.2 Override 2.14 Getting Help 2.15 Advanced Operations 2.15.1 Simulate Automatic Analysis 2.15.2 Translating All Events 2.15.3 Event Type Filtering 2.15.4 Manipulate Service Obligation 2.15.4.1 Change 2.15.4.2 Install 2.15.5 FRU Tree 2.15.5.1 Input Files 2.15.5.2 Example 2.15.6 Rebuild Frame Knowledge 3 Web Interface 3.1 Description 3.1.1 Translation 3.1.2 Analysis 3.1.2.1 Automatic 3.1.2.2 Manual 3.1.3 Notification 3.2 Accessing the Web Interface 3.2.1 Supported Web Browsers 3.2.2 Browser Setup 3.2.3 Browsers and the Web Interface 3.2.4 Starting the Web Interface 3.3 Toolbar 3.4 Navigation 3.5 The Navigation Tree 3.5.1 Groups 3.5.1.1 Adding Groups 3.5.1.2 Removing Groups 3.5.2 Nodes 3.5.2.1 Adding Nodes 3.5.2.2 Removing Nodes 3.5.2.3 Node Status 3.5.3 Categories 3.5.3.1 Adding Categories 3.5.3.2 Removing Categories 3.5.4 Log Files 3.5.4.1 System Log 3.5.4.2 Other Logs 3.6 Analysis Information 3.6.1 Automatic Analysis Features 3.6.2 Manual Analysis Features 3.6.3 Problem Reports 3.6.4 Summary 3.6.5 Events 3.6.6 Displaying Details 3.7 Processing Status 3.8 Settings 3.8.1 Viewing Text Error/Information Log Files 3.8.2 Director Settings 3.8.3 User Settings 3.8.4 Register Knowledge 3.9 Getting Help 3.9.1 Context Sensitive Help 3.9.2 On-Line User Guide 3.10 Log Off 3.11 Lost Connection 3.12 Service Obligation 3.13 Disabling the Web Service 3.14 Advanced Operations 3.14.1 Configuration Entries 3.14.2 Filtered Events 3.14.3 Example Log Files 4 Event Translation 4.1 Translation Defaults 4.2 Automatic Translation 4.3 Manual Translation 4.4 Viewing Translation Information 4.5 Interpreting Translation Information 4.5.1 Overall 4.5.2 Frame 4.5.3 Field 4.6 Typical Frame of a Translated Binary Event 4.7 Advanced Operations 4.7.1 Simulation of Automatic Translation 5 Event Analysis 5.1 Analysis Rules 5.2 Instance Files 5.3 Managing Rule Sets 5.3.1 Viewing Registered Rules 5.3.2 Registering and Unregistering Rule Sets 5.3.2.1 CLI 5.3.2.2 Web Interface 5.4 Automatic Analysis 5.5 Manual Analysis 5.6 Viewing Analysis Information 5.7 Interpreting Analysis Information 5.7.1 Managed Entity 5.7.2 Service Obligation 5.7.3 Brief Description 5.7.4 Callout ID 5.7.5 Severity 5.7.6 Reporting Node 5.7.7 Full Description 5.7.8 FRU List 5.7.9 Evidence 5.8 Advanced Operations 5.8.1 Regenerating a Problem Report using Automatic Analysis 5.8.2 Simulation of Automatic Analysis 5.8.2.1 Analysis of a Log File 5.8.2.2 Analysis of all Event Logs in a Directory 5.8.2.3 Simulated Analysis Cleanup 5.8.3 Configuration of Analysis 5.8.3.1 Modifying the Configuration 5.8.3.2 DeCOR Class File 5.8.3.3 Automatic and Manual Analysis Instance Files 5.8.3.4 Watch Flags 6 Configuration 6.1 Getting the Configuration 6.2 Changing the Configuration 6.2.1 CLI 6.2.2 Web Interface 6.3 Global Configuration Attributes 6.3.1 Changing the Attributes 6.3.2 Changing Ports 6.3.3 Changing the Report Type 6.4 Component Configuration Attributes 6.4.1 Common Attributes 6.4.2 Extended Attributes 6.5 Profiles 6.6 Creating and Resetting the Configuration 6.7 Advanced Operations 6.7.1 Logging Level 6.7.1.1 CLI 6.7.1.2 Web Interface 7 Notification 7.1 Automatic Notification 7.2 Configuring SMTP Mail Notification 7.3 Customer Profile File 7.3.1 Profile File Contents 7.3.2 Path Setup 7.4 Enabling and Disabling SICL Notification 7.5 Configuring CRSS Notification 7.5.1 Enabling and Disabling QSAP Notification 7.5.2 Event Log Settings A Sample Outputs A.1 Sample Analysis Output A.2 Sample Translated Event Output A.2.1 Full A.2.2 Brief A.3 Sample Configuration Entry A.4 Text Error/Information Log File Output B Known Messages in Compaq Analyze B.1 Configuration File Created B.2 Start-up Errors in DUReader, Binlog, and Scavenge B.3 Security Properties Not Found B.4 JIT Compiler Not Found B.5 Two Instances of "desta_exec" Glossary Index  ========================================================================= ***List of Figures*** 1-1 Compaq Analyze Running on a UNIX and a Windows Machine. 3-1 Logon Window 3-2 The Web Interface 3-3 Toolbar 3-4 Collapsed Tree 3-5 Navigation Tree 3-6 Add Group 3-7 Remove Group 3-8 Add Node 3-9 Remove Node 3-10 Activate Node 3-11 Activating Node Message 3-12 Unable to Activate Node Message 3-13 Add Category 3-14 Remove Category 3-15 Add Log File Tab 3-16 Remove Log File Tab 3-17 Analysis Started Message 3-18 Analysis Failed Message 3-19 Synchronize and Clear Buttons 3-20 Reprocess Button 3-21 Problem Report Tab 3-22 Summary Tab 3-23 Events Tab 3-24 Navigation Buttons 3-25 Status Icons 3-26 Settings Window 3-27 User Settings 3-28 Log Off Message 3-29 Profile Already Logged On Message 3-30 Lost Connection Message 3-31 Configuration Entries Tab 3-32 FRU Table Button 3-33 Add Log File Tab - Advanced 5-1 Rules Files 6-1 Settings 6-2 Selecting an Service 6-3 Attribute Display 7-1 Event Log Settings Dialog Box  ========================================================================= ***List of Tables*** User Guide Contents 1-1 Unanalyzed Event Logger Attributes 2-1 Syntax Conventions 2-2 Syntax Designators 2-3 Default Syntax 2-4 Command Verbs - ca (multiple syntax) 2-5 Command Verbs - ca (single syntax) 2-6 Command Verbs - desta 2-7 Manual Analysis Commands 2-8 Translation Commands 2-9 Summary Commands 2-10 Create New Log File Commands 2-11 Specifying an Input File 2-12 Specifying an Output File 2-13 General Filtering Rules 2-14 Filtering Statements 2-15 Event Type Keywords 2-16 FRU Tree Commands 3-1 Web Interface Components 3-2 Toolbar 3-3 Automatic Analysis Features 5-1 Problem Severity Levels 6-1 Ports  ========================================================================= ***Preface*** Compaq Analyze is a rules-based hardware fault management diagnostic tool that provides error event analysis and translation. The multi-event correlation analysis feature of Compaq Analyze provides the capability to analyze events from a variety of sources, including those stored in the system's binary event log file. Overview The Compaq Analyze User Guide describes the features of Compaq Analyze and explains how to use the application. The organization of the guide is described here. User Guide Contents Chapter ----- Contents ----- Chapter 1 Describes the product, post-installation procedures and processes. Chapter 2 Provides information about the Command Line Interface. Chapter 3 Provides detailed information about the web interface. Chapter 4 Describes the translation of system events. Chapter 5 Explains the analysis rules. Chapter 6 Discusses the Compaq Analyze configuration settings. Chapter 7 Describes how to configure automatic notification. Appendix A Shows sample output files. Appendix B Describes Compaq Analyze messages. Intended Audience The Compaq Analyze User Guide is intended for system managers and service personnel who use the Compaq Analyze software. The advanced sections located at the end of several chapters contain information for Compaq service personnel and system managers knowledgeable in the details of binary events logged by Compaq hardware. The extra features enable in-depth investigation of binary event logs using Compaq Analyze, outside the realm of its automatic or manual analysis capabilities. The advanced information is not required to use Compaq Analyze and is intended for internal use only. Documentation Conventions The following conventions are used in this manual: User entries Information that should be entered exactly as it appears in the document is shown in bold. Variables Information that will vary depending on your computer or user profile is shown in italics. System Output Responses from the system are shown in a monospaced font. Directories Directory paths do not include the installation directory path. Thus, if you installed WEBES in the following directory: C:\Program Files\compaq\svctools\ A reference to the ca directory would indicate: C:\Program Files\compaq\svctools\ca\. Further Information Compaq Analyze is a member of the Web-Based Enterprise Service (WEBES) suite of products. For more information on the other WEBES applications, visit the support web site at the following URL: http://www.support.compaq.com/svctools For information about the supported products and limitations of the current release, refer to the Compaq Analyze Release Notes. Information about the supported operating systems is contained in the WEBES Install Guide along with detailed installation instructions for each operating system. Additional information about WEBES is available in the WEBES Release Notes.  ========================================================================= 1 ***Introduction*** This chapter describes Compaq Analyze, the supported platforms, the post-installation setup procedures, the WEBES and Compaq Analyze processes, the procedures used to start and stop the Director, the locations of WEBES Director log files, and the nomenclature differences. - Description of Compaq Analyze - Compaq Service Tools - WEBES and Compaq Analyze Processes - Starting the Director - Stopping the Director - Monitoring WEBES Processes - Log Files - License Agreement - Service Obligations - Environment Setup - Nomenclature Differences - Advanced Options 1.1 Description of Compaq Analyze Compaq Analyze is a fault analysis utility designed to provide analysis for single error/fault events, as well as multiple event and complex analysis. Compaq Analyze provides system analysis that uses other error/fault data sources in addition to the traditional binary error log. Compaq Analyze provides background automatic analysis by monitoring the active binary error log and processing events as they occur. The events in the binary error log file are checked against the analysis rules. If one or more of the events in the binary error log file meets the conditions specified in the rules, the analysis engine collects the error data and creates a problem report containing a description of the problem and any corrective actions required. Once the problem report is created, it is distributed in accordance with the customer's notification preferences. 1.2 Compaq Service Tools Compaq has implemented a common Application Programming Interface (API) for many of its service tools called Web-Based Enterprise Service (WEBES). The tools included in the current WEBES release are: - Compaq Analyze - Compaq Crash Analysis Tool (CCAT) - Revision and Configuration Management (RCM) Compaq Analyze utilizes the common components of WEBES and adds it own functionality. The other WEBES service tools can be installed along with Compaq Analyze and utilize the same common components. 1.3 WEBES and Compaq Analyze Processes Each WEBES-based service tool adds functionality to the Director, a process (or set of processes) that executes continuously. Compaq Analyze provides the Director with the capability to capture and interpret hardware events. Event analysis can be performed automatically or at the request of an outside process. Compaq Analyze includes a web browser interface that enables you to interact with the Director. Although only one Director can run on a machine at any time, many web browser connections can be active simultaneously, all connected to the single Director. ***Note*** WEBES (Web-Based Enterprise Service) and DESTA (Distributed Enterprise Service Tools Architecture) refer to the same common components. 