HP 3000 Manuals HP 3000 Manuals
Using System Logging
System logging records the use of certain resources by accounts, groups,
and users. Like the administrative functions, system logging can be used
for billing purposes or for obtaining an overview of system use. System
logging is also used to detect security attacks or breaches after the
fact.
Unlike these administrative functions, system logging describes system
use by creating a running log of events, correlated with the job or
session that caused each event. System logging is the only means of
recording system use on a job/session basis.
The majority of logging events are optional; when the system is
configured, the system manager can select whether they are recorded or
not. In addition to the LOGGING ENABLED event, the following events are
always enabled when the system is started:
* Type 100, log failure record
* Type 101, system up record
* Type 111, I/O errors
* Type 150, diagnostic information
* Type 151, high-priority machine check record
* Type 152, low-priority machine check record
The events that the system manager chooses to monitor are recorded on log
records contained in a disk file. Each event is recorded in one logical
record.
The LOG configurator
The LOG configurator enables the system manager to change the attributes
of user and system logging processes.
System logging records the use of certain system resources by accounts,
groups, and users on a job or session basis. The system manager
determines which events are logged.
User logging allows users and subsystems to record additions and
modifications to databases and other files used in applications programs.
The system manager determines the maximum number of logging processes and
the maximum number of users per logging process.
Entering the LOG Configurator
You can use the LOG configurator which is accessed through SYSGEN to
change the attributes of user and system logging processes. To access
the LOG configurator, enter the LOG command (abbreviated LO) at the
SYSGEN prompt as shown in the following example:
___________________________________________________________________________
| |
| |
| sysgen>LOG |
| |
| ** LOG configurator commands ** |
| |
| show (sh) slog (sl) ulog (ul) |
| |
| clear (cl)(c) exit (ex)(e) help (he)(h) hold (ho) |
| |
| oclose (oc) redo |
| log> |
| |
___________________________________________________________________________
Example 6-1. Activating the LOG Configurator
Using the LOG Configurator Help Facility
The help facility enables you to quickly identify the function and syntax
of those LOG configurator commands and options for performing the
multiple operations that define or change logging processes.
To obtain a list of the commands available for use in the LOG
configurator, enter HELP at the LOG configurator prompt as shown in the
following example:
_______________________________________________________________________
| |
| |
| log>HELP |
| |
| ** LOG configurator commands ** |
| |
| show (sh) slog (sl) ulog (ul) |
| |
| clear (cl)(c) exit (ex)(e) help (he)(h) hold (ho) |
| |
| oclose (oc) redo |
| |
| log> |
| |
_______________________________________________________________________
Example 6-2. LOG Configurator Help
To display the syntax for each available command, enter HELP ALL as shown
in the following example:
_____________________________________________________________________
| |
| |
| log>HELP ALL |
| |
| command (abb) parameter=value |
| ------------- --------------- |
| |
| show (sh) [command = SLOG|ULOG|ALL] |
| [dest = OFFLINE] |
| |
| slog (sl) [on = event#,...] |
| [off = event#,...] |
| |
| ulog [nlogprocs = number processes allowed] |
| [usersperproc = users per logging process] |
| |
| log> |
| |
_____________________________________________________________________
Example 6-3. LOG Configurator HELP ALL
Entering HELP commandname provides help for a specific command:
log>HELP SHOW
show (sh) [command = SLOG|ULOG|ALL]
[dest = OFFLINE]
Showing Current LOG Values
The SHOW command displays the LOG values as currently set.
SHOW has the following parameters:
SHOW [COMMAND = SLOG ]
ULOG ]
ALL ]
[DEST = OFFLINE ]
SLOG lists the state of the system logging events.
ULOG lists the number of user logging processes and users per logging
process currently configured.
ALL lists all the information associated with the LOG configurator.
OFFLINE redirects the output of the SHOW command to the SYSGEN listing
file, SYSGLIST. Using OFFLINE does not immediately generate a printout.
The information is sent to SYSGLIST until you either enter the OCLOSE
command or exit the configurator. Exiting the configurator or using
OCLOSE closes SYSGLIST and prints the file.
Using SHOW without using any parameters, is the same as specifying SHOW
ALL. In addition, the value entered for the ULOG parameter includes the
minimum, maximum, current, and default values.
To show the current user logging process, enter SHOW ULOG:
_______________________________________________________________________
| |
| |
| log>SHOW ULOG |
| configurable item max min current |
| ----------------- ------- ------- ------- |
| # of user logging processes 128 2 64 |
| # users per logging process 1024 1 128 |
| |
_______________________________________________________________________
Example 6-4. Showing User Logging Processes
To view all currently configured values, enter SHOW ALL:
Logging System Events
System logging records the use of certain resources by accounts, groups,
and users. System logging can be used for several purposes, such as
billing or obtaining an overview of system use. System logging describes
system use by creating a running log of actual events, correlating the
event with a job and session. The system manager chooses which events to
enable or disable by setting an event number to ON or OFF. (Refer to the
preceding example for a list of event numbers and their definitions.)
The SLOG command enables and disables the selected system logging events.
