Selection Options

Selection options choose particular types of log entries for inclusion in the LOGANALYZER output.

<selection options> 

──┬─ DATE ──────────────────────────────────────────┬──────────────────┤
  ├─ ALL ───────────────────────────────────────────┤
  ├─ FILTERED ──────────────────────────────────────┤
  ├─ RAW ───────────────────────────────────────────┤
  │ ┌◄────────────────────────────────────────────┐ │
  └─┴─┬─<configuration and maintenance options>─┬─┴─┘
      ├─<data comm options>─────────────────────┤
      ├─<diagnostics options>───────────────────┤
      ├─<job/task/session options>──────────────┤
      └─<additional selection options>──────────┘

The following text describes the meaning of each option.

Option

Description

DATE

Lists the date and time of the first and last log entries. This information is printed on all LOGANALYZER reports. The DATE option, if specified, must be the only option requested.

ALL

Lists the entire log except as limited by the <time> and <date> options, and on systems with the Secure Access Control Module or Secure Accountability Facility, by the USERCODE, ACCESSCODE, and CHARGECODE selection options. ALL is the default selection option.

FILTERED

Skips any sumlog not covered by the date range (or time and date range) specified.

RAW

Lists an unanalyzed hexadecimal dump of the entire log file, except as limited by the <time> and <date> options, and, on systems with the Secure Access Control Module or Secure Accountability Facility, by the USERCODE, ACCESSCODE, and CHARGECODE selection options.

Configuration and Maintenance Options

These options select log records related to the hardware and software configurations of the system and the problems that are encountered during operation.

<configuration and maintenance options> 

──┬─ CLU ────────────────────────────────────────┬─────────────────────┤
  ├─ COD ────────────────────────────────────────┤
  ├─ CONFIG ─┬───────────────────────────────────┤
  │          └─ (EXT) ───────────────────────────┤
  ├─ CPUERROR ───────────────────────────────────┤
  ├─ ESR ────────────────────────────────────────┤
  ├─ HL ─────────────────────────────────────────┤
  ├─ IOSUMMARY ──────────────────────────────────┤
  ├─ TAPESERVER ─────────────────────────────────┤
  ├─ TS ─────────────────────────────────────────┤
  ├─ IOERROR ───┬─┬──────────────────────────────┤
  ├─ IOERRONLY ─┤ └─<device option>──────────────┤
  ├─ MAINT ─────┘                                │
  ├─ MAINFRAME ─┬─┬──────────────────────────────┤
  └─ MFERRONLY ─┘ └─<IOP selection and analysis>─┘

The following text describes the meaning of each option:

Option

Description

CLU

Lists all log records associated with the Cartridge Library Unit (CLU).

COD

Lists all log records associated with Capacity on Demand (COD)), Memory Licensing, and I/O Licensing.

CONFIG

Lists the following configuration log records:

  • Hardware configuration

  • Unit configuration

  • Pack media configuration

  • Software configuration

The (EXT) variant lists the preceding configuration information. This option adds the logical and physical unit numbers to the hardware configuration report.

The configuration is logged at each halt/load occurrence and again each time the log is transferred or initiated.

CPUERROR

Lists the mainframe log records that relate specifically to a central processor.

ESR

Lists all log records associated with Electronic Service Request activity sent out through the MCP. The information includes the datagram and the response received (if any).

HL

Lists the system halt/load log records.

IOSUMMARY

Lists the table that summarizes IOERROR log records. Individual errors are not printed. The summary is the same as that produced at the end of a MAINT or IOERROR request.

IOERROR

Lists all peripheral error entries. If IOERROR is followed by a <device option>, only the peripheral error entries for the selected device type and unit number are listed.

IOERRONLY

Lists all peripheral error entries except those flagged as "IO condition only" records. IOERRONLY suppresses entries that represent expected system behavior, such as disk first actions, statistics dumps, and unload completion reports, and analyzes only entries representing true IO error conditions.

If IOERRONLY is followed by a <device option>, only peripheral errors for the selected device type and unit number are listed.

MAINT

Lists all mainframe errors, peripheral errors, hardware configuration log records, and log discard period records. If MAINT is followed by a <device option>, the hardware configuration log records are not included and only the mainframe and peripheral errors for the selected device type and unit number are listed.

MAINFRAME

Lists mainframe log records such as box failures, system error actions, halt/load, PCN-MAC hardware environmental faults and conditions, IOP reports, and dump records.

The optional selection criterion can be used to select specific categories of IOP reports and to control the informational detail of the report. Log entries for CPM, Console, and similar kinds of failures and DEADSTOPs continue to be reported.

MFERRONLY

Lists all mainframe error entries except those flagged as informational. It is equivalent to MAINFRAME(ERROR).

TAPESERVER TS

Selects log records entered by the TAPESERVER library.

<device option>

Can be specified after the IOERROR, IOERRONLY, or MAINT option. Causes LOGANALYZER to select only those records that satisfy the given option which apply to the selected device type or device and unit number.

<IOP selection and analysis>

Can be specified after the MAINFRAME or MFERRONLY option. The optional selection criterion can be used to select specific categories of IOP reports and to control the informational detail of the report.

<device option>

The following diagram lists the many device options available. 

  ┌◄─────────────────────────────────────┐
──┴─┬─ CPU ────────────────────────────┬─┴─────────────────────────────┤
    ├─ DECODEEXTRD ────────────────────┤
    ├─ DUMPEXTRD ──────────────────────┤
    │             ┌◄─────────────────┐ │
    ├───────────┬─┴─┬──────────────┬─┴─┘
    ├─ ARPS ────┤   └─<unit range>─┘
    ├─ CD ──────┤
    ├─ DC ──────┤
    ├─ DK ──────┤
    ├─ FPSAP ───┤
    ├─ HC ──────┤
    ├─ HY ──────┤
    ├─ LBP ─────┤
    ├─ LP ──────┤
    ├─ MT ──────┤
    ├─ NP ──────┤
    ├─ PK ──────┤
    ├─ SC ──────┤
    ├─ SPC ─────┤
    ├─ TSP ─────┤
    ├─ VC ──────┤
    └─ SERVICE ─┘

<unit range> 

──<unit number>─┬────────────────────┬─────────────────────────────────┤
                └─ ─ ──<unit number>─┘

<unit number>

An integer that specifies the unit number to be analyzed, or the beginning or ending unit number of a range.

Explanation

If a <unit range> includes two <unit number>s separated by a hyphen, the range comprises all unit numbers between and inclusive of the two <unit number>s. A <unit range> of one <unit number> comprises only that <unit number>. When two <unit number>s are specified, the second number must be larger than the first.

For example, to specify the unit numbers 1, 2, 3, 4, 7, 8, 9, 12, you may use: 

1-4 7-9 12

The device mnemonic definitions are as follows:

Mnemonic

Definition

ARPS

A-Series Remote Procedures

CD

CD-ROM unit

CPU

Central processing unit

DC

EMS data communications unit

DK

Memory Disk unit

FPSAP

Array Processor

HC

Host Control (HC) unit

HY

HYPERchannel unit

LBP

Laser Beam Printer

LP

Line printer unit

MT

Magnetic tape unit

NP

Network Processor

PK

Disk unit

SC

Operator display terminal

SPC

Special Peripheral Control DLP

TSP

Telephony Services Platform

VC

Voice channel

SERVICE

Service unit

The DUMPEXTRD and DECODEEXTRD options affect the analysis of log entries for those device types that have extended status information or request sense information (for example, native SCSI devices). For all such devices except HYPERchannel devices, DUMPEXTRD displays a hexadecimal dump of the extended status information. DECODEEXTRD displays a formal analysis of the same information.