1.3.1 Director The Director manages the machine it is running on and can communicate to Directors on other machines through various communication mechanisms, such as TCP/IP sockets. Figure 1-1 shows an example of two machines running Compaq Analyze processes. Figure 1-1 Compaq Analyze Running on a UNIX and a Windows Machine. In the example, a UNIX machine and an Windows machine, each running a single Director, communicate with each other over a network. The web interface running on the UNIX machine is connected to the Director on the Windows machine and can display the analysis results from binary event log files on the Windows machine. A telnet session running on the Windows machine can issue CLI commands that are processed by the UNIX machine's director. Note that it is not necessary to have the Director running on the local machine for either type of remote connection. The Director captures, translates, and analyzes events as well as routing messages for the Compaq Analyze system. The Director is idle except for the following circumstances: - Events are received for processing - Messages arrive from other Compaq Analyze processes on the same machine - Messages arrive from a Director on another machine - Another WEBES tool within the Director, performs any task The Director is automatically started along with the machine and should not require any intervention. See Sections 1.4 and 1.5 for more information regarding starting and stopping the Director. 1.3.2 Web Interface Using a web browser, such as Netscape Communicator or Internet Explorer, you can connect: - directly to the URL of the Director on the same machine as the browser - directly to the URL of the Director on a remote machine - indirectly to a remote Director through a direct connection to the Director on the local or a remote machine. The web interface can monitor multiple nodes by communicating with the Directors on other machines. You can establish a direct connection to the Director on any machine reachable by its TCP/IP socket port, and, through that connection, view the Compaq Analyze processes on other nodes (via Director-to-Director communication). You do not need to have WEBES installed or running on the web browser's machine to connect directly to the Director on a remote machine. Chapter 3 of this guide describes how to use the web interface. 1.4 Starting the Director The Director is automatically started during system startup. Under normal operation, you should not need to manually start the Director. However, if circumstances require it, you can manually start the Director by following the instructions for your operating system. Tru64 UNIX Enter /usr/sbin/desta start at a shell prompt. The "root" superuser should restart the Director, since only the superuser has privileges to access the system binary error log (/var/adm/binary.errlog). OpenVMS Enter desta start at the OpenVMS command line prompt. The user that restarts the Director must have all privileges set. Without the necessary privileges, the Director will not be able to read the system binary error log (SYS$ERRORLOG:ERRLOG.SYS). Windows Select Programs | Compaq Service Tools | Web-Based Enterprise Service | Start Director from the Start menu. or Enter net start DESTA_Service in a Command Prompt window to start the DESTA_Service Windows service that starts the Director. You also can start DESTA_Service from the Services utility in the Control Panel. 1.5 Stopping the Director Under normal operation, you should not need to stop the Director. However, if circumstances require you to stop the director, follow the instructions for your operating system. Tru64 UNIX Enter /usr/sbin/desta stop at a shell prompt. Any user can stop the Director. OpenVMS Enter desta stop at a prompt. Any user can stop the Director. Windows Select Programs | Compaq Service Tools | Web-Based Enterprise Service | Stop Director from the Start menu. A Stop Director icon appears in the Task Bar, then disappears when the Director's shutdown has completed. You can also stop the Director by stopping the DESTA_Service Windows service. To stop the service, enter net stop DESTA_Service at the command prompt or use the Services utility in the Control Panel. 1.6 Monitoring WEBES Processes You can monitor the WEBES Director process using the following command: desta status This command generates a brief message describing the current state of the DESTA Director process. The states that may be reported are given here: - The Director's status could not be determined. - The Director is NOT running. - The Director's status file indicates it is running, but the process ID was not found, so the Director process is NOT running. - The Director is running. - The Director is starting up. - The Director is shutting down. If the status is undetermined, or you want more detailed information about sub-processes, you may want to use the monitoring procedures specific to your operating system. Tru64 UNIX All WEBES processes are started with the wrapper program desta_exec. The processes currently running can be displayed with the command: ps ugxww | grep desta_exec | grep -v "grep desta_exec" Example output is shown here: root 59899 0.0 0.0 2.11M 8K pts/1 I N 16:34:12 0:00.04 sh -c /usr/opt/compaq/svctools/bin/desta_exec -ss 512K -ms 8M -mx 1024M root 59901 0.0 0.0 2.11M 56K pts/1 I N 16:34:28 0:00.06 sh -c /usr/opt/compaq/svctools/bin/desta_exec -ss 256K -ms 8M -mx 24M -w root 59903 0.0 2.7 16.8M 3.4M pts/1 S N 16:34:28 0:01.71 /usr/opt/compaq/svctools/bin/desta_exec -ss 256 -ms 8 -mx 24 -w root 59904 0.0 17.8 31.5M 22M pts/1 S N 16:34:12 5:43.56 /usr/opt/compaq/svctools/bin/desta_exec -ss 512 -ms 8 -mx 1024 thomas 158960 0.1 5.1 15.9M 6.4M pts/2 S + 13:49:43 0:01.86 /usr/opt/compaq/svctools/bin/desta_exec -ss 512 -ms 8 -mx 1024 com/compaq/svctools/ca/cli/ManuallyAnalyze hscir1.zpd thomas 158989 0.0 0.1 2.11M 192K pts/2 S + 13:49:43 0:00.02 sh -c /usr/opt/compaq/svctools/bin/desta_exec -ss 512K -ms 8M -mx 1024M com.compaq.svctools.ca.cli.ManuallyAnalyze hscir1.zpd The processes beginning with sh -c are parent processes of the desta_exec processes, which do not start with sh -c. (Use the j option to the ps command instead of g to see the process and parent process IDs). The processes without parameters after the -mx nnnn field constitute the Director's set of processes. Processes containing parameters are other WEBES processes. In the example above, the user thomas is manually analyzing the file hscir1.zpd using the Compaq Analyze CLI, shown by the parameter ...ca.cli.ManuallyAnalyze... . OpenVMS Use the following command to show the processes running on an OpenVMS machine: show system (or sho sys for short) Example output is shown here: OpenVMS V7.1-2 on node FIGARO 16-DEC-1999 15:32:50.14 Uptime 14 21:05:23 Pid Process Name State Pri I/O CPU Page flts Pages 00000101 SWAPPER HIB 16 0 0 00:04:10.34 0 0 00000106 IPCACP HIB 10 10 0 00:00:00.00 30 23 00000107 ERRFMT HIB 8 33813 0 00:00:10.05 189 61 00000109 OPCOM HIB 7 1709 0 00:00:00.30 416 41 ... 00000797 DESTA Director HIB 6 110831 0 00:03:14.75 112196 8192 M 0000079A JOHNSON_3 HIB 6 37957 0 00:01:22.05 7612 1102 MS 000006B5 THOMAS_1 HIB 4 8967 0 00:00:03.04 11610 1771 MS In the above example, the DESTA Director parent process is shown. That process has also spawned a subprocess named JOHNSON_3, since the user JOHNSON started the Director, but the relation is not apparent from the output. Other WEBES processes, such as Compaq Analyze Command Line Interface commands, appear named after the user that started them, such as THOMAS_1 in this example, although it is not apparent that the process is a WEBES process. Windows Use the Windows Task Manager to monitor processes in Windows. Start the Task Manager by pressing Ctrl+Alt+Del, and then pressing the Task Manager button. Once the Task Manager window appears, click the Processes tab to view the running processes. All WEBES processes are started with the wrapper program DESTA_exec.exe, so all WEBES processes appear in the Task Manager list as such. You can distinguish the Director set of processes from other WEBES processes by looking at the Base Priority of the DESTA_exec.exe processes. The Director processes always run at Low priority. All other WEBES processes run at Normal or High priority. Because the Director runs as a Windows service, there is an additional process named DESTAService.ex, which wraps the DESTA_exec.exe processes of the Director and runs for the lifetime of the Director. The DESTAService.ex process runs at Low priority. If the Base Priority column is not shown in the Task Manager list, chose Select Columns from the View pull-down menu. In the window that appears, click Base Priority, then OK. 1.7 Log Files Compaq Analyze processes warnings and informational messages from the Director in log files. ***Note*** These warning and informational message files are different from binary event log files. See Section 1.11 for more information about the different log files. If Compaq Analyze appears to execute incorrectly, or does not respond as expected, check the Director log files for messages that may help you restart or recover. The files can be copied to new file names so that they are not overwritten later, and can be sent to your service provider for review. All WEBES processes log their messages either to files or to the terminal window. For common messages you may encounter, refer to the Compaq Analyze Release Notes or Appendix B. 1.7.1 Location The format of the log file messages is the same for all platforms, however, the file locations are operating system-dependent. Tru64 UNIX The Director and web interface log standard output and error messages to: /usr/opt/compaq/svctools/logs/desta_dir.log The Director appends to this log file each time it is started. OpenVMS The Director and web interface log standard output and error messages to: SVCTOOLS_HOME:[LOGS]DESTA_DIR.LOG The Director creates a new log file each time it is started. The previous log file is saved as: DESTA_DIR.LOG;n Where n is the previous version number of the VMS filename. Windows The locations given here assume that Compaq Analyze was installed in the default directory; if this is not the case, the location path will match the chosen installation directory. The Director (and web interface) logs its standard output messages to: C:\Program Files\compaq\svctools\logs\desta_dir_out.txt The Director's standard error messages are logged to: C:\Program Files\compaq\svctools\logs\desta_dir_err.txt The Director creates new log files each time it is started. The previous log files are renamed to desta_dir_err_backup.txt and desta_dir_out_backup.txt, overwriting any previous versions of those files. 1.7.2 Logging Level The messages logged by WEBES processes are stored in the Director log files described in Section 1.7.1. The minimum severity level, or logging level, indicates the lowest priority message that will be written to the files. Only messages that meet or exceed the minimum severity level are written to the Director log files. The minimum severity level is a global attribute that you can modify from the command line or the web interface. Be aware that changes to the logging level affect all the interfaces. Thus, if you change the logging level using the command line, your changes will be reflected in the web interface and vice versa. See Chapter 6 for more information on configuring attributes. 1.8 License Agreement The first time you use the Compaq Analyze web interface, the license agreement is shown. To accept the terms of the license agreement, enter the serial number from your computer and press the Enter key. If you do not accept the agreement, you will not be able to use Compaq Analyze. 