SLOG has the following parameters:
SLOG (SL) [ON = event#,... ]
[OFF = event#,... ]
Enable the logging of an event by entering SLOG event#,...:
log>SLOG 100 (Event 100 enabled)
or
log>SLOG ON=100 (Event 100 enabled)
Disable the logging of an event by entering SLOG OFF=event#,...:
log>SLOG OFF=100 (Event 100 disabled)
Entering SLOG without ON enables logging. Entering SLOG without an event
number causes an error:
log>SLOG
(error - no parameters are specified)''
Logging event 100 is a special case. If 100 is off, no logging (except
that forced on by MPE/iX) takes place.
NOTE Some events are permanently set to ON. Currently, events 101, 111,
and 150 are forced on by MPE/iX.
Logging User Events
User logging provides a means for system users and subsystems to record
additions and modifications to databases and other files using
application programs. The system manager determines the maximum number
of logging processes and the maximum number of users per logging process.
The ULOG command configures the user logging process parameters. ULOG
has the following parameters:
ULOG (UL) [NLOGPROCS = numberprocesses allowed]
[USERSPERPROC = usersperloggingprocess]
NLOGPROCS controls the user logging ID (LID) table size. Lowering
NLOGPROCS loses all current logging ID information from the tape created
by SYSGEN. If NLOGPROCS remains unchanged or increases, the current
logging ID information is copied to tape. The minimum and maximum number
of processes allowed are 2 and 128, respectively.
USERSPERPROC specifies the maximum number of users assigned to each
configured logging process. The minimum and maximum number of users per
logging process are 1 and 1024, respectively.
NOTE Changing NLOGPROCS takes effect when a tape is created and an
UPDATE CONFIG or INSTALL is conducted.
To set the number of processes or users per process, enter ULOG followed
by the number of processes or users:
log>ULOG 40 ** Number of Processes **
or
log>ULOG USERSPERPROC=40 ** Number of Users per Process **
Clearing Log Configuration Changes
If you desire to clear all LOG configuration changes made, enter the
CLEAR command at the LOG configurator prompt.
log>CLEAR
Once a SYSGEN> KEEP is done, the changes kept become permanent and CLEAR
does not remove them.
Holding and Saving Configuration Changes
Using the system logging and user logging commands described in the
following sections changes the LOG configuration specified in the SYSGEN
command line or global BASEGROUP command. These changes are temporary
and are easily lost if not properly saved.
Saving configuration changes is a two-step procedure. After you alter a
configuration, you must, first, hold the changes before exiting the
configurator. Second, use the global module KEEP command to save the
changes.
To hold changes, enter the HOLD command at the LOG configurator prompt:
log>HOLD
You can work in a SYSGEN configurator, hold the changes, and continue
working in other SYSGEN configurators before saving the changes.
To save the changes, hold all desired changes, exit to SYSGEN's global
module, and issue the KEEP command:
sysgen>KEEP newgroupname
Entering an MPE Command from the LOG Configurator
Use the colon (:) to introduce an MPE command from the LOG configurator.
To issue an MPE command, enter the command along with the colon. For
example,
log>:SHOWTIME
THU, APR 20, 1989, 2:55PM
log>
Exiting the LOG Configurator
Use the EXIT command to terminate the LOG configurator and return to the
SYSGEN global module. Exit may be abbreviated EX or E. To end working in
the LOG configurator, enter EXIT at the LOG configurator prompt:
log>EXIT
sysgen>
Printing a Log File
To analyze your logs and to read what you are logging, you must print
your log files. To do this, use the LOGTOOL utility program. The
LOGTOOL utility runs under the online diagnostic system, and can be
invoked by entering SYSDIAG. When the diagnostic user interface prompt
(DUI>) appears, enter RUN LOGTOOL.
In order to print a log, issue the following:
1. :SYSDIAG
2. DUI>RUN LOGTOOL
3. LOGTOOL>LIST LOG=log# OUTFILE=LP
4. LOGTOOL>EXIT
5. DUI>EXIT
Enter HELP after the LOGTOOL prompt for more information. The STATUS
command reports on the status of all system log files.
The following example shows the use of the STATUS command in the sequence
of printing a log.
_______________________________________
| |
| |
| :SYSDIAG |
| DUI >RUN LOGTOOL |
| LOGTOOL>status |
| LOGTOOL>log=0027 outfile=LP |
| DUI >EXIT |
| |
| |
_______________________________________
If you do not specify the OUTFILE parameter, the log prints on your
terminal screen. Typically this report is very long and ties up your
terminal for quite some time. If this does happen, you can enter CTRL Y
to break the process.
Printing a subset of a log file
If you like, you can filter the output of LOGTOOL utility to show you
information about only a specific user or users. The syntax for this is
shown below.
[;JSNAME=job/session_name]
LIST {LOG=log_name}[;USER=user_name ][...]
[;ACCOUNT=account_name ]
The input for these commands should be no longer than 80 characters.
Default for all parameters is the wildcard @.
For example, to select log records from log files 1 through 5, with
log information about password changes (log type 134), and user
identification JTEST,MARIA.PAYROLL, you would enter the following.
>LIST LOG=1/5;TYPE=134;JSNAME=JTEST;USER=MARIA;ACCOUNT=PAYROLL