Expanded analysis for HYPERchannel devices is produced only if either DUMPEXTRD or DECODEEXTRD is used in conjunction with the MAINT HY option. Requesting the option DUMPEXTRD in conjunction with a MAINT HY request causes the message proper and sense bytes to be presented in raw format without description. For example, the “LOG MAINT HY DUMPEXTRD” request produces the following output in addition to the normal “LOG MAINT HY” output: 

MESSAGE PROPER           :  <first 16 bytes of the message proper>
ADAPTER SENSE BYTES DATA : <adapter sense byte information>

If the option DECODEEXTRD is requested in conjunction with a MAINT HY request, the message proper and sense bytes are given expanded analysis.

<IOP selection and analysis>

The following diagram defines IOP selection and analysis.

── ( ──<IOP selection criteria>─┬───────────┬─ ) ──────────────────────┤
                                ├─ ESLTEXT ─┤
                                ├─ IOCB ────┤
                                └─ DETAIL ──┘

<IOP selection criteria> 

──┬─ ERROR ─────┬─┬─ IOP ──<n>─┬───────────────────────────────────────┤
  ├─ INFO ──────┤ └─ EDN ──<n>─┘
  ├─ WARN ──────┤
  ├─ CONFIG ────┤
  ├─ TYPE ──<n>─┤
  └─ ALL ───────┘

Explanation

The <IOP selection criteria> is specific to IOP-related reports only and allows selection by generic report category, such as ERROR, INFO, CONFIG, WARN, or a specific TYPE, and for a specific IOP or EDN. The selection is based on “type” and “device <n>”, if both are specified.

The use of MFERRONLY is equivalent to MAINFRAME(ERROR).

IOP-generated reports include an Event Notification type that describes the general characteristics of this report. These reports include the following TYPEs:

TYPE

Report Name

1

Error notification

2

LCT entry (an initialization device configuration)

3

Port death or reset

4

Channel link loss/recovery

5

IOP hang

6

PAM entry

7

IOP informational

8

Network informational

9

ODT connection report

10

Environmental warning

ERROR selection includes MCP-generated IOP fault reports and IOP Event reports of TYPES 1, 3, 5, 6, and any nonclassified (new or unknown) type, plus types included with WARN.

INFO selection includes IOP Event reports of TYPEs 7, 8, and any nonclassified (new or unknown) type, plus types included with WARN and CONFIG.

CONFIG selection includes IOP Event reports of TYPE 10.

The analysis of an IOP mainframe report is determined by the type of report and the selection of report content, ESLTEXT, IOCB, or DETAIL. By default, the analysis includes the Reporting Unit, the associated External Device number (if non-zero), and the analysis of the specific event or error including description and possible sources.

The report selection options provide the following information:

Option

Description

ESLTEXT

The first 240 bytes of the ESL, if present, are presented as text.

IOCB

If IOCB data is present, the information is presented in hexadecimal and analysis forms.

DETAIL

Both ESL analysis and IOCB analysis are presented.

Examples

The following examples show the use of the MAINFRAME and MFERRONLY commands.

  • Selects all INFO IOP events. All other IOP reports are excluded. 

    LOG MAINFRAME(INFO)

  • Selects INFO reports for IOP 5. All other IOP reports are excluded. 

    LOG MAINFRAME(INFO IOP 5)

  • Selects ERROR IOP events and produces a detailed analysis report including ESL and IOCB information. 

    LOG MFERRONLY(DETAIL)

Data Comm Options

The following options select log records that are related to data communications:

Syntax

<data comm option> 

──┬─ BNA ──────────────────────────────────────────────────────────────┤
  ├─ BNAV2 ──────────────────────────────┬─────────────────────────────┤
  ├─ CIA ─┬──────────────────────────────┤
  │       │     ┌◄─────────────────┐     │
  │       └─ ( ─┴─┬─ ALL ────────┬─┴─ ) ─┤
  │               ├─ INIT ───────┤       │
  │               ├─ ACP ────────┤       │
  │               ├─ IFE ────────┤       │
  │               ├─ NODE ───────┤       │
  │               ├─ DIALOG ─────┤       │
  │               ├─ BUFFERPOOL ─┤       │
  │               ├─ POOLMGR ────┤       │
  │               ├─ SYSQUEUES ──┤       │
  │               └─ MISC ───────┘       │
  ├─ CNS ─┬──────────────────────────────┤
  │       ├─ NPSM ───────────────────────┤
  │       ├─ GS ─────────────────────────┤
  │       ├─ LCF ────────────────────────┤
  │       ├─ TSMM ───────────────────────┤
  │       └─ LSS ────────────────────────┤
  ├─ COMS ─┬─────────────────────────────┤
  │        ├─ CONFIG ────────────────────┤
  │        ├─ WINDOW ────────────────────┤
  │        └─ EVENTS ────────────────────┤
  ├─ IDC ────────────────────────────────┤
  ├─ LPP ─┬──────────────────────────────┤
  │       ├─ PIM ────────────────────────┤
  │       ├─ PIE ────────────────────────┤
  │       ├─ MGR ────────────────────────┤
  │       ├─ OI ─────────────────────────┤
  │       └─ OTHER ──────────────────────┤
  ├─ MCS ────────────────────────────────┤
  ├─ NMS ─┬──────────────────────────────┤
  │       │     ┌◄────────────┐          │
  │       └─ ( ─┴─┬─ LCF ───┬─┴─ ) ──────┤
  │               ├─ SNMP ──┤            │
  │               └─ OTHER ─┘            │
  ├─ NSP ────────────────────────────────┤
  ├─ NW ─────────────────────────────────┤
  ├─ NWS ────────────────────────────────┤
  ├─ RSS ────────────────────────────────┤
  ├─ SNA ─┬──────────────────────────────┤
  │       ├─ REPORT ─────────────────────┤
  │       ├─ TRACE ──────────────────────┤
  │       ├─ ERROR ──────────────────────┤
  │       ├─ INQUIRY ────────────────────┤
  │       ├─ COMMAND ────────────────────┤
  │       └─ OTHER ──────────────────────┤
  ├─ SSH ────────────────────────────────┤
  ├─ SSHCLIENT ──────────────────────────┤                           
  └─ SSHSUPPORT ─────────────────────────┤                           
  │                                      │
  └─ TCPIP ─┬────────────────────────────┤
            │     ┌◄───────────────┐     │
            └─ ( ─┴─┬─ ARP ──────┬─┴─ ) ─┘
                    ├─ AUTOCONF ─┤
                    ├─ DHCP ─────┤ 
                    ├─ DNS ──────┤
                    ├─ ICMP ─────┤
                    ├─ IP ───────┤
                    ├─ IPSEC ────┤
                    ├─ IPTABLE───┤
                    ├─ MLD ──────┤
                    ├─ MSS ──────┤
                    ├─ ND ───────┤
                    ├─ PATHMTU ──┤
                    ├─ PIM ──────┤
                    ├─ RESILIENCY┤
                    ├─ RIP ──────┤
                    ├─ SECURITY ─┤
                    ├─ SNMP ─────┤
                    ├─ SSH ──────┤
                    ├─ SSL ──────┤
                    ├─ TCP ──────┤
                    ├─ TCPMGR ───┤
                    ├─ UDP ──────┤
                    └─ OTHER ────┘

Explanation

The following text describes the meaning of each option:

BNA

Lists Network Debug records.