1.9 Service Obligations A service obligation specifies your service provider, service agreement information, and the duration of your agreement. During the WEBES installation process, you will be prompted to enter the service obligation information. This information is included with the results of translation and analysis. Although Compaq Analyze continues to function without a valid service obligation, local notification and reporting are disabled. In addition, the web interface will no longer operate after your service obligation has expired. Refer to Chapters 2 and 3 for information on viewing service obligations. Information about temporarily overriding the service obligation is contained in Chapter 2. You can update your service obligation information, extend an existing service obligation, or enter a new service obligation using the CLI. 1.10 Environment Setup For more information on automatic notification and the Compaq Analyze configuration settings refer to the following sections: - To set up Simple Mail Transfer Protocol (SMTP) E-mail notification of problem reports, refer to Chapter 7. - To set up Automated Call Handling Service (ACHS) notification of problem reports, refer to Chapter 7. - To enable Qualified Service Access Point (QSAP) for use with Compaq Remote Support Service (CRSS), refer to Chapter 7. - If you wish to change how the Compaq Analyze components operate, you can change the system configuration using the web interface. Refer to Chapter 6 for more information about system configuration. You can modify the Compaq Analyze environment at any time. 1.11 Nomenclature Differences The term configuration is used in two different contexts in Compaq Analyze: - Hardware Configuration - identifying the Field Replaceable Unit (FRU) or hardware components currently installed in a machine. - System Configuration - identifying the current software settings of the Compaq Analyze system and each of the services it contains. Most of the settings can be changed using the Compaq Analyze interfaces. Log file is also used in two different contexts: - A log file containing text errors or information written by a Compaq Analyze or WEBES process, such as /usr/opt/compaq/svctools/logs/desta_dir.log on Tru64 UNIX - An error or event log file containing binary events written by the system event logger, such as /var/adm/binary.errlog, written by the binlogd daemon on Tru64 UNIX and translated and analyzed by Compaq Analyze 1.12 Advanced Options The features described here only apply to advanced users. 1.12.1 Unanalyzed Event Logger Compaq Analyze offers an additional logging service, called the Unanalyzed Event Logger, that is not enabled by default. The Unanalyzed Event Logger service writes raw, unanalyzed events to a separate binary event log. This stores events that cannot be processed by Compaq Analyze so they are available for service personnel. In order to limit the size of the created files, the service rotates log files. Each Unanalyzed Event Logger file has a size limit. When the size limit is reached, the old file is saved and closed and the additional events are written to a new file. The number of files is also limited, and when the limit is reached, the oldest log file is deleted. The log files use the following naming convention: unanalyzed_events_log.xxx Where xxx refers to the version number (000, 001, 002, and so on). Files are numbered sequentially, and when 999 is reached the next file is assigned a version of 000. Setup To configure the Unanalyzed Event Logger for use with Compaq Analyze, use the following procedure: 1. While the Director is running, issue the command given for your operating system: Tru64 UNIX and Windows desta msg -enroll com.compaq.svctools.desta.services.analysis.UnanalyzedEventLogger OpenVMS desta msg -enroll "com.compaq.svctools.desta.services.analysis.UnanalyzedEventLogger" 2. Stop the Director. Refer to Section 1.5 for more information on stopping the Director. 3. Using a text editor, open the Compaq Analyze configuration defaults file (located in the \svctools\config directory). The name of the configuration defaults file depends on your operating system: Tru64 UNIX - ConfigDefaultsCAUNIX.txt OpenVMS - ConfigDefaultsCAVMS.txt Windows - ConfigDefaultsCAWindows.txt 4. Delete the pound sign (#) at the beginning of the following line: #com.compaq.svctools.desta.services.analysis.UnanalyzedEventLogger 5. Restart the Director. Refer to Section 1.4 for more information on starting the Director. Configuration If you have enabled the Unanalyzed Event Logger service, you can modify its configuration from the web interface using the Settings window. The Unanalyzed Event Logger attributes are located under UnanalyzedEventLogger service and the attributes described in Table 1-1 can be modified. Table 1-1 Unanalyzed Event Logger Attributes Attribute ----- Description ----- logName The absolute (not relative) path and file name where the created log files are stored. logMaxSize The maximum size for a log file in Kb. Possible values range from 50 to 1000 and the default is 100. archiveVersions The number of log files saved before the oldest file is deleted. Possible values range from 0 to 50 and the default is 5. enabled Indicates whether the service will write unanalyzed events to a log file. Values are either true or false. This attribute can be used to turn the service off without editing the configuration file. Refer to Chapter 6 for more information on changing the configuration from the Settings window.  ========================================================================= 2 ***Command Line Interface (CLI)*** This chapter describes the Command Line Interface (CLI) for Compaq Analyze including its usage and functionality. - Overview - Command Syntax - Command Verbs - Analysis - Translation - Summary of Events - Creating New Binary Event Log Files - Input Files - Output Files - Filtering - Knowledge Rulesets - Configuration - Notification - Service Obligations - Getting Help - Advanced Operations 2.1 Overview The command line interface (CLI) provides a text-based interface for Compaq Analyze and a means to interact with the Director. The CLI enables both automatic and manual analysis (automatic analysis is the default). In automatic mode, Compaq Analyze monitors the binary system event logs for new events. When a event is appended to the binary event log, Compaq Analyze translates the event into a readable format. The decomposed event is passed to the Analyzer for fault analysis. Depending on the analysis of the event and the analysis of a history of events, a problem report may be generated. Manual mode enables you to specify binary event logs for translation and analysis, without interfering with automatic analysis. ***Note*** Most of the examples in this chapter use the Windows directory structure. If you are using a different operating system, you will need to modify the commands accordingly. 2.1.1 Standalone CLI The Director is not required to run all the CLI commands. The following CLI functions can be performed without the Director: - Manual Analysis - Translation - Summary Report - Create New Binary Log File Since these operations do not use the Director, you must have permission to access any log file that you want to process. In addition, messages that would otherwise be written to the Director's log files are included in the output for the command. The messages shown remain subject to the logging level. Refer to Chapter 1 for more information on log messages. 2.1.2 Conventions Table 2-1 describes the conventions used to show CLI commands in this manual. Table 2-1 Syntax Conventions Convention ----- Meaning ----- Bold Command text. Bold is used for information that must be typed as it appears here. For example, command verbs are shown in bold. Italic Variables. Italics are used for information that varies depending on your requirements. For example, inputfile indicates that you should enter the name of the file you want to process. [ ] Optional Entries. Information shown in square brackets is not required. You may or may not include these optional modifiers. In most cases the optional entries pertain to input files, output files and filtering commands. | Mutually Exclusive Entries. The bar separates mutually exclusive entries. 2.2 Command Syntax You interact with the CLI by issuing commands from the command prompt. Some Compaq Analyze operations can be performed using several different commands, or syntaxes. The supported syntaxes are: - Common Syntax - DECevent Emulation (UNIX and VMS) - New Common Syntax You can enter commands using any of the supported command formats. If desired, you can switch between the different syntaxes. ***Note*** The DECevent emulator is only supported on UNIX and VMS systems. In addition, the DECevent emulator only supports some of the commands. Refer to Table 2-4 for a list of the commands supported by the DECevent emulator. If you are using a command syntax other than the default, you must include a syntax designator in the command. Table 2-2 shows the syntax designators. Table 2-2 Syntax Designators Syntax Name ----- Syntax Designator ----- Command Preface ----- Common Syntax x ca (ca x if the default syntax is not set to the common syntax) DECevent Emulator (UNIX) u ca u DECevent Emulator (VMS) v ca v New Common Syntax n ca n 2.2.1 Setting the Default Syntax When Compaq Analyze is installed, the common syntax is the default for the CLI. As a result, when you enter commands in the common syntax you do not need to include a syntax designator. If you want, you can change the default syntax. Any commands that use the default syntax do not require a syntax designator. To specify a default syntax, use the following command: ca syntax syntax_designator Where syntax_designator refers to the letter corresponding to the desired default syntax (see Table 2-2 for the designator associated with each syntax). For example, to set the new common syntax as the default syntax, use the following command: ca syntax n Once the syntax is set, you can enter commands in your chosen syntax without specifying the syntax designator. Table 2-3 shows how the default syntax setting affects commands. Table 2-3 Default Syntax Command Syntax ----- Default Syntax Translation Command Format ----- Not Default Syntax Translation Command Format ----- Common Syntax ca trans ca x trans DECevent Emulator (UNIX) ca -a ca u -a DECevent Emulator (VMS) ca /tra ca v /tra New Common Syntax ca tra ca n tra ***Note*** Changes to the default syntax affect all the users on a system. Thus, if another user changes the default syntax, your session may not function as expected. You can avoid this situation by using a syntax designator with all the commands that support multiple formats. 2.2.2 Showing the Default Syntax To show the current default syntax, use the following command: ca syntax 2.3 Command Verbs The CLI supports both Compaq Analyze commands and Director commands. Compaq Analyze commands use the ca preface and Director commands use the desta preface. ***Note*** If you enter the command ca without any command verb or parameters, Compaq Analyze defaults to translation. In this case, the system event log is translated and the output is sent to the screen. 2.3.1 CA Command Verbs The Compaq Analyze commands that support multiple syntaxes are formed using the following convention: ca syntax_designator command_verb Where syntax_designator indicates which syntax you are using (if it is not the default syntax) and command_verb indicates the action you want to perform. The syntax designator is not necessary if you are using the default syntax. Table 2-4 provides an overview of the available ca command verbs that support multiple syntaxes. Table 2-4 Command Verbs - ca (multiple syntax) Common Syntax ----- DECevent Emulator (UNIX) ----- DECevent Emulator (VMS) ----- New Common Syntax1 ----- Description ----- analyze ana /ana ana (analyze) Switches to manual mode and analyzes one or more binary event logs. See Section 2.5.1 for more details. trans -a /tra tra (translation) Switches to manual mode and translates one or more binary event logs. This command does not send the results to analysis. See Section 2.6 for more details. summ -o sum /sum sum (summarize) Returns a summary of all the events contained in a binary event log. See Section 2.7 for more details. filterlog -b /bin bin (binary) Applies a filter to an existing binary event log and creates a new binary event log containing the subset of events returned after filtering. See Section 2.8 for more details. help help /help help Displays a text-based help file. The text-file describes the syntaxes supported by your operating system. fru fru /fru fru (Advanced) Displays the FRU tree for the system. If you specify a input file, the FRU tree associated with that file is shown. 