|
|
If you are testing Compaq Analyze and its analysis rules, you may need to simulate automatic analysis. If you are unsure whether you wish to perform manual analysis or simulation of automatic analysis, then you should follow Section 5.5 on manual analysis.
|
|
By default, any given problem report will only be generated once by automatic analysis or simulated automatic analysis within a 24 hour period. For example, if you use simulated automatic analysis to process a binary event log file and a problem report is generated, subsequent simulated automatic analysis of the same log file will not produce the problem report. This remains true for a 24 hour period, since DeCOR prevents the same callout report from being generated during that time frame. To force Compaq Analyze to generate the same problem report a second time within a 24 hour period, use the following procedure:
For more information on instance files, see Section 5.2.
\ca\data\decorEvtAuto.ins
|
|
You can simulate the occurrence of events and their automatic analysis by issuing a command-line command to open a log file (or files) while a web interface is running, and observe the results in the web interface. The events are translated and analyzed as if they occurred on the local system at the current time. Events and problem reports from analysis appear in the appropriate display frame of each open web interface, just as automatic events do. No results appear in the window where the command is issued. The command merely notifies the Director to read and process the log file and does not wait for or display the translated events or problem reports.
Unlike automatic and manual analysis, the ca msg command does not consider any time stamp information associated with events. All events are processed as if they occured within a few seconds of each other. As a result, the ca msg command may generate problem reports that would not occur if you were using automatic or manual analysis. In effect, the ca msg command forces the rules to consider events that would otherwise be disregarded because of their age. Hence, you should only use the ca msg command for testing purposes.
Although Compaq Analyze can read, translate, and analyze error logs produced by any of the supported platforms, simulating automatic analysis on a different platform than the one that created the log file can lead to unpredictable results, due to conflicts between true automatic analysis and simulation from another platform.
Simulating automatic analysis may add entries in the automatic analysis database that impact future analysis results. Therefore, after simulating automatic analysis you should clean the automatic analysis database using the procedures described in Section 5.8.2.3.
|
Note |
|
The ca msg command does not support relative path names. Regardless of the operating system you are using, you must enter the absolute path. In addition, when you are specifying a single log file, you must include both the path and the filename. Filenames without a path are not supported. If the path contains spaces, enclose the entire path in quotation marks. For example: ca msg -auto "C:\Program Files\Path\Filename.ext" |
|
|
Use the following CLI commands to open a log file, according to your operating system.
For Tru64 UNIX
Enter ca msg -auto /path/filename.ext
For OpenVMS
Enter ca msg -auto [MYUSERNAME.PATH]FILENAME.EXT
For Windows
Enter ca msg -auto C:\Path\Filename.ext
|
|
According to your operating system, use the following commands to open log files for processing. All
*.zpd, *.sys, and *.errlog files in the given directory will be analyzed and no outputs are presented in the command prompt window.
|
|
Note |
|
If you do not specify a path, all the event logs in the examples subdirectory of the WEBES installation directory are analyzed.
|
For Tru64 UNIX
For OpenVMS
Enter ca msg -autoall [USERNAME.PATH]
For Windows
Enter ca msg -autoall C:\Path\
|
|
Simulated automatic analysis may add entries to the automatic analysis database. Therefore, after simulating automatic analysis, be sure to clean the database using the following procedure:
UNIX - desta stop
VMS - desta stop
Windows - net stop desta service
UNIX - rm /usr/opt/compaq/svctools/ca/data/decorEvtAuto.ins
VMS - delete SVCTOOLS_HOME:[CA.DATA]DECOREVTAUTO.*;*
Windows - delete C:\Program Files\Compaq\svctools\ca\data\decorEvtAuto.*
UNIX - rm /usr/opt/compaq/svctools/ca/data/scavmark.dat
VMS - delete SVCTOOLS_HOME:[CA.DATA]SCAVMARK.*;*
Windows - delete C:\Program Files\Compaq\svctools\ca\data\scavmark.*
UNIX - desta start
VMS - desta start
Windows - net start desta_service
|
|
The following sections describe modifying the configuration, including the DeCOR Class file and instance file names, and watch flags.
|
|
Certain attributes of the EvtAnalyzer component of Compaq Analyze are configurable. To see and change these values, do the following:
Additional information about the System Configuration window is provided in the following sections.
|
|
If you wish to use a DeCOR Class file other than the standard decor.cls provided in the installation, change the "classFileName" attribute to the complete path and filename of the alternate file. All future analysis, both automatic and manual, will use this file.
|
|
The "autoInstanceFileName" and "manualInstanceFileName" attributes define the instance files to which the DeCOR analysis engine writes its data (see Section 5.2).
You can change the file used for this purpose, but realize that the registered knowledge sets depend on the instance file used. If no rule set file names are registered in an instance file, then no analysis occurs for incoming events. You can enter an instance file name that does not yet exist. The first activity you perform that requires using the instance file (such as registering a rule set) causes Compaq Analyze to create the file.
|
|
The "watchFlags" attribute of the EvtAnalyzer component, provides the ability to turn on one or more types of debug outputs from the DeCOR analysis engine.
The attribute value is the summation of all bit values, where the bits have the meanings described here. Setting a bit to a 1 turns the flag on. For example, entering a value of 5 (4 + 1) turns on only the "facts" and "rules" watch flags. A value of -1 turns on all watch flags (because its binary value is 111111...). A value of 0 turns off all watch flags.
The debug outputs will appear in the standard output log file as described in Chapter 1.