BNAV2

Lists all BNA Version 2 log records. Analysis of BNA Version 2 records requires that the CNS translation library, CNSTRANSLATION be specified using the SL (Support Library) system command.

CIA

Lists the records reporting ClearPath Intraconnect Architecture (CIA) events. .

If you specify . . .

Then LOGANALYZER selects . . .

CIA

All CIA records

CIA (ALL)

All CIA records

CIA (INIT)

Only the CIA initialization records

CIA (ACP)

Only the CIA ACP (Attached Communications Processor) event records

CIA (IFE)

Only the CIA IFE (Interface Front End) event records

CIA (NODE)

Only the CIA Node event records

CIA (DIALOG)

Only the CIA Dialog event records

CIA (BUFFERPOOL)

Only the CIA Buffer Pool event records

CIA (POOLMGR)

Only the CIA Pool Manager event records

CIA (SYSQUEUES)

Only the CIA Sysqueues event records

CIA (MISC)

Only the CIA miscellaneous event records

CNS

Lists all CNS (Core Networking Services) records. Analysis of CNS records requires that the CNS translation library, CNSTRANSLATION, be specified using the SL (Support Library) system command. .

If you specify . . .

Then LOGANALYZER selects . . .

CNS (NPSM)

Network Provider Services Manager messages

CNS (GS)

Generic Services messages

CNS (LCF)

Local Control Facility messages

CNS (TSMM)

Target Support Module Manager messages

CNS (LSS)

Link Specific Services messages

COMS

Lists the COMS records.

If you specify . . .

Then LOGANALYZER selects . . .

COMS CONFIG

Only the COMS configuration change records. LOGANALYZER reports only security related COMS changes.

COMS WINDOW

Only the COMS window activity records.

COMS EVENTS

Only the COMS event records.

IDC

Lists the IDC and ID records.

LPP

Lists the local port provider (LPP) records.

If you specify . . .

Then LOGANALYZER selects . . .

LPP (PIM)

LPP control path entries.

LPP (PIE)

LPP data path entries.

LPP (MGR)

LPP process stack entries.

LPP (OI)

LPP network control command entries.

LPP (OTHER)

Miscellaneous entries.

MCS

Lists all MCS log records.

NMS

Lists all nondiagnostic commands, responses, and reports generated for Network Management.

If you specify . . .

Then LOGANALYZER selects . . .

NMS (LCF)

Local Control Facility entries.

NMS (SNMP)

Entries from the SNMP agent.

NMS (OTHER)

Miscellaneous entries.

NSP

Lists all data comm log records.

NW

Lists BNAV2, CNS, NMS, SNA and TCP/IP log records.

NWS

Lists all the NetWare Services (NWS) log records.

RSS

Lists all log records from the Reliable Session Service (RSS).

SNA

Lists all nondiagnostic commands, responses, and reports generated for Systems Network Architecture (SNA).

If you specify . . .

Then LOGANALYZER selects . . .

SNA (REPORT)

Noteworthy network events.

SNA (TRACE)

The network frame reported as a result of the TRACE + command.

SNA (ERROR)

Unexpected fault conditions.

SNA (INQUIRY)

Solicited status requests and responses.

SNA (COMMAND)

Solicited action requests and responses.

SNA (OTHER)

Miscellaneous events.

SSH

SSHSUPPORT

Lists connection open and close, channel open, and request and close entries generated by SSHSUPPORT.

SSHCLIENT

Lists outgoing connection open and close, channel open, request and close entries generated by SSH clients.

TCPIP

Lists all nondiagnostic commands, responses, and reports generated by the TCP/IP network provider.

If you specify . . .

Then LOGANALYZER selects . . .

TCPIP (ARP)

Address Resolution Protocol function entries.

TCPIP (AUTOCONF)

TCP/IP IPv6 Address Auto-Configuration entries.

TCPIP (DHCP)

Dynamic Host Configuration Protocol entries.

TCPIP (DNS)

Domain Name Server entries.

TCPIP (ICMP)

Internet Control Message Protocol function entries.

TCPIP (IP)

Internet Protocol layer entries.

TCPIP (IPSEC)

IPSECurity entries.

TCPIP (IPTABLE)

IPTABLE logging entries.

TCPIP (MLD)

IPv6 Multi-Listener Discovery entries.

TCPIP (MSS)

Messaging Subsystem entries.

TCPIP (ND)

IPv6 Neighbor Discovery entries.

TCPIP (PATHMTU)

IPv6 Path MTU Discovery entries.

TCPIP (PIM)

Entries for the connection open and close reports.

TCPIP (RESILIENCY)

Resiliency entries.

TCPIP (RIP)

Route Information Protocol function entries.

TCPIP (SECURITY)

Entries generated via the TCPIP end system security feature.

TCPIP (SNMP)

Entries generated during the process of an SNMP command. SNMP commands are logged under Major Type 28, Network Management.

TCPIP (SSL)

SSL entries.

TCPIP (SSH)

Secure Shell (SSH) entries.

TCPIP (TCP)

Transmission Control Protocol layer entries.

TCPIP (TCPMGR)

TCP Manager function entries.

TCPIP (UDP)

User Datagram Protocol layer entries.

TCPIP (OTHER)

Miscellaneous entries.

Diagnostics Options

These options select log records created by diagnostics options of various system software products.

Syntax 

── DIAGNOSTICS ────────────────────────────────────────────────────────►
►─┬────────────────────────────────────────────────────────────────┬───┤
  └─ ( ─┬─ ALL ──────────────────────────────────────────────┬─ ) ─┘
        │ ┌◄───────────────────────────────────────────────┐ │
        └─┴─┬─ /1\ ── BNAV2 ──────┬─┬────────────────────┬─┴─┘
            ├─ /1\ ── CCF ────────┤ └─<selection option>─┘
            ├─ /1\ ── CNS ────────┤
            ├─ /1\ ── COMS ───────┤
            ├─ /1\ ── CONN ───────┤
            ├─ /1\ ── DIR ────────┤
            ├─ /1\ ── DSS ────────┤
            ├─ /1\ ── DTP ────────┤
            ├─ /1\ ── GRAPHS ─────┤
            ├─ /1\ ── GSS ────────┤
            ├─ /1\ ── JAVA ───────┤
            ├─ /1\ ── KMAPI ──────┤
            ├─ /1\ ── KRB ────────┤
            ├─ /1\ ── LIB ────────┤
            ├─ /1\ ── LPP ────────┤
            ├─ /1\ ── MCAPI ──────┤
            ├─ /1\ ── MFA ────────┤
            ├─ /1\ ── MHS ────────┤
            ├─ /1\ ── MQS ────────┤
            ├─ /1\ ── NIS ────────┤
            ├─ /1\ ── NMS ────────┤
            ├─ /1\ ── NPS ────────┤
            ├─ /1\ ── NWS ────────┤
            ├─ /1\ ── ONC ────────┤
            ├─ /1\ ── OSI ────────┤
            ├─ /1\ ── PIO ────────┤
            ├─ /1\ ── PS ─────────┤
            ├─ /1\ ── RBAC ───────┤
            ├─ /1\ ── RUNX ───────┤
            ├─ /1\ ── SCL ────────┤
            ├─ /1\ ── SNA ────────┤
            ├─ /1\ ── SSHCLIENT ──┤
            ├─ /1\ ── SSHSUPPORT ─┤
            ├─ /1\ ── TCPIP ──────┤
            ├─ /1\ ── TELNET ─────┤
            ├─ /1\ ── TPV ────────┤
            ├─ /1\ ── UMSG ───────┤
            ├─ /1\ ── VCON ───────┤
            ├─ /1\ ── WIN ────────┤
            └─ /1\ ── WLM ────────┘

<selection option> 

──┬───────────────────────────────────┬────────────────────────────────┤
  └─ ( ─┬─ ALL ─────────────────┬─ ) ─┘
        │ ┌◄──────────────────┐ │
        └─┴─<Keyword Subtype>─┴─┘

Explanation

To retrieve all diagnostics options, specify DIAGNOSTICS without including any options.