1 The new common syntax allows abbreviations. You only need to enter the first three letters of a command verb to initiate the command. The full command verb is shown in parenthesis. The Compaq Analyze ca commands that only support one syntax are formed using the following convention: ca command_verb Where command_verb indicates the action you want to perform. Table 2-5 provides an overview of the available ca command verbs that only support one syntax. Table 2-5 Command Verbs - ca (single syntax) Verb ----- Description ----- report Displays the active problem reports generated from automatic analysis. See Section 2.5.2.1 for more details. log Toggles the logging of automatically generated problem reports on or off. See Section 2.5.2.2 for more details. listrk List the paths of the knowledge files registered with DeCOR. See Section 2.10 for syntax information and Chapter 5 for more details on rule sets. regknw Registers or unregisters one or more knowledge (*.krs) files for use during automatic and manual event analysis. See Section 2.10 for syntax information and Chapter 5 for more details on rule sets. sicl Toggles on or off the Compaq Analyze System Initiated Call Logging (SICL) feature, which automatically log calls with Compaq Services if DSNLink is installed on the system. See Section 2.12 for syntax information and Chapter 7 for more details on SICL. msg (Advanced) Simulates automatic analysis for a binary event log file or files. See Section 2.15.1 for syntax information and Chapter 5 for more details on analysis. 2.3.2 DESTA Commands The Director commands are formed using the following convention: desta command_verb Where command_verb indicates the action you want to perform. Table 2-6 describes the command verbs used with desta. Table 2-6 Command Verbs - desta Verb ----- Description ----- bldknw (Advanced) Rebuilds the frame knowledge used to translate events. See Section 2.15.6 for more details. msg Changes the Compaq Analyze logging level and port configuration settings. See Section 2.11 for more details on port settings. See Chapter 6 for more information on the logging level. qsap Toggles on or off the Compaq Analyze Qualified Service Access Point (QSAP) feature, which automatically log calls with Compaq Services. See Section 2.12 for syntax information and Chapter 7 for more details on QSAP. servob Overrides your Compaq Analyze service obligation. See Section 2.13 for more details. In addition, you can change the service obligation or rerun the installation script. See Section 2.15.4 for more details. start Starts the Director if it has been stopped. See Chapter 1 for more details on starting the Director. status Shows the current status of the Director. See Chapter 1 for more details on the Director's status. stop Manually stops the Director. See Chapter 1 for more details on stopping the Director. 2.4 Command Parameters Parameters are used to specify binary log files for processing, designate output files, and create filters. In most cases, Compaq Analyze allows you to specify parameters in any order. For example, the following commands using the new common syntax are equivalent: ca n tra myinput.zpd out myoutput.txt index=(start:10) brief ca n brief index=(start:10) out myoutput.txt myinput.txt tra Notice that even the placement of the command verb (tra in this case) may be changed. Be aware of the following exceptions to the order independence rule: - With the common syntax, the command verb must be the first parameter. - The parameters of the common syntax filterlog command must be entered in the specified order. See Section 2.8 for more on the filterlog command. - If you are using the new common syntax sum command and you want to generate indexed output, the index parameter must immediately follow the sum command verb. Otherwise, Compaq Analyze will assume you are using the index filter keyword. Refer to Section 2.7 for more on the sum command. 2.5 Analysis If the Director is installed, automatic analysis is initiated when you start your machine. This means that Compaq Analyze automatically analyzes the default event log file and generates reports as necessary. With manual analysis you can select a binary event log for immediate processing. For more information on analysis and the default analysis settings, refer to Chapter 5. 2.5.1 Manual Analysis Use manual analysis to analyze a binary event log other than the system event log. To switch to manual mode, analyze binary event logs, and output the generated reports, use the analysis command. For more information on manual analysis operations and output, refer to Chapter 5. For information about using the analyze command to simulate automatic analysis on all the binary event logs in a directory, see Chapter 5. 2.5.1.1 Performing Manual Analysis You can manually analyze binary event logs using any command syntax. Table 2-7 describes the commands used for manual analysis: Table 2-7 Manual Analysis Commands Command Syntax ----- Format ----- Common Syntax ca x analyze [inputfile] [outtext | outhtml outputfile] DECevent Emulator (UNIX) ca u ana [-f inputfile] [> outputfile] DECevent Emulator (VMS) ca v /ana[/out=outputfile] [inputfile] New Common Syntax ca n ana [inputfile] [out | outhtml outputfile] 2.5.1.2 Specifying Input Files By default, manual analysis processes the system event log. If you want to process a different binary log file, you must specify the input file location and name. See Section 2.9.1 for more information on working with input files. 2.5.1.3 Saving Output to a File If you would like to save the generated reports to a file, rather than display them on the screen, you need to specify the file format, location and name. See Section 2.9.2 for more information on working with output files. 2.5.2 Automatic Analysis By default, when the Director is started Compaq Analyze initiates automatic analysis on the binary system event log. Using the CLI, you can view the reports generated by automatic analysis or save them to a file. For more information on automatic analysis and the problem reports generated by analysis, refer to Chapter 5. For information on using the command line interface to simulate automatic analysis, refer to Section 2.15.1 and Chapter 5. 2.5.2.1 Viewing Automatic Analysis Reports To view the active problem reports generated by automatic analysis, use the report command. Reports can be viewed in the command prompt window or saved to a file. The syntax for the report command is shown here: ca report [outtext | outhtml outputfile] If you do not include any optional parameters, the reports are shown on the screen. See Section 2.9.2 for more information about working with output files. 2.5.2.2 Logging Automatic Analysis Reports Compaq Analyze can automatically log generated problem reports in the prob.log file located in the logs directory. To turn automatic logging on, use the following command: ca log prob on To turn automatic logging off, use the following command: ca log prob off If the prob.log file already exists, the new data from subsequent logging operations is appended to the existing file. If you delete the prob.log file, it is automatically recreated during the next logging operation. Log output is flushed and the file is closed after each entry. 2.5.3 Analysis Output Refer to Appendix A for an example of a report generated by analysis. 2.6 Translation You can translate, or decompose, the events in a binary event log into a readable format using the translation command. Translation operates in manual mode, meaning you must enter the command every time you want to perform translation. By default, correctable events are excluded from translation output. If you want to see the translation results for all the events in a binary log file, refer to Section 2.15.2. For more information about translation and its default settings, refer to Chapter 4. 2.6.1 Performing Translation Translation is supported by all the Compaq Analyze syntanxes and Table 2-8 describes the commands used for translation: Table 2-8 Translation Commands Command Syntax ----- Format ----- Common Syntax ca x trans [inputfile] [outtext | outhtml outputfile] [filter "filterstatement" | showall] [brief | full] DECevent Emulator (UNIX) ca u -a [-f inputfile] [brief | full] [filter flags] [> outputfile] DECevent Emulator (VMS) ca v /tra[/out=outputfile][/brief | /full][filter flags] [inputfile] New Common Syntax ca n tra [inputfile] [out outputfile] [filterstatement | all] [brief | full] ***Note*** By default, correctable events are not shown in the output produced by translation. The common syntax and the new common syntax can translate all the events in a log file using the showall and all modifiers, respectively. See Section 2.15.2 for more information on translating all events. 2.6.2 Specifying Input Files By default, manual translation processes the system event log. If you want to process a different binary log file, you must specify the input file location and name. See Section 2.9.1 for more information on working with input files. 2.6.3 Saving Output to a File If you would like to save the translated events to a file, rather than display them on the screen you need to specify the file format and name. See Section 2.9.2 for more information on working with output files. 2.6.4 Filtering Log Files You can specify the events from a binary event log file that you want to translate by defining a filter. For more information on filtering refer to Section 2.9.3. 2.6.5 Output Type You can specify either brief or full output for translation. Full output, which is the default, presents all the translation information for an event. Brief output only presents the information used by analysis. 2.6.6 Translation Output Refer to Appendix A for an example of a translated event and to see the difference between full and brief output. 2.7 Summary of Events You can use the CLI to view a summary of the events contained in a binary log file. Table 2-9 describes the command for each syntax. Table 2-9 Summary Commands Syntax ----- Format ----- Common Syntax ca x summ [index] [inputfile] DECevent Emulator (UNIX) ca u -o sum [-f inputfile] [filter flags] DECevent Emulator (VMS) ca v /sum[filter flags] [inputfile] New Common Syntax ca n sum [index] [inputfile] [out | outhtml outputfile] [filterstatement] 2.7.1 Specifying Input Files By default, the summary command returns information for the system event log. If you want to specify a different log file or multiple log files you can do so. See Section 2.9.1 for more information on working with input files. 2.7.2 Filtering Log Files You can specify the events from a binary event log file that you want to view a summary report for by defining a filter. For more information on filtering refer to Section 2.9.3. Summary report filtering is not supported by the common syntax. If you want to filter the events in a log file before generating a summary report, use another syntax. 2.7.3 Indexed Output By default, a tallied list of all the events in the binary event log files is generated. However, you can generate an indexed list of all the events using the index modifier. The indexed output is not available with the DECevent syntaxes. 