To limit the search to specific subsets of the diagnostic records, include a subtype option. The DIAGNOSTICS options each correspond to minor types and subtypes of the Major Type 19 (Diagnostics) log entry.

Note: RBAC and SNA minor type have no subtypes.

The subtype options, such as the <DSS subtypes>, limit the search to specific subsets of the diagnostic records logged for each minor type. Each keyword can be followed by: nothing, ALL, or <keyword subtypes>. For a list of the possible subtypes for each minor type, refer to the discussion of the Diagnostics Record (Major Type 19) in the System Log Programming Reference Manual.

In that discussion, each subtype corresponds to a JOBFORMATTER define name. The last part of each JOBFORMATTER define is the same as the corresponding LOGANALYZER subtype. For example, the SUMLOG discussion lists a define called LOGDIAG_DSS_FTP under the DSS minor type. To request that LOGANALYZER report on this subtype, specify DIAGNOSTICS (DSS (FTP)).

The following are the minor types corresponding to each DIAGNOSTICS option:

Table 41. DIAGNOSTICS Option Minor Types

Refer to minor type number . . .

For a description of . . .

3

BNA Version 2 (BNAv2) log entries.

35

Custom Connect Facility (CCF) log entries.

21

Core Network Service (CNS) log entries.

9

Communications Management System (COMS) log entries.

34

Connector PSH (CONN) log entries.

12

OSI directory (DIR) log entries.

1

Distributed systems service (DSS) log entries.

10

Distributed transaction processing (DTP) log entries.

23

GRAPHS debug tracing log entries.

28

Generic Security Service (GSS) log entries.

36

JAVA log entries.

29

Kerberos (KRB) log entries.

43

Key Manager log entries

18

Library tracing (LIB) log entries.

14

Local Port Provider (LPP) log entries.

32

MCP Cryptography API (MCAPI) log entries.

45

Multi-factor authentication (MFA) log entries.

4

Message Handling System (MHS) log entries.

33

Message Queuing System (MQS) log entries.

7

Network-Independent Software (NIS) log entries.

13

Network Management System (NMS) log entries.

24

NPS debug tracing to log entries.

15

Netware for A Series Services (NWS) log entries.

19

Open Network Computing (ONC+).

5

Open Systems Interconnection (OSI) log entries.

31

Physical IO (PIO) log entries.

22

Print System (PS) log entries.

40

Role Based Access Control (RBAC) log entries.

46

ClearPath Extension Kit for MCP (RUNX) log entries.

39

Security Center library (SCL) log entries.

16

Systems Network Architecture (SNA) log entries.

41

Secure Shell (SSH) log entries (SSHSUPPORT and SSHCLIENT).

6

TCP/IP (TCPIP) log entries.

20

TELNET log entries

9

Third Party Vendor log entries

17

Vcon (VCON) log entries

27

Universal Messaging (UMSG ) log entries.

26

Windows implementations (WIN) log entries.

37

Workload Management (WLM) log entries.

DIAGNOSTICS Examples shows examples of ways you can combine DIAGNOSTICS options for various effects.

Table 42. DIAGNOSTICS Examples

Specify . . .

To retrieve all diagnostics records for . . .

DIAGNOSTICS (DSS)

Distributed systems services (DSSs).

DIAGNOSTICS (DSS MHS)

For distributed systems services (DSSs) and the Message Handling System (MHS).

DIAGNOSTICS (NIS (PARSE ROUTER))

The network-independent software (NIS) subtypes PARSE and ROUTER.

DIAGNOSTICS (NIS (PARSE ROUTER) MHS (AS MTA))

The network-independent software (NIS) subtypes PARSE and ROUTER and the Message Handling System (MHS) subtypes AS and MTA.

DIAGNOSTICS (SCL (ERROR TRACE))

Security Center library ERROR and TRACE messages.


Job, Task, and Session Options

The following options select log records for a job, task, or session activity.

The job, task, and session options use the following logic to select log records for listing:

  • The ABORT, ERRORS, FTP, IDENTITY, JOB, MIX, MPID, PRINTS, SESSION, STACK, and TASK options are restrictive options. If more than one is specified, any log record that contains all the specified restrictive options is selected, and any log record that contains less than all the specified restrictive options is not selected.

  • The BOJ, BOT, CONTROLCARD, DCKEY, DMS, EOJ, EOT, FILE, LIB, INT, IO, and STATUS options are additive options. If one or more is specified, any log record that contains any of the specified additive options is selected.

  • If no options are specified, all records are selected.

  • If one or more restrictive options are specified, and no additive options are specified, any additive-type record related to the specified restrictive option is selected.

  • If no restrictive options are specified, and one or more additive options are specified, any record containing any of the specified options is selected.

  • If a combination of restrictive and additive options are specified, any record that contains all the specified restrictive options and any of the specified additive options is selected.

Syntax

<job/task/session options> 

──┬─ ABORT ───────────────────────────────────┬────────────────────────┤
  ├─ BOJ ─────────────────────────────────────┤
  ├─ BOT ─────────────────────────────────────┤
  ├─ CONTROLCARD ─────────────────────────────┤
  ├─ DCKEY ───────────────────────────────────┤
  ├─ DMS ──┬──────────────────────────────────┤
  │        └─ ( ──<DMS option list>── ) ──────┤
  ├─ EOJ ─────────────────────────────────────┤
  ├─ EOT ─────────────────────────────────────┤
  ├─ ERRORS ──────────────────────────────────┤
  ├─ FILE ─┬──────────────────────────────────┤
  │        ├─ VSS2 ───────────────────────────┤
  │        └─ VSS3 ───────────────────────────┤
  ├─ FTP ─────────────────────────────────────┤
  ├─/1\─┬─ IDENTITY ──<number range>──────────┤
  │     ├─ MIX ──<number range>───────────────┤
  │     ├─ STATUS ────────────────────────────┤
  │     └─ TASK ─┬─ " ──<name>─┬──────┬─ " ───┤
  │              │             └─ /= ─┘       │
  │              └─<number range>─────────────┤
  ├─ IO ──────────────────────────────────────┤
  ├─ INT ─────────────────────────────────────┤
  ├─/1\─┬─ JOB ─┬─ " ─┬─<name>─┬──────┬─┬─ " ─┤
  │     │       ├─ ' ─┘        ├─ /= ─┤ └─ ' ─┤
  │     │       │              └─ = ──┘       │
  │     │       └─<number range>──────────────┤
  │     └─ SESSION ──<number range>───────────┤
  ├─ LIB ─────────────────────────────────────┤
  ├─ MPID ── " ──<name>── " ──────────────────┤
  ├─ PRINTS ─┬────────────────────────────────┤
  │          ├───────────┬─<number range>─────┤
  │          ├─ REQUEST ─┘                    │
  │          └─ JOB ──<number range>──────────┤
  └─ STACK ──<hex stack number range>─────────┘