2.7.4 Example Output The results of the summary command are displayed in the command prompt window. An example of the standard, tallied output is shown here: Log: /svctools_home/ca/examples/ds20_660_binary.errlog Qty Type Description ------ ------ ------------------------------------ 1 302 Tru64 UNIX Panic ASCII Message 1 300 Tru64 UNIX Start-up ASCII Message 1 660 UnCorrectable System Event 1 110 Configuration Event 1 310 Tru64 UNIX Time Stamp Message First Entry Date: Thu May 27 09:18:06 MDT 1999 Last Entry Date: Thu May 27 13:00:32 MDT 1999 An example of the indexed output is shown here: Log: /SVCTOOLS_HOME/ca/examples/ds20_660_binary.errlog Index Type Description Date/Time ------ ------ ---------------------------------- --------------------- 1 660 UnCorrectable System Event 05/27/99 09:18:06 MDT 2 302 Tru64 UNIX Panic ASCII Message 05/27/99 09:18:08 MDT 3 110 Configuration Event 05/27/99 09:19:57 MDT 4 300 Tru64 UNIX Start-up ASCII Message 05/27/99 09:19:57 MDT 5 310 Tru64 UNIX Time Stamp Message 05/27/99 13:00:32 MDT 2.8 Creating New Binary Event Log Files You can filter the contents of existing binary event logs and create a new binary event log file containing a subset of the events from the originals. When you create a new binary log file, Compaq Analyze checks the events in the original binary event log file against the filter statement. All the events that meet the criteria specified by the filter statement are added to the new binary event log file. The new binary event log file can then be used for analysis, translation, or any other Compaq Analyze process. The syntax for creating new binary event log files is as follows: Table 2-10 Create New Log File Commands Command Syntax ----- Format ----- Common Syntax ca x filterlog inputfile outputfile ["filterstatement"] DECevent Emulator (UNIX) ca u -b outputfile [-f inputfile(s)] [filter_flags] DECevent Emulator (VMS) ca v /bin=outputfile[/filter_flags] [inputfile(s)] New Common Syntax ca n bin [inputfile(s)] out outputfile [filterstatement] 2.8.1 Specifying Input Files By default, the system event log is used as the input file. If you want to process a different binary log file or files, you must specify the input file location and name. See Section 2.9.1 for more information on working with input files. ***Note*** You cannot use multiple input files with the common syntax. If you are using another syntax, you can specify multiple input files and merge them into a single binary log file (in this case, filtering occurs for each input file before events are written to the new file). Be aware that Compaq Analyze does not remove duplicate events. 2.8.2 Saving Output to a File You must specify a file name and location where the new binary output file will be saved. The output file parameter is mandatory when you are creating a new binary event log file. 2.8.3 Filtering Log Files You can specify the events from a binary event log file that you want to include in the new log file by defining a filter. If you do not define a filter, the new log file will contain all the events in the existing log file. For more information on filtering refer to Section 2.9.3. 2.9 Modifying Commands By default, the analysis, translation, summary and new binary log file commands all process the system event log. The output from analysis, translation and summary commands is displayed on the screen. You can change these defaults in order to process other binary log files and save the processing results to a file. With some of the commands you can further restrict the events that are processed by filtering the binary log file used for input. The following sections describe how to use these features. 2.9.1 Input Files Many of the commands used in manual mode enable you to specify an input binary event log file. Table 2-11 describes how to specify a input file using each syntax. Table 2-11 Specifying an Input File Syntax ----- Format ----- Example ----- Common Syntax Append the directory and filename of the desired input file to the end of the command. ca x analyze examples\ds20.errlog DECevent Emulator (UNIX) -f filename Where filename indicates the name and location of the input file. ca u ana -f examples/ds20.errlog DECevent Emulator (VMS) Append the directory and filename of the desired input file to the end of the command. ca v /ana [.examples]ds20.errlog New Common Syntax Include the directory and filename of the desired input file after the command verb. ca n ana examples\ds20.errlog When you are specifying an input file, the following guidelines apply: - Specifying an input file is optional. If you do not specify either a directory or a file, Compaq Analyze processes the binary system event log. An example of a command without any input file criteria is shown here: ca analyze This rule does not apply when you are using the common syntax filterlog command. Refer to Section 2.8 for more information. - You can use the relative directory structure to specify input files. Thus, if you were in the C:\program files\compaq\svctools\ca directory and you wanted to analyze the ds20.errlog binary event log located in the C:\program files\compaq\svctools\ca\examples directory, you could enter the following command: ca analyze examples\ds20.errlog - If you specify a directory but no file name, Compaq Analyze processes all the files with a .errlog, .sys, .zpd, or .evt extension located in the provided directory. An example of a command that only indicates a directory is shown here: ca analyze examples\ - Multiple filenames can be specified by separating them with spaces, as shown in the following example: ca analyze examples\ds20.errlog hscir1.zpd - You can use wildcards to specify multiple files. In the example shown here, all the files located in the \examples directory with a name that starts with ds and an .errlog extension are analyzed: ca analyze examples\ds*.errlog 2.9.2 Output Files With many commands, you can save the results of processing to a file rather than viewing the output on the screen. Table 2-12 describes how to specify a output file using each syntax. ***Note*** These output file guidelines do not apply when you are creating a new binary event log. Refer to Section 2.8 for more details. Table 2-12 Specifying an Output File Syntax ----- Format ----- Example ----- Common Syntax outtext filename outhtml filename The outtext option creates a text output file and the outhtml option creates a html output file. In both cases, filename refers to the directory and filename where you want to save the output. ca x analyze outtext results.txt ca x analyze outhtml results.html DECevent Emulator (UNIX) > filename Where filename indicates the name and location of the output file. The output file must be located at the end of the command. Output files are always saved in text format. ca u ana > results.txt DECevent Emulator (VMS) /out=filename Where filename indicates the name and location of the output file. Output files are always saved in text format. ca v /ana/out=results.txt New Common Syntax out filename outhtml filename The out option creates a text output file and the outhtml option creates a html output file. In both cases, filename refers to the directory and filename where you want to save the output. ca n ana out results.txt ca n ana outhtml results.html 2.9.3 Filtering Some of the CLI commands enable you to filter a binary event log file and only process a subset of the events. Filtering statements are different depending on the syntax you are using. Table 2-13 shows the general rules each syntax uses with filtering. Table 2-13 General Filtering Rules Syntax ----- Rules ----- Common Syntax Filtering can be used with the trans and filterlog commands. Use the filter keyword before the filter statement when filtering with the trans command. Filter statements must be enclosed in quotation marks. You can join multiple filter statements by using an ampersand (&) between them. Most filter parameters are not case sensitive. Exceptions are given in Table 2-14. DECevent UNIX Filtering can be used with the -a, -o sum, and -b commands. You can include multiple filter statements by using more than one filtering flag in a command. In this case, separate each flag with a space. DECevent VMS Filtering can be used with the /tra, /sum, and /bin commands. You can include multiple filter statements by using more than one filtering flag in a command. You do not need to put a space between flags. New Common Syntax Filtering can be used with the tra, sum, and bin commands. You can include multiple filter statements by separating them with comma and a space. You can abbreviate the filter parameters. You only need to enter the minimum number of letters required to uniquely identify a parameter. For example, index could be abbreviated as ind. Table 2-14 describes filtering statements for each syntax. Table 2-14 Filtering Statements Common Syntax ----- DECevent UNIX ----- DECevent VMS ----- New Common Syntax ----- dtb=date (date_time_begin) dte=date (date_time_end) -t s:date e:date /SIN=date /BEF=date begin=date since=date end=date Filters based on the time the event occurred. No events that occurred before the given start time or after the given end time are processed. The date can be entered in any format supported by Java (for example, dd-mmm-yyyy,hh:mm:ss). You do not need to include the time (hh:mm:ss) with the date. Be aware of the following guidelines: The DECevent UNIX syntax combines the start and end times are in a single filter statement. The new common syntax begin and since statements are equivalent. You can use the keywords YESTERDAY and TODAY with the DECevent syntaxes and the new common syntax. With the new common syntax begin and since keywords, you can enter a negative integer value to process based on a relative date. For example, entering -3 processes events from the last three days. rtdb=days (rel_time_days_begin) rtde=days (rel_time_days_end) rthb=hours (rel_time_hours_begin) rthe=hours (rel_time_hours_end) Filters based on the time the event occurred relative to the time the first or last event in the log file occurred. Filtering based on days and hours is supported. For example, using the filter rtdb=3 will processes all the events that occurred within three days of the first event in the file. et=nn et!=nn etnn (entry_type) Filters based on the numeric event type. Be aware of the following guidelines: With the = and != operators you can enter multiple entry types by separating them with commas. Instead of entering entry type numbers, you can use one of the supported keywords. Refer to Table 2-15 for the supported keywords. You can also use filtering to control the presence of correctable events. Refer to Sections 2.15.2 and 2.15.3 for more on filtering and correctable events. For more information on filtering based on event type refer to Section 2.15.3. -i keyword -x keyword /INC(keyword) /EXC(keyword) include=keyword exclude=keyword FIlters based on the numeric entry type. You must enter a keyword rather than the actual entry type. Refer to Table 2-15 for information on supported keywords. cn=name cn!=name (computer_name) -H name /NOD=name node=name Filters based on the node responsible for generating the event. With the common syntax = and != operators you can enter multiple entry types by separating them with commas. The name argument is case sensitive. ost=n ost!=n (os_type) Filters based on the operating system type, using the numeric representation for each operating system. With the common syntax = and != operators you can enter multiple entry types by separating them with commas. idx=nn idx!