<DMS option list> 

  ┌◄──────────────────────────────────────┐
 ─┴─┬─/1\── DATABASE =  <database name>─┬─┴────────────────────────┤
    │─/1\── SECURITY────────────────────┤
    ├─/1\── ACCESS ─────────────────────┤                                 
    ├─/1\── OPEN────────────────────────┤
    ├─/1\── CLOSE───────────────────────┤
    ├─/1\── FREEZE──────────────────────┤
    ├─/1\── RESUME──────────────────────┤
    └─/1\── DEADLOCK────────────────────┘

<database name> 

──┬─ " ──<file title>── " ────┬────────────────────────────────────────┤
  └─ ' ──<file title>── ' ────┘

<number range> 

  ┌◄───────────┬──────┬────────────┐
  │            └◄─ , ─┘            │
──┴─<number>─┬───────────────────┬─┴───────────────────────────────────┤
             ├─ THRU ─┬─<number>─┘
             └─ ─ ────┘

<hex stack number range> 

  ┌◄────────────────── , ──────────────────┐
──┴─<hex number>─┬───────────────────────┬─┴───────────────────────────┤
                 ├─ THRU ─┬─<hex number>─┘
                 └─ ─ ────┘

Explanation

The following text describes the meaning of each option:

ABORT

Lists the records associated with tasks that were terminated abnormally with a DS or QT command. By default, LOGANALYZER reports the output from the ABORT option in sorted order; therefore, you cannot use it with the CREATE or APPEND options. You can use the ABORT option with the UNSORTED option to produce output in chronological order. You can use the CREATE and APPEND options with the UNSORTED option.

BOJ

Lists the beginning of job records.

BOT

Lists the beginning of job and beginning of task records.

CONTROLCARD

Lists the records created when a job file is locked by the WFL compiler. The record identifies the job number that will be used and the name of the source jobsymbol file if available, or the program that used a ZIP WITH ARRAY construct.

DCKEY

Lists the DCKEYIN commands submitted by the task.

DMS

If an option list is omitted or contains just a DATABASE option, all DMS record types are analyzed.

The following are sub-options of the DMS option:

  • ACCESS

    The analysis includes database access records.

  • DATABASE = <database name>

    The analysis selects only those records associated with the specified database

    Note: If the file title is specified inside quotation marks, it is converted to uppercase. If, however, a file title containing quotation marks is surrounded by apostrophes, the string inside the quotation marks is not converted to uppercase, allowing special characters and lowercase letters to be specified.

  • SECURITY

    The analysis includes DMS security records and DMS open records with open error 26 (security error on open).

  • OPEN

    The analysis includes database open records.

  • CLOSE

    The analysis includes database close records.

  • FREEZE

    The analysis includes database freeze records.

  • RESUME

    The analysis includes database resume records.

  • DEADLOCK

    The analysis includes database deadlock records.

EOJ

Lists the end of job records.

EOT

Lists the end of job and end of task records.

ERRORS

Lists the records associated with compiler tasks that terminated with syntax errors. By default, LOGANALYZER reports the output from the ERRORS option in sorted order; therefore, you cannot use it with the APPEND or CREATE options. However, you can use the ERRORS option with the UNSORTED option to produce output in chronological order. You can use the CREATE and APPEND options with the UNSORTED option.

FILE

Lists the following records: file OPEN, CLOSE, and INTERVAL; port activity; file status entries; and NetWare Services (NWS) open and close file entries.

The FILE option has two mutually-exclusive optional parameters, VSS2 and VSS3, which limit the report to CLOSE records. When one of the parameters is specified, only the information that is appropriate for determining VSS-2 or VSS-3 migration requirements is displayed. You can use these records to determine if the file attributes support logical-physical alignment for storage on a VSS-2 or VSS-3 disk, respectively.

FTP

Lists records associated with FTP sessions where an FTP session is defined to be a single connection between an FTP Client and an FTP Server.

IDENTITY

Lists identity records. The system writes identity records into the log to indicate what mix number or session number was assigned to a given job, task, or session, to indicate when the name of a job, task, or session changed, and to indicate when a job, task, or session terminated.

The following are identity records:

  • ANONYMOUS LOGON = Anonymous user information

  • BOJ = Beginning of job

  • EOJ = End of job

  • BOT = Beginning of task

  • EOT = End of task

  • LOGON = MCS session log-on

  • LOGOFF = MCS session log-off

  • EI = Establish identity

IDENTITY <number range> lists the identity records associated with the specified mix numbers.

The IDENTITY option cannot be used simultaneously with the MIX or TASK options.

IO

Lists the file OPEN, CLOSE, INTERVAL, and port activity records.

INT

Lists task interval records.

JOB

Lists the records associated with the specified job and its tasks.

JOB “<name>” lists the records for the job whose BEGIN JOB statement contains the specified <name>. The <name> parameter uses the same format as a file title.

JOB “<name>/=” lists all jobs whose high-level identifier matches the specified <name>. The comparison is like a file title tested for membership in a file directory. For example, JOB (ME)TOO/= selects jobs named (ME)TOO/A or (ME)TOO/B, but not (ME)TOO.

A name parameter can consist of either a "<string>" construct or a '"<string>"' construct. JOB ""<string>"" lists the records associated with the job whose job name matches the specified string. Use the '"<string>"' format to specify a job name that includes lowercase letters that should remain lowercased.

For example, the following command lists the records for the BEGIN JOB "MY JOB" statement: 

LOG JOB ""MY JOB""

The following command lists the records for the BEGIN JOB "My Job" statement: 

LOG JOB '"My Job"'

Lowercased characters that are not included within the '"<string>"' format are automatically uppercased. The case can occur where LOGANALYZER will not be able to find a job that includes lowercase characters in the name because the characters have been uppercased.

In general, you should classify jobs with names that have embedded blanks as strings rather than as file names. This rule applies to a number of system commands (or DCKEYIN) commands. For example, to list the log records of a RB ON MYPACK system command, use the following command: 

LOG JOB ""RB ON MYPACK""

If a RUN command is used to initiate LOGANALYZER, the option list is enclosed in quotation marks. A double set of quotation marks ("") is required to signify single quotation marks (") for embedded strings.

For example, the command

RUN *SYSTEM/LOGANALYZER ("JOB """"MY JOB""""");

is equivalent to

LOG JOB ""MY JOB"";

The command

RUN *SYSTEM/LOGANALYZER ("JOB '""My Job""'");

is equivalent to

LOG JOB '"My Job"';
Note: If a time range is specified with the JOB option, analysis of log records starts only when a BOJ, EI, or EOJ record matching the requested name or names are seen within the records selected by the time range.

JOB <number range> lists the records for jobs with the specified job numbers. The listed records include log entries created by the print system when processing print requests for the specified mix number or numbers.

The JOB option cannot be used simultaneously with the SESSION option.

LIB

Lists the library LINK, DELINK, FREEZE, READY, RESUME, and UNREADY records.

MIX

MIX <number range> lists the records associated with the specified mix numbers. A mix number of zero (0) lists all log records that have no associated mix numbers (for example, configuration records).

The MIX option cannot be used simultaneously with the IDENTITY or TASK options.

MPID

The MPID option lists the records associated with jobs and tasks that ran with the specified MPID attribute. The <name> parameter uses the same format as the MPID attribute.