=nn idxnn (event_index) -e s:nn e:nn /ENT=(S:nn,E:nn) index=nn index=(start:nn end:nn) Filters based on the event's position in the event log. With the common syntax = and != operators you can enter multiple entry types by separating them with commas. sort=keyword Used with a keyword to organize the output. The following keywords are supported: entry - sorts based on entry type from highest entry type number to lowest reventry - sorts based on entry type from lowest entry type number to highest time - sorts based on entry time from most recent to oldest revtime - sorts based on entry time from oldest to most recent idx - sorts based on the entry index number from highest to lowest revidx - sorts based on the entry index number from lowest to highest -R /REV reverse Processes the events in reverse order according to the event index number. Table 2-15 Event Type Keywords Keyword ----- Description ----- Supported Syntaxes ----- mchk-all All machine check events. Common Syntax mchk All machine check events. Common Syntax New Common Syntax mchk-sys All system machine check events. Common Syntax mchk-cpu All cpu machine check events. Common Syntax mchk-env All environmental machine check events. Common Syntax cam All SCSI entries logged by the CAM logger (199). DECevent New Common Syntax configurations Configuration entries (110). DECevent New Common Syntax control_entries System startup entries or new error log creation entries (32, 35, 300). DECevent New Common Syntax cpus Machine check entries for AXP (mchk-cpu). DECevent New Common Syntax environmental_entries Power entries (mchk-env). DECevent New Common Syntax swxcr Entries logged by SWXCR (198). DECevent New Common Syntax machine_checks or mchks Events with machine checking information (mchk). DECevent New Common Syntax operating_system=value or os=value Events with a specific operating system type. The value parameter indicates the numeric code for the desired operating system. DECevent New Common Syntax panic Crash re-start, system panic, or user panic entries (37, 302). DECevent New Common Syntax software_informationals or swi Events with lastfail, system startup, or system configuration information (volume mounts, volume dismounts, new error logs, timestamp entries) (32, 35, 37, 38, 39, 64, 65, 250, 300, 301, 310). DECevent New Common Syntax osf_entry Events logged on a Tru64 UNIX operating system. DECevent New Common Syntax mchk_sys All system machine check events. New Common Syntax mchk_cpu All cpu machine check events. New Common Syntax mchk_env All environmental machine check events. New Common Syntax Examples - Common Syntax The following examples show sample commands that use filtering. A description of what the filter does follows each example. ca x trans filter "computer_name=ComputerName" ca x filterlog inputfile.zpd outputfile.bin "computer_name=ComputerName" Processes events from the system described by ComputerName. ca x trans filter "computer_name!=ComputerName & date_time_begin=11-Jan-2000" ca x filterlog inputfile.zpd outputfile.bin "computer_name!=ComputerName & date_time_begin=11-Jan-2000" Processes events that did not occur on the system described by ComputerName that occurred after January 11, 2000. ca x trans filter "date_time_end=31-Jan-2000,20:33:57" ca x filterlog inputfile.zpd outputfile.bin "date_time_end=31-Jan-2000,20:33:57" Processes events that occurred before 8:33:57 PM on January 31, 2000. ca x trans filter "rel_time_days_begin=4" ca x filterlog inputfile.zpd outputfile.bin "rel_time_days_begin=4" Processes events that occurred no more than four days after the first event in the log file. ca x trans filter "rel_time_hours_end=35" ca x filterlog inputfile.zpd outputfile.bin "rel_time_hours_end=35" Processes events that occurred no more than 35 hours before the last event in the log file. ca x trans filter "entry_type=mchk-cpu" ca x filterlog inputfile.zpd outputfile.bin "entry_type=mchk-cpu" Processes all CPU machine check events. ca x trans filter "entry_type!=610,620,630" ca x filterlog inputfile.zpd outputfile.bin "entry_type!=610,620,630" Processes all events, except those of type 610, 620, and 630. Only the common syntax supports filtering based on specific entry types the other syntaxes must use keywords. ca x trans filter "entry_type>600" ca x filterlog inputfile.zpd outputfile.bin "entry_type>600" Processes all events with a type greater than 600. ca x trans filter "entry_type<300 & os_type=3" ca x filterlog inputfile.zpd outputfile.bin "entry_type<300 & os_type=3" Processes all events with a type less than 300 and an operating system of type 3. ca x trans filter "os_type!=1,2 & sort=revtime" ca x filterlog inputfile.zpd outputfile.bin "os_type!=1,2" Processes all events without an operating system type of 1 or 2. The translation command presents the output in reverse chronological order. ca x trans filter "entry_index>15" ca x filterlog inputfile.zpd outputfile.bin "entry_index>15" Processes all the events after the fifteenth event in the log file. Examples - DECevent UNIX The following examples show sample commands that use filtering. A description of what the filter does follows each example. ca u -a -H ComputerName ca u -o sum -H ComputerName ca u -b outputfile.bin -f inputfile.zpd -H ComputerName Processes events from the system described by ComputerName. ca u -a -t e:31-Jan-2000,20:33:57 ca u -o sum -t e:31-Jan-2000,20:33:57 ca u -b outputfile.bin -f inputfile.zpd -t e:31-Jan-2000,20:33:57 Processes events that occurred before 8:33:57 PM on January 31, 2000. ca u -a -i cpu ca u -o sum -i cpu ca u -b outputfile.bin -f inputfile.zpd -i cpu Processes all CPU machine check events. ca u -a -x operating_system=1 -R ca u -o sum -x operating_system=1 ca u -b outputfile.bin -f inputfile.zpd -x operating_system=1 Processes all events without an operating system type of 1. The translation command presents the output in reverse chronological order. ca u -a -e s:15 ca u -o sum -e s:15 ca u -b outputfile.bin -f inputfile.zpd -e s:15 Processes all the events after the fifteenth event in the log file. Examples - DECevent VMS The following examples show sample translation commands that use filtering. A description of what the filter does follows each example. ca v /tra/nod=ComputerName ca v /sum/nod=ComputerName ca v /bin=outputfile.bin/nod=ComputerName inputfile.zpd Processes events from the system described by ComputerName. ca v /tra/bef=31-Jan-2000,20:33:57 ca v /sum/bef=31-Jan-2000,20:33:57 ca v /bin/bef=31-Jan-2000,20:33:57 Processes events that occurred before 8:33:57 PM on January 31, 2000. ca v /tra/inc(cpu) ca v /sum/inc(cpu) ca v /bin=outputfile.bin/inc(cpu) inputfile.zpd Processes all CPU machine check events. ca v /tra/EXC(operating_system=1)/rev ca v /sum/EXC(operating_system=1) ca v /bin=outputfile.bin/EXC(operating_system=1) inputfile.zpd Processes all events without an operating system type of 1. The translation command presents the output in reverse chronological order. ca v /tra/ent=(s:15) ca v /sum/ent=(s:15) ca v /bin=outputfile.bin/ent=(s:15) inputfile.zpd Processes all the events after the fifteenth event in the log file. Examples - New Common Syntax The following examples show sample translation commands that use filtering. A description of what the filter does follows each example. ca n tra node=ComputerName ca n sum node=ComputerName ca n bin inputfile.zpd out outputfile.bin node=ComputerName Processes events from the system described by ComputerName. ca n tra end=31-Jan-2000,20:33:57 ca n sum end=31-Jan-2000,20:33:57 ca n bin inputfile.zpd out outputfile.bin end=31-Jan-2000,20:33:57 Processes events that occurred before 8:33:57 PM on January 31, 2000. ca n tra include=mchk_cpu, mchk_sys reverse ca n sum include=mchk_cpu, mchk_sys ca n bin inputfile.zpd out outputfile.bin include=mchk_cpu, mchk_sys Processes all CPU machine check and system machine check events. The translation command presents the output in reverse chronological order. ca n tra index=(start:15) ca n sum index=(start:15) ca n bin inputfile.zpd out outputfile.bin index=(start:15) Processes all the events after the fifteenth event in the log file. 2.10 Knowledge Rulesets Rulesets are used in conjunction with analysis. The events in a binary log file are compared with rulesets. Depending on the results of this comparison problem reports are generated. The following commands are used to work with rulesets. ca listrk - lists the registered rulesets used by analysis (see Chapter 5 for more information). ca regknw - registers or unregisters the rulesets used by analysis (see Chapter 5 for more information). 2.11 Configuration The Compaq Analyze configuration settings control port numbers and other features. The following commands can be used to change the configuration. desta msg -log level - changes the logging level for the Director and Compaq Analyze processes (see Chapters 1 and 6 for more information). desta msg -chgport nnn - changes the socket ports (see Chapter 6 for more information). ***Note*** There are more configuration settings that can be changed using the web interface. Refer to Chapter 6 for more information on configuration. 2.12 Notification SICL and QSAP are both used for automatic notification. With automatic notification, the results of analysis are sent to your service provider. The following CLI commands can be used to turn automatic notification on and off. ca sicl - turns SICL notification on and off (see Chapter 7 for more information). desta qsap - turns QSAP on and off (see Chapter 7 for more information). 2.13 Service Obligations Your service obligation describes the details of your service agreement. You can view an existing service obligation or override an expired obligation from the command line. See Chapter 1 for more information about service obligations and Section 2.15.4 for information on overriding and changing service obligations. 2.13.1 Show To view the service obligation for a machine, enter the following command: desta servob show This displays all the information associated with your service obligation. The following example depicts the service obligation information: WEBES Service Obligation Status ------------------------------- Service Obligation: Valid Service Obligation Number: 50036123 System Serial Number: 50036123 Service Provider Company Name: Compaq 2.13.2 Override If you need to view the analysis or translation results on a computer without a valid service obligation, you can override the service obligation using the following command: desta servob override Overriding does not change the service obligation; rather, it enables your service provider to use Compaq Analyze without a valid service obligation. Overriding the obligation enables you to view Compaq Analyze report output for one hour regardless of your obligation status. The following example shows the prompts that appear when you override the service obligation along with sample answers: WEBES Service Obligation Override --------------------------------- Service Provider Company Name? Compaq Service Provider Employee Name? Jack Smith Service Provider Employee ID#? 000000000000 ___. WARNING on March 28, 2000 7:36:01 AM MST (0.037 sec elapsed) Obligation Information Changed as follows: Obligation overridden for service provider until Tue Mar 28 08:36:01 MST 2000 by Jack Smith (000000000000) of Compaq on Tue Mar 28 07:36:01 MST 2000 Current Thread[main,5,main] The override information is included in the output resulting from any subsequent analysis or translation operation. 2.14 Getting Help You can access help from the CLI using the command for your operating system: - Tru64 UNIX - man ca, man desta, and ca help - OpenVMS - help ca and help desta, and ca /help - Windows - ca help Help is also available through the User Guide. There are four different User Guide formats installed by the kit: - Adobe Acrobat Format (located in the \svctools\ca\docs\pdf directory) - ASCII Text Format (located in the \svctools\ca\docs\txt directory) - HTML Help Format (located in the \svctools\ca\html\help directory) - HTML Format (located in the \svctools\ca\html\ns3help directory) ***Note*** To navigate the HTML formats, use your browser to open the start.html file. If you are a VMS user and your browser is Netscape 3.03, you will need to use the HTML format rather than the HTML Help format. The JavaScript used in the HTML Help format is not supported in Netscape 3.03. 2.15 Advanced Operations The advanced commands are not necessary for normal operation. 2.15.1 Simulate Automatic Analysis The command line can also help you simulate automatic analysis with the following commands. ca msg -auto eventLogFile - simulates automatic analysis for a single binary event log file (see Chapter 5). ca msg -autoall eventLogFileDir - simulates automatic analysis for all the binary event log files in a directory (see Chapter 5). 2.15.2 Translating All Events By default, Compaq Analyze excludes correctable events (those with an event type of 620 or 630) from the translation output. If you want to see all the events in the binary event log file, add the command modifier for your syntax: ca x trans showall ca n translate all 2.15.3 Event Type Filtering Commands that specify filters automatically consider all the events in a binary event log file. Therefore, if you use a filter, correctable events that are normally ignored will be displayed unless you explicitly filter them. The following common syntax filter statement will remove correctable events from the output: filter "evt_type!=620,630" In order to help you control the processing of correctable and uncorrectable events, the following filtering keywords are supported by the common syntax Event_Type filter. - mchk-corr - all correctable machine checks - mchk-uncorr - all uncorrectable machine checks If you are using the new common syntax, the following keywords perform the same function. - mchk_corr - all correctable machine checks - mchk_uncorr - all uncorrectable machine checks 2.15.4 Manipulate Service Obligation In addition to overriding the service obligation, you can also change the existing obligation or rerun the service obligation installation script. In order for your service obligation changes to take effect, you must stop and restart the director once your changes are complete. Refer to Chapter 1 for more information on stopping and restarting the Director. 2.15.4.1 Change To change your service obligation enter the following command: desta servob change When you change your obligation, the information about your current obligation is presented followed by prompts where you can enter new information. The following example shows the information and prompts presented along with sample answers: WEBES Obligation Change ----------------------- Service Obligation change date: Mon Mar 27 14:11:34 MST 2000 Service Obligation current state: Valid Service Obligation current start date: Mon Mar 27 00:00:00 MST 2000 Service Provider Company Name: Compaq Service Provider Employee Name: Jack Smith Service Provider Employee ID#: 000000000000 Please enter new service obligation start date : 28-MAR-2000 Please enter service obligation term end date: 28-MAR-2001 Service Obligation term: 1 years, 0 days, 0 hours, 0 minutes, 0 seconds Is this correct [y]: If you enter incorrect information, enter no at the final prompt to redisplay the prompts. 2.15.4.2 Install You can also update the service obligations settings by running the installation script again. To run the installation script again, use the following command: desta servob install The prompts that appeared during installation are shown again. The following example shows the prompts presented and the default answers: WEBES Service Obligation Validation ----------------------------------- Please input service provider name [COMPAQ]: Please input system/subsystem serial number [1234567]: Is the Service Obligation number the same as the serial number [y]: Please enter the start date of the current obligation [28-Mar-2000]: Service Provider: COMPAQ System/subsystem serial number: 1234567 Service obligation number: 1234567 Service obligation start date: 28-Mar-2000 Is this information correct [y]: 2.15.5 FRU Tree You can use the CLI to view the FRU tree associated with a binary log file. The syntax for viewing the FRU tree is as follows: Table 2-16 FRU Tree Commands Command Syntax ----- Format ----- Common Syntax ca x fru inputfile DECevent Emulator (UNIX) ca u fru -f inputfile DECevent Emulator (VMS) ca v /fru inputfile New Common Syntax ca n fru inputfile 2.15.5.1 Input Files Specifying an input file generates the first FRU tree for that file. If you do not specify a binary event log, the system's FRU tree is shown. See Section 2.9.1 for more details on specifying an input file. ***Note*** You can not specify multiple input files with the FRU tree command. 2.15.5.2 Example An example of an entry from the generated output is shown here: <==== NODE_FRU_DESC ====> NODE_FRU_DESC FRU Version 6.0 ID: 0xb680 (NODE_FRU_DESC) Parent: 0xb340 (NODE_FRU_DESC) Next: 0xb580 (NODE_FRU_DESC) Prev: 0xb780 (NODE_FRU_DESC) N_Type 21 N_Sbtyp 29 Power Supply N_Size x0100 Hd_extension x0000 0000 Owner_Handle_V6 x0000 0000 0000 0000 Current_Owner_V6 x0000 0000 0000 0000 Node_ID xF002 FFFF 0281 FFFF Node_Flags x0000 0000 0000 0200 rev 0 change_counter 0 Config_Handle_V6 x0000 0000 0000 0000 Affinity_Handle_V6 x0000 0000 0000 0000 Parent_Handle_V6 x0000 0000 0000 B340 Next_Sibling_Handle_V6 x0000 0000 0000 B580 Previous_Sibling_Handle_V6x0000 0000 0000 B780 Child_Handle_V6 x0000 0000 0000 0000 FW_Usage x0000 0000 0000 0000 OS_Usage x0000 0000 0000 0000 Checksum 0 Magic GLXY diag_flag x0000 0000 diag_failure_info x0000 0000 FRU_manufacturer - FRU_model - FRU_part_number - FRU_serial_number - FRU_firmware_revlevel - 2.15.6 Rebuild Frame Knowledge All the event frames supported by the event decomposer service are listed in a binary file installed with Compaq Analyze. The decomposer reads this binary file when translating binary events. By default, the binary file is saved as: installed_directory/desta/data/KnowledgeStore.dat The list of event frames is derived from the Java classes contained in the supplied *Knowledge.jar files. If necessary, you can rebuild the the KnowledgeStore.dat file. The file might need rebuilt for the following reasons: - If the KnowledgeStore.dat file was deleted or damaged - If the jar files were changed or replaced manually (not as part of the WEBES installation or Knowledge Update process) If you need to rebuild the KnowledgeStore.dat file using the current .jar files, execute the following command: desta bldknw  ========================================================================= 3 ***Web Interface*** This chapter describes how to access and use the Compaq Analyze web interface. - Description - Accessing the Web Interface - Toolbar - Navigation - The Navigation Tree - Analysis Information - Processing Status - Settings - Getting Help - Log Off - Service Obligation - Disabling the Web Service - Advanced Operations 3.1 Description The web interface provides browser-based access to Compaq Analyze. You can use the web interface to connect to the Director on your local machine or on remote machines and process their binary event log files. Processing a log file involves translation and analysis. 3.1.1 Translation Event information in the system event log is stored in binary format. Translation is the process of converting this binary data into readable text. The web interface performs translation as part of analysis, and translation information is shown along with analysis results. See Section 3.6 for more information on how the web interface presents translation information. Refer to Chapter 4 for more information on translation, interpreting translated events, and default translation settings. 3.1.2 Analysis The information from binary event log files can be used to detect hardware failures on the system. When the system writes an event to a binary event log file, Compaq Analyze processes the event according to the registered rule sets. The rule sets contain the information necessary to interpret events. When an event matches the conditions described in the rule sets, Compaq Analyze creates a problem report containing information about the event and proposed resolutions. This process is called analysis. See Section 3.6 for more information on how the web interface presents analysis information. Refer to Chapter 5 for more information on analysis and its results. The web interface can perform automatic and manual analysis. 3.1.2.1 Automatic When the Director is started, Compaq Analyze initiates automatic analysis. In automatic mode, Compaq Analyze continuously monitors the binary system event log and processes events as they arrive. Problem reports are generated as necessary. For more information about automatic analysis operations and output, refer to Chapter 5. 3.1.2.2 Manual Manual analysis also compares the events from log files to the registered rule sets and generates problem reports. However, unlike automatic analysis, you must manually select each binary event log file you want to process. For more information about manual analysis operations and output, refer to Chapter 5. 3.1.3 Notification The results of automatic analysis can be sent to remote systems using SMTP or SICL. Refer to Chapter 7 for more information on notification. 3.2 Accessing the Web Interface The following sections contain information about accessing the web interface. 3.2.1 Supported Web Browsers The web interface requires a web browser program that supports Java 1.1 applets and HTML frames. The minimum browser versions for each operating system are provided here: - Tru64 UNIX - Netscape version 3.0.3 through 4.x (version 4.5 and later recommended) and Internet Explorer version 4.0 and later - OpenVMS - Netscape version 3.0.3 - Windows - Netscape version 3.0.3 through 4.x (version 4.5 and later recommended) and Internet Explorer version 4.0 and later Be aware, the web interface may display differently in Netscape and Internet Explorer. 3.2.2 Browser Setup The setup options that must be configured in order to use the web interface are described here: - Netscape and Internet Explorer - Configure your browser to bypass your proxy server when you connect to the Director on your local machine. - Internet Explorer - The "Use HTTP 1.1" option must be enabled for the web interface to function properly. To enable the option, select Internet Options from the Tools menu. From the Options window, select the Advanced tab and make sure the check box next to "Use HTTP 1.1" is selected. 3.2.3 Browsers and the Web Interface Depending on the browser you use, there are several issues that impact how the web interface is displayed. - Netscape and Internet Explorer - Do not use your browser's Back button unless you are viewing the details of a problem report or translated event. Using the Back button may have unexpected results. - Netscape and Internet Explorer - Do not use your browser's Refresh button at the top of your browser while using the Web Interface. The Refresh button terminates the active profile's Compaq Analyze session. In order to use the profile, you must manually log out the profile name and then logon to Compaq Analyze again. - Netscape and Internet Explorer - The web interface is composed of three frames (the toolbar, the navigation tree, and the display frame). If, at any time, one of these frames is not updated with the latest information or does not load, you should refresh the frame. To refresh a frame, right-click in the desired frame and either select the Reload Frame (Netscape) or Refresh (Internet Explorer) option from the pop-up menu. - Netscape and Internet Explorer - During heavy processing, you may see JavaScript errors. You can safely ignore these errors. Depending on the error message, respond in one of the following ways: - Click the OK button on the error dialog box to resume using Compaq Analyze. - If the dialog box asks if you want to continue running scripts, click the Yes button to continue using Compaq Analyze. - Netscape - Once you logon to Compaq Analyze, you cannot resize the browser window. In addition, the browser window cannot be resized, even after you logoff Compaq Analyze. To resize your browser window after using Compaq Analyze, open a new window and close the window where Compaq Analyze was running. - Internet Explorer - Include the full URL in the address line of your browser, including http:// (for example, http://14.77.189.23:7902/ rather than 14.77.189.23:7902/). 