The MPID option can be used in conjunction with the JOB and TASK options.

Note: If a time range is specified with the MPID option, analysis of log records starts only when a BOJ, EI, or EOJ record matching the requested name is seen within the records selected by the time range.

PRINTS

Lists the records that are created by the print system.

PRINTS <number range> lists the printing entries that are logged for the specified print request numbers. The REQ option is the default option.

PRINTS JOB <number range> lists the printing entries that are logged for the specified job numbers.

SESSION

SESSION <number range> lists the records associated with the specified mix numbers. The SESSION option cannot be used simultaneously with the JOB option.

STACK

STACK <hex stack number range> lists the records from programs that have used the specified stack numbers. The hexadecimal stack number identifies the internal process, but it is not as unique as a mix number. Log entries for BOJ, BOT, EOJ, and EOT contain stack numbers. Because some software structures use stack numbers internally (events, for example), the STACK option can be useful for identifying the process involved.

STATUS

Lists the records that are generated for certain task events. When a program takes a program dump or uses the SORT intrinsic, the system logs a status entry that contains the resources used for that activity. If a program is suspended (for example, on a no-file condition or if disk space is needed), the system logs a status entry that contains the elapsed time that the program waited.

TASK

TASK “<name>” lists the records associated with the specified task name. The <name> parameter uses the same format as a file title.

TASK “<name>/=” lists all jobs whose high-level identifier matches the specified <name>. The comparison is like a file title tested for membership in a file directory. For example, TASK “(ME)TOO/=” lists tasks named (ME)TOO/A or (ME)TOO/B, but not (ME)TOO.

If a RUN command is used to initiate LOGANALYZER, the option list is enclosed in quotation marks. A double set of quotation marks ("") is required to signify single quotation marks (") for embedded strings.

For example, the command

RUN *SYSTEM/LOGANALYZER ("TASK """"MY TASK""""");

is equivalent to

LOG TASK ""MY TASK"";

The command

RUN *SYSTEM/LOGANALYZER ("TASK '""My Task""'");

is equivalent to

LOG TASK '"My Task"';
Note: If a time range is specified with the TASK option, analysis of log records starts only when a BOJ, EI, or EOJ record matching the requested name or names are seen within the records selected by the time range.

TASK <number range> lists the records for tasks with the specified mix numbers. A mix number of zero (0) lists all log records that have no associated mix numbers (for example, configuration records).

The TASK option cannot be used simultaneously with the IDENTITY or MIX options.

Additional Selection Options

The following options list various types of log entries.

Syntax

<additional selection options> 

                                ┌◄────── , ──────────┐
──┬─/1\────┬───── AC ─────┬─────┴─<code identifier>──┴─────────┬──────────────┤
  │        └─ ACCESSCODE ─┘                                    │              
  ├─ ADD ──────┬─ ( ──<major number>── , ──<minor number>── ) ─┤
  ├─ SUBTRACT ─┘                                               │
  ├─ ASSISTANT ─┬──────────────────────────────────────────────┤
  │             └─ ( ──<Assistant option list>── ) ────────────┤
  │                              ┌◄────── , ──────────┐        │
  ├─/1\───┬───── CC ─────┬───────┴─<code identifier>──┴────────┤
  │       └─ CHARGECODE ─┘                                     │
  ├─ COMMENT ──────────────────────────────────────────────────┤
  ├─ DEIMPLEMENTATION ─────────────────────────────────────────┤
  ├─ DISCARD ──────────────────────────────────────────────────┤
  ├─ DRC ──────────────────────────────────────────────────────┤
  ├─ EPORTAL ──┬───────────────────────────────────────────────┤
  │            └── ( ──<ePortal option list>── ) ──────────────┤
  ├─ FIND ──<find expression>──────────────────────────────────┤
  ├─ INST───────────┬──────────────────────────────────────────┤
  ├─ INSTALLATION ──┘                                          │
  ├─ KERBEROS ─────────────────────────────────────────────────┤
  ├─ MFA ─┬────────────────────────────────────────────────────┤
  │       └─ ( ──<MFA option list>── ) ────────────────────────┤
  ├─ MIT ─┬────────────────────────────────────────────────────┤
  │       ├─ INDEX ──<MIT index>───────────────────────────────┤
  │       ├─ SERIAL ──<serial number>──────────────────────────┤
  │       ├─ UNIT ─┬─<unit number>─────────────────────────────┤
  │       └─ PK ───┘                                           │
  ├─ MSG ──────────────────────────────────────────────────────┤
  ├─ MSGNW ─┬──────────────────────────────────────────────────┤
  │         └─ ( ──<network list>── ) ─────────────────────────┤
  ├─ OPERATOR ─┬─────────┬─┬───────────────────────────────────┤
  │            ├─ TEXT ──┤ │ ┌◄───────┐                        │
  │            └─ IDENT ─┘ └─┴─<type>─┴────────────────────────┤
  ├─ RBAC ─────────────────────────────────────────────────────┤
  │          ┌◄────────────────┐                               │
  ├─ RESULT ─┴─┬─ SUCCESS ───┬─┴───────────────────────────────┤
  │            ├─ FAILURE ───┤                                 │
  │            ├─ RELEVANT ──┤                                 │
  │            └─ VIOLATION ─┘                                 │
  ├─ SECURITY─┬────────────────────────────────────────────────┤
  │           └─ ( ──<security option list>── ) ───────────────┤
  ├─ SHOWID ───────────────────────────────────────────────────┤
  ├─ TL────────────────────────────────────────────────────────┤
  ├─ TIME ─────────────────────────────────────────────────────┤
  ├─ TPV───────────────────────────────────────────────────────┤
  ├─ UNKNOWN ──────────────────────────────────────────────────┤
  │                             ┌◄────── , ──────────┐         │
  ├─/1\────┬──── UC ────┬───────┴─<code identifier>──┴─────────┤
  │        └─ USERCODE ─┘                                      │
  ├─ USERDATA ─────────────────────────────────────────────────┤
  ├─ VOLUMES ──────────────────────────────────────────────────┤
  └─ WLM ──────────────────────────────────────────────────────┘

<Assistant option list> 

──┬───────────────────────┬─┬─ ALL ─────────────────────┬──────────────┤
  ├─ ID ─┬─────┬─<string>─┘ │ ┌◄─────────────┐          │
  │      └─ = ─┘            └─┴─┬─ ERRORS ─┬─┴─┬────────┐
  │                             ├─ API ────┤   └─ ONLY ─┤
  │                             ├─ CONFIG ─┤            │
  │                             └─ EVENTS ─┘            │
  └─ ID ─┬─────┬─<string>───────────────────────────────┘
         └─ = ─┘

<find expression> 

         ┌◄────┬───────┬──────┬─ AND ─┬──────────────────────┐
         │     └─ NOT ─┘      └─ OR ──┘                      │
── FIND ─┴/100\─── " ──<wild-card string>── " ─┬───────────┬─┴─────────┤
                                               └─ UNCASED ─┘

<ePortal option list>

  ┌◄───────────────────────┐
──┴─┬─/1\── ALL ─────────┬─┴────────────────────────────────────────────┤
    ├─/1\── APPLICATION ─┤
    ├─/1\── SECURITY ────┤
    └─/1\── SYSTEM ──────┘

<code identifier> 

──┬─<simple name>─┬────────────────────────────────────────────────────┤
  ├─ . ───────────┤
  ├─ * ───────────┤
  └─ = ───────────┘