3.2.4 Starting the Web Interface It is not necessary to have the Director running on your machine in order to use Compaq Analyze. In fact, WEBES need not be installed on the browser's machine at all. However, WEBES must be installed and the Director must be running on the target machine in order to connect to its Compaq Analyze system. Therefore, before using the web interface, you must ensure the Director is started on the target machine. There is no need to run the Director on your local machine unless it is the target. Chapter 1 describes web interface connections further. Use the following procedure to access the web interface: 1. Start the Director on the machine(s) you want to connect to, if they have not been started already. Refer to Chapter 1 for details. 2. Start your web browser. 3. Enter the URL of a target machine to connect to it. - To connect to a remote host, enter: http://hostname.domain.com:7902 Substitute the target machine's hostname and domain. - To connect to the same machine that the web browser is running on, enter: http://localhost:7902 In some network configurations, the name localhost may not be recognized. Enter the machine's hostname or its IP address (such as http://14.77.189.23:7902) instead. If you use Internet Explorer, be aware that you must include the http:// for the page to load. 4. Enter the profile name you want to use in the Logon window (Figure 3-1) and either click the Logon button or press Enter. See Chapter 6 for more information on profiles. Figure 3-1 Logon Window To access the advanced features of the web interface, use the advanced version of your profile name. Refer to Section 3.14 for details. Advanced features allow detailed event investigation and are not normally needed to analyze an event log file. The web interface main screen is shown in Figure 3-2. Figure 3-2 The Web Interface The value of the URL field appears as follows: http://hostname:7902/&profile:username&connId=nnn Where hostname indicates the machine you logged into, username indicates your profile, and nnn represents your numeric connection ID. The components of the web interface display are described in Table 3-1. Table 3-1 Web Interface Components Component ----- Description ----- Title Bar Shows the software version, active profile, and operating system. Toolbar Provides access to the on-line help and system configuration. See Section 3.3 for more information. Navigation Tree Lists the available groups, nodes, and log files. Display Frame Displays interactive windows and system information. Information Bar Displays messages from the browser and context sensitive help information. See Section 3.9.1 for more information on the web interface's context sensitive help. Initially, the display frame shows product information. 3.3 Toolbar Figure 3-3 shows the web interface toolbar. Figure 3-3 Toolbar Table 3-2 describes the toolbar commands: Table 3-2 Toolbar Component ----- Description ----- Help Button Opens a new browser window containing the on-line user guide. See Section 3.9 for more information on getting help. Settings Button Opens the system settings window in the display frame. See Section 3.8 for more information on changing the settings. Log Off Button Ends the Compaq Analyze session and returns you to the Logon Window (Figure 3-1). See Section 3.10 for more details. 3.4 Navigation Compaq Analyze can connect to many different computers and each computer can have many different binary event log files available for analysis. It is possible to monitor numerous binary event log files generated by different computers all from a single web interface. In order to simplify the process of monitoring these diverse information sources, the web interface uses a hierarchical navigation tree composed of groups, nodes, and binary event log files. The entries in the navigation tree are as follows: - Groups - multiple computers that are logically associated. Groups contain one or more nodes. - Nodes - individual computers. Each node has its two types of log files. - Log Files - system information stored in binary files. Each node has two types of binary event log files: - System Log - the binary system event log where the computer writes system information. - Real Time Monitoring - automatic analysis results. - Full View - manual analysis results for the system event log. - Other Logs - any other binary event log files saved on the computer. These can include old files, files from other systems, and examples. The tree structure can be collapsed to the group level (Figure 3-4). Figure 3-4 Collapsed Tree Click on the expansion symbol for an entry to view its contents. Once an entry is expanded, the expansion symbol changes to a collapse symbol. To hide the contents again, click the collapse symbol. An example of an expanded tree is shown in Figure 3-5. Figure 3-5 Navigation Tree Each entry in the frame has a name and an icon that indicates its type. For example, in Figure 3-5 you can tell that the jarjar.cxo.dec.com node is inactive because of its icon. You can customize the navigation tree by adding and removing groups, nodes, catagories, and binary event log files (see Section 3.5). In addition, you can view the results of automatic analysis and initiate manual analysis from the navigation tree (see Section 3.6). 3.5 The Navigation Tree The first time you run the web interface using your profile, only one entry appears in the navigation tree. The machine that you logged into is listed as a node under the Default Group. You can customize the navigation tree display by creating new groups, adding nodes to groups, and selecting log files. ***Note*** After you submit changes to the navigation tree, Compaq Analyze refreshes the display. The refresh process may take a few seconds. If your changes do not appear after 20 seconds, you may need to manually refresh the frame. Refer to Section 3.2.3 for information on refreshing the web interface. 3.5.1 Groups All the groups are listed in the navigation tree. If a group includes nodes, an expansion symbol appears next to its name in the tree. To view the nodes under a group, click the expansion symbol. From the navigation tree, you can create new groups and remove existing groups. 3.5.1.1 Adding Groups To add new groups use the following procedure: 1. Click the Compaq Analyze link at the top to the navigation tree. The Group Maintenance window appears in the display frame. 2. Select the Add Groups tab at the bottom of the window (Figure 3-6). Figure 3-6 Add Group 3. Select the location for the new group from the list of groups. 4. Use the radio buttons to indicate whether you want the group located before, after, or nested under the selected group. 5. Enter the group name in the entry box. If you enter a group name that is already in the navigation tree at the same level, Compaq Analyze will not create a new group. 6. Click the Add New Group button. The new group appears in the navigation tree. ***Note*** If you do not enter a group name before you click the Add New Group button, Compaq Analyze will create a group named "newGroup". 3.5.1.2 Removing Groups ***Note*** Removing a group removes all the nodes and files contained in the group as well as all the lower level groups nested under the removed group. To remove existing groups use the following procedure: 1. Click the Compaq Analyze link at the top to the navigation tree. The Group Maintenance window appears in the display frame. 2. Select the Remove Groups tab at the bottom of the window (Figure 3-7). Figure 3-7 Remove Group 3. Select the group name from the list of available groups. If you want to remove multiple groups, use one of the following methods: - Hold the Ctrl key and click on each desired group name. - If the groups you want to remove are listed together, hold the Shift key and click on the first and last group to select all the groups between them. 4. Click the Remove Selected Group(s) button. The selected groups are removed from the navigation tree. 3.5.2 Nodes When you expand a group in the navigation tree, the nodes contained in that group are shown. Every node can be expanded by clicking on the expansion symbol next to its name. Expanding a node reveals the log file types included in that node, the system log and other logs. You can add and remove nodes from the groups in the navigation tree. ***Note*** Unless the system is accessible through the nameserver, you must use the IP address instead of the name of the node. For example, the hostname of a Windows machine using Dynamic Host Configuration Protocol (DHCP) is not listed with the nameserver, and therefore must be added using its IP address instead of its hostname. 3.5.2.1 Adding Nodes Any computer where the Director is running can be added to your web interface navigation tree as a node. To add additional nodes use the following procedure: 1. Determine the group you want to add nodes to, and click the link for that group. The Node Maintenance window appears in the display frame. 2. Select the Add Nodes tab at the bottom of the window (Figure 3-8). Figure 3-8 Add Node 3. Select the location for the new node from the list of nodes in the group. 4. Use the radio buttons to indicate whether you want the node located before or after the selected node. 5. Enter the node name in the entry box. Be aware that if you enter the name of a node you are already connected to, Compaq Analyze will add the node again. This will overwrite any Other Logs settings associated with the node. 6. Click the Add New Node button. ***Note*** If you do not enter a node name before you click the Add New Node button, Compaq Analyze will create a node named "newNode". You can only display the results of automatic analysis if there is a node named "newNode" on the system. Adding a node enables you to display the results of automatic analysis for that node's system event log. 3.5.2.2 Removing Nodes ***Note*** Removing a node removes all the additional binary event log files contained in the node from the navigation tree. To remove existing nodes use the following procedure: 1. Determine the group you want to remove nodes from, and click the link for that group. The Node Maintenance window appears in the display frame. 2. Select the Remove Nodes tab at the bottom of the window (Figure 3-9). Figure 3-9 Remove Node 3. Select the node name from the list of available nodes. If you want to remove multiple nodes, use one of the following methods: - Hold the Ctrl key and click on each desired node name. - If the nodes you want to remove are listed together, hold the Shift key and click on the first and last node to select all the nodes between them. 4. Click the Remove Selected Node(s) button. If a node is contained in multiple groups, removing it from one of the groups will not affect its presence in the other groups. 3.5.2.3 Node Status Nodes are either active or inactive. By default, when you connect to a node or load a profile that connects to other nodes, all the nodes are active. A node is only classified as inactive if Compaq Analyze cannot connect to it. Inactive nodes appear in the navigation tree with a red "X" through their icon. If a node is inactive, you can try to connect to it again at a later time. To connect to a inactive node use the following procedure: 1. Click the expansion icon next to the node. The only available option is "Activate this node" (Figure 3-10). Figure 3-10 Activate Node 2. Click the "Activate this node" link. If the director on the remote node is accessible, a message appears in the display frame (Figure 3-11) and the navigation tree is updated to show the new status. Figure 3-11 Activating Node Message If the director is not accessible, a message appears in the display frame (Figure 3-12) and the navigation tree is not changed. Figure 3-12 Unable to Activate Node Message 3.5.3 Categories Categories provide a method for grouping the log