<MFA option list>

  ┌◄─────────────────────┐
──┴─┬─/1\── ALL ───────┬─┴────────────────────────────────────────────┤
    └─/1\── AUTH ──────┘

<MIT option selection> 

──┬───────────────────────────┬────────────────────────────────────────┤
  ├─ INDEX ──<MIT index>──────┤
  ├─ SERIAL ──<serial number>─┤
  ├─ UNIT ─┬─<unit number>────┘
  └─ PK ───┘

<network list> 

──┬─────────┬──────────────────────────────────────────────────────────┤
  ├─ BNAV2 ─┤
  ├─ CNS ───┤
  ├─ NMS ───┤
  ├─ SNA ───┤
  └─ TCPIP ─┘

<security option list> 

  ┌◄───────────────────────┐
──┴─┬─/1\── ALL ─────────┬─┴────────────────────────────────────────────┤
    ├─/1\── KEYMGMT ─────┤
    ├─/1\── NXSERVICES ──┤
    ├─/1\── RUNX ────────┤
    ├─/1\── SCERRORS ────┤
    ├─/1\── VIOLATIONS ──┤
    └─/1\── WARN ────────┘

Explanation

The following text describes the meaning of each option:

ACCESSCODE

AC

Lists entries associated with the specified code identifiers. The ACCESSCODE option requires the IGSDASUPPORT library and either the Secure Access Control Module or the Secure Accountability Facility.

AC is a synonym for ACCESSCODE.

To list entries with no accesscode specification, use an asterisk (*) as the code identifier. To list entries with the accesscode of the LOGANALYZER process, specify an equals sign (=) as the code identifier. The accesscode is not interrogated for entry selection if a period (.) is specified as the code identifier. If ACCESSCODE is specified in combination with CHARGECODE, RESULT, and/or USERCODE, only the records that contain all the specified options are selected. If ACCESSCODE is used together with ALL, then all entries with the specified accesscode and all public records are selected. Public records include all maintenance and halt/load records.

Note: The ACCESSCODE option can be specified only once. The <code identifier> period (.) cannot be specified with other <code identifiers>.

ADD

Use ADD to request that LOGANALYZER analyze a specific type of record. You specify the type of record by specifying the number for the Major type and the number for the Minor type of record. Refer to System Log Programming Reference Manual for more detailed information. The following example would cause LOGANALYZER to analyze all records containing non-MLS (MultiLingual System) messages. You can use ADD multiple times to select a number of different types of records. 

ADD (3, 4)
Note: Note:If both an ADD and a SUBTRACT clause identify the same log type, records of that log type are not selected for analysis.

ASSISTANT

Lists entries associated with System Assistant. If a program identity (ID) is not specified, the program identity of ASSIST is used. The <string> is unquoted, must be 17 characters or less, and consist of only alphanumeric characters.

If you do not specify an option list for Assistant, the default set of entries are selected for analysis. The default set consists of entries dealing with one of the following:

  • Assistant Programmatic Interface requests

  • commands/responses

  • exceptions

  • message entries with an identity of <ID>

The ALL option lists all Major Type 34 (ASSISTANT) entries and all message entries associated with the identity <ID>.

The API option selects the commands and responses requested via the Assistant Programmatic Interface. These entries are included in the default entries set. Using the ONLY option allows exclusive selection of these entries from the default set.

The CONFIG option selects the entries containing Hardware, Software, or Switch configuration references, in addition to the default entries set.

The EVENTS option selects entries containing responses generated by Assistant's MONITOR or TRACE facilities, in addition to the default entries set. MONITOR entries appear only if the LOGMONITOR option is set when running Assistant. TRACE log entries are generated to record basic Assistant events only when Assistant's TRACE option is reset; otherwise, the data is recorded in the printer backup file created by the Assistant trace facility.

The ONLY option selects only the CONFIG, API, ERRORS, or EVENTS entries, or any combination specified. Message entries are not included unless specifically requested.

If there are no message entries associated with the identity, but other log entries are analyzed, LOGANALYZER will show the following termination message: 

NO ASSISTANT MESSAGE ENTRIES WITH IDENTITY '<id>' FOUND.

CHARGECODE

CC

Lists entries associated with the specified code identifiers. A chargecode is a sequence of names separated by slashes (/). The length of a chargecode, including slashes, cannot exceed 60 characters. The CHARGECODE option requires the IGSDASUPPORT library and either the Secure Access Control Module or the Secure Accountability Facility.

CC is a synonym for CHARGECODE.

To list entries with no chargecode specification, use an asterisk (*) as the code identifier. To list entries with the chargecode of the LOGANALYZER process, specify an equals sign (=) as the code identifier. The chargecode is not interrogated for entry selection if a period (.) is specified as the code identifier. If CHARGECODE is specified in combination with ACCESSCODE, RESULT, and/or USERCODE, only the records that contain all the specified options are selected. If CHARGECODE is used together with ALL, then all entries with the specified chargecode and all public records are selected. Public records include all maintenance and halt/load records.

Note: The CHARGECODE option can be specified only once. The <code identifier> period (.) cannot be specified with other <code identifiers>.

COMMENT

Lists all comments entered into SUMLOG by means of the LC (Log Comment) and LJ (Log to Job) system commands. Refer to the System Commands Reference Manual for information on the LC and LJ commands.

DEIMPLEMENTATION

Lists the deimplementation warnings generated by the operating system with the associated mix number and task identification.

DISCARD

Lists records of discarded periods and entries within the log file.

DRC

Causes all disk resource control system entries to be listed. These entries include USERDATA record overflow, userdata error, and invalid family name in the familylist entry.

EPORTAL

Lists System, Application, and Security entries generated by ePortal.

If an ePortal option list is specified, only the ePortal records for that type are shown.

FIND

Limits the output to those log entries that satisfy the tokens specified in the find expression.

The find expression consists of a number of <wild-card string>s concatenated with AND and OR boolean operators. All but the first <wild-card string> can be preceded by the NOT operator.

The <wild-card string> can include two types of wild-card characters: question marks (?) and equal signs (=). A question mark matches any single character, and an equal sign matches any sequence of characters.

The boolean operators are applied in precedence order with the NOT operator having highest precedence and the OR operator having lowest precedence.

For example, the phrase 

"A" AND "B" OR NOT "C" AND "D" OR "E"

is evaluated as 

("A" AND "B") OR (NOT "C" AND "D") OR "E"

You should begin and end the <wild-card string> with equal signs, even if the <wild-card string> consists of complete tokens. For example, to find the phrase "INVALID DESTINATION", specify the following: 

FIND "=INVALID DESTINATION="

If you want the token match to ignore casing, you should use UNCASED after the <wild-card string>, otherwise a case-sensitive match is performed. You must specify UNCASED after all <wild-card string>s that are to be used in case-insensitive matches.

You cannot use the FIND option simultaneously with the APPEND or CREATE options.

INST

INSTALLATION

Selects site defined installation log entries for analysis. If the SITESUPPORT library is not present or the PINSTALLATION function of the SITESUPPORT library indicates that the log entry is not analyzed, the log entry is dumped in hexadecimal form.

KERBEROS

Selects log records associated with Kerberos. These log records contain:

  • Requests to Kerberos servers to add, modify, or delete a principal's attributes in the database.

  • Information pertaining to modifications made to Key Table Files maintained by the Kerberos Support Library.

  • Information about the creation or destruction of client tickets.

  • Information about errors detected by the Kerberos Support Library.

  • Miscellaneous information that does not come under the other four categories.

MFA

Lists multi-factor authentication entries.

MIT

Gives summary information for each MIRROR1 (MIT image entry) and MIRROR2 (MIT change entry) log record. If a MIT request is qualified with a MIT selection option, only MIRROR2 entries for the specified INDEX, SERIAL, or UNIT number are displayed as output.

MSG

Lists all system messages and the mix numbers associated with these messages. The list includes operator entries as listed by the OPERATOR option.

If a message is displayed by a library entrypoint that has been called from a program, the text will show “FROM <mix number>,” meaning that a procedure in the library <mix number> performed the display while being called by another program.

MSGNW

The MSGNW selection option analyzes network messages in a brief format, suppressing the network header analysis. The brief analysis is applied to any BNAV2, CNS, NMS, SNA, and TCP/IP messages. The entries selected for analysis are those that correspond to messages that might appear in the response to an MSG NW (Network Messages) system command.

Note: In order to perform MSGNW analysis, you must use the MCP 10.0 JOBFORMATTER and the Networking 51.1 CNS Translation library. Otherwise, analysis defaults to previous behavior and network messages are analyzed in full format.

MSGNW (<network list>)

If the MSGNW selection option includes a network list, only those messages originating from the selected networks are analyzed in a brief format. If entries for an unselected network are requested through a network selection option, all entries from that network are analyzed in the full format.

OPERATOR

Lists all SETSTATUS commands entered either by operator inputs or by programmatic calls. When OPERATOR is used with one or more type specifications, only log entries for the corresponding system commands are listed. Each type is a system command mnemonic, such as DS, MP, OK or PG. Most system commands that change the system state are allowed types. PS is a valid type and lists log entries that are associated only with print system commands that have caused a change in the print system. System commands that are inquiries but do not change the system state, such as PER, cannot be used as types. Refer to the System Commands Reference Manual for all the system commands and their mnemonics.

Note: Note: Most of the commands should match the actual system command. The exception is the DUMP command which is selected using DP, to avoid ambiguity with the LOGANALYZER DUMP option. Long commands should be indicated in full. Previously, only the first 6 characters of long commands were validated.

Use the TEXT or the IDENT modifier, or both, immediately after the OPERATOR option to display information in addition to that resulting from the system's interpretation of the command. Use the TEXT modifier to display the actual text input by the operator. Use the IDENT modifier to display additional identity information about the origin of the command, for example usercode, station name, and LSN.

RBAC

Lists entries associated with the successful completion of administrator procedures in the RBACSUPPORT library.

RESULT

Reports are created based on the results of the actions logged. These results can be any combination of successful actions, failed actions, security-relevant actions, and security violations. The results to be reported are specified by entering any combination of SUCCESS, FAILURE, RELEVANT, and VIOLATION.

Result reports for RELEVANT include actions on the USERDATAFILE, use of the system ??SECAD primitive and SECOPT commands, and attachments of guard files to files.

If RESULT is specified with ACCESSCODE, CHARGECODE, and/or USERCODE, only the records that contain all the specified options are selected.

The RESULT option requires the IGSDASUPPORT library and either the Secure Access Control Module or the Secure Accountability Facility.

SECURITY

Lists security records. Only a privileged user or security administrator can use the SECURITY option.

If a security option list is specified, only the SECURITY records for that type are shown. If no security option list is specified, VIOLATIONS are shown.

Security Option

Description

ALL

All Security related entries

KEYMGMT

Key Management by Security Center and Key Manager

NXSERVICES

Client Access Services Session Entries

SCERRORS

Security Center Errors

VIOLATIONS

MCP and MCS Security Violations

WARN

Security Relevant Warnings

SHOWID

Includes identity information in the analysis. The information includes the usercode, accesscode, and chargecode of the process that generated the record. The information is included regardless of the TRUNCATE setting.

SUBTRACT

Use SUBTRACT to request that LOGANALYZER not analyze a specific type of record. You specify the type of record by specifying the number for the Major type and the number for the Minor type of the record. Refer to System Log Programming Reference Manual for more detailed information. The following example would cause LOGANALYZER to analyze all message records except non-MLS messages. 

MSG SUBTRACT (3, 4)
You can use SUBTRACT multiple times to de-select a number of different types of records.
Note: If both an ADD and a SUBTRACT clause identify the same log type, records of that log type are not selected for analysis.

TL

Lists the log transfer log entries. These entries include automatic and manual log transfers, change of DL LOG, and the count of records discarded when space is not available.

TIME

Lists records generated for clock drift and time correction adjustments.

TPV

Lists entries associated with third-party vendor products.

UNKNOWN

Lists a hexadecimal dump of all SUMLOG records with major and minor types that LOGANALYZER does not recognize.

USERCODE UC

Lists entries associated with the specified code identifiers. The USERCODE option requires the IGSDASUPPORT library and either the Secure Access Control Module or the Secure Accountability Facility.

UC is a synonym for USERCODE.

To list entries with no USERCODE specification, use an asterisk (*) as the code identifier. To list entries with the USERCODE of the LOGANALYZER process, specify an equals sign (=) as the code identifier. The USERCODE is not interrogated for entry selection if a period (.) is specified as the code identifier. If USERCODE is specified in combination with CHARGECODE, RESULT, and/or ACCESSCODE, only the records that contain all the specified options are selected. If USERCODE is used together with ALL, then all entries with the specified USERCODE and all public records are selected. Public records include all maintenance and halt/load records.

If LOGANALYZER has no direct read access to the analyzed SUMLOG file, the only valid <code identifier> is the USERCODE of the LOGANALYZER process; otherwise, any value is valid. For a discussion of direct read access, refer to the information about understanding log access security in the System Log Programming Reference Manual.

Notes:

  • On systems with the Secure Accountability Facility, if the USERCODE option is not specified in the LOGANALYZER run, LOGANALYZER behaves as if USERCODE = were set. This is true even if LOGANALYZER is running with direct read access to the SUMLOG file. If LOGANALYZER has direct read access, then specifying a period as the <code identifier> disables usercode filtering.

  • The USERCODE option can be specified only once. The <code identifier> period (.) cannot be specified with other <code identifiers>.

USERDATA

Lists USERDATA records. USERDATA records are records that describe the installation of a *SYSTEM/USERDATAFILE or changes to that file.

VOLUMES

Analyzes all the CD-ROM, disk, and tape volume status records generated by the system when a CD-ROM, disk, or tape volume comes online or goes offline; when a tape volume is purged by either the PG or SN system command; or when the first file on a tape volume is overwritten by a new file.

For disk volumes, the display includes the mix of disk formats that make up the family. A family can include a combination of 180-byte disks, VSS-1 disks, VSS-2 disks, and VSS-3 disks.

Note: A disk reported as VSS-2 in the VOLUMES display might be an actual VSS-2 disk, a 180-byte disk reconfigured with VSS=VSS2, or a mirrored set of VSS-2 and 180-byte disks. Similarly, a disk reported as VSS-3 in the VOLUMES display might be a 180-byte disk, a VSS-2 disk reconfigured with VSS=VSS3, or a mirrored set of VSS-2 and 180-byte disks. This arrangement provides consistent reporting in case the physical pack, representing a volume, changes. The report is most useful for planning application modifications to optimize VSS-2 or VSS-3 performance.

WLM

Lists all entries for workload management events and configuration changes.

Prev  Up  Next
LOGANALYZER Options  Home  Output Options