Google
 

Trailing-Edge - PDP-10 Archives - BB-KL11L-BM_1990 - t20sub/acjlog.hlp
There are 8 other files named acjlog.hlp in the archive. Click here to see a list.
                         Help for ACJLOG 1(14)



1.0  INTRODUCTION

     ACJLOG is a program that is  used  to  filter  the  ACJ  log  files
produced by the ACJ (ACJDEC).  The ACJLOG commands are:

       BEGIN (processing)
       EXIT (program)
       HELP (message)
       READ (log files) logfile.log.*
       SELECT (criteria) keyword value
       SET (mode) keyword
       SHOW (status)
       TAKE (commands from) acjlog.cmd
       WRITE (summary to) logfile.sum.-1




2.0  COMMANDS

2.1  Begin Command

     The BEGIN command is used  to  start  ACJLOG  processing  once  the
selection criteria, input files, and output file have been decided on by
the user.



2.2  Exit Command

     The EXIT command exits the program.



2.3  Help Command

     The HELP command prints out a short help text.



2.4  Read Command

     The READ command is used to specify a wild filespec  that  will  be
used  as  the  source  for  ACJLOG to read.  Wildcards are allowed.  The
default is LOGFILE.LOG.*.



2.5  Set Command

     The SET command takes only one  keyword  argument  at  the  present
time.  The SET [NO] DISPLAY-FILESPECS command is used to control display
of log file names as they are processed by ACJLOG.  The  default  is  to
display filespecs.  If the WRITE command directs output to the terminal,
display of filespecs is suppressed.



2.6  Select Command

     The SELECT command is used to filter the events in the log file  by
changing  the  selection  criteria.   The  selection  criteria are ANDed
together when examining a record to determine if the  record  should  be
written to the output file.

     The SELECT command can be followed by several  keywords  to  modify
the selection criteria, each of which is explained below.

      *  SELECT BEGIN-TIME date-time

         This command allows the user to specify the date  time  of  the
         first  record to be considered.  If the date-time of the record
         is earlier than the time specified in this  command,  then  the
         record will not be written to the output file.  The "date-time"
         can be any one of the following:

          -  "EARLIEST" to specify the earliest date-time seen (this  is
             the default).

          -  "NOW  [+|-][hh:mm]"  to  specify  the  current  date  time,
             optionally followed by a plus or minus and hours:minutes.

          -  "TODAY  [+|-][hh:mm]"  to  specify   today   at   midnight,
             optionally followed by a plus or minus and hours:minutes.


      *  SELECT END-TIME date-time

         This command allows the user to specify the latest date time to
         be  considered.   If  the date-time of the record is later than
         the time specified in this command, then the record will not be
         written  to the output file.  The "date-time" can be any one of
         the following:

          -  "LATEST" to specify the last date time seen (default).

          -  "NOW  [+|-][hh:mm]"  to  specify  the  current  date  time,
             optionally followed by a plus or minus and hours:minutes.

          -  "TODAY  [+|-][hh:mm]"  to  specify   today   at   midnight,
             optionally followed by a plus or minus and hours:minutes.


      *  SELECT FUNCTION [NO] function|ALL ...  [NO] function|ALL

         This command is used to select  one  or  more  functions.   Any
         number  of  functions  may  be included, and ALL can be used to
         specify ALL functions.  The default for the  function  selected
         is  ALL.  The function names are the same ones that are used in
         the ACJDEC profile generation phase (see  ACJFUN.MEM  for  more
         details).  The current list of functions is:

          ACCESS                ARPANET-ACCESS         ASSIGN-DEVICE
          ASSIGN-DUE-TO-OPENF   ATTACH-JOB             CAPABILITIES
          CLASS-ASSIGNMENT      CLASS-SET-AT-LOGIN     CREATE-DIRECTORY
          CREATE-FORK           CREATE-JOB             CREATE-LOGICAL-NAME
          CTERM                 DECNET-ACCESS          DETACH
          ENQ-QUOTA             GET-DIRECTORY          GETAB
          HSYS                  INFO                   LATOP
          LOGIN                 LOGOUT                 MDDT
          MTA-ACCESS            SECURE-CHFDB           SECURE-DELF
          SECURE-OPENF          SECURE-RNAMF           SET-TIME
          SMON                  STRUCTURE-MOUNT        SYSGT
          TERMINAL-SPEED        TLINK                  TTMSG
          USER-TEST

      *  SELECT STATUS [NO] ALL|DENIED|FAILED|NORMAL|UNUSUAL ...

         The SELECT STATUS command is followed by any number  of  status
         keywords,  and  is  used to exclude or include records based on
         the status of the record.  The  following  is  a  list  of  the
         keywords, each of which may be preceeded by the "NO" keyword to
         reverse its meaning.

          -  ALL to select all records

          -  DENIED to select records containing the string "[Denied]"

          -  FAILED to select records containing the string "[Failed]"

          -  NORMAL  to  select  records  not  containing   the   string
             "[Denied]", "[Failed]", or "[Unusual]"

          -  UNUSUAL to select records containing the string "[Unusual]"

         The default status is DENIED FAILED  UNUSUAL.   See  ACJDEC.MEM
         for  details  concerning  the status strings that can appear in
         each record.

      *  SELECT USER username|wilduser

         This command is used to select records that were caused by  the
         user  name  or wild user specification supplied in the command.
         The default is user * (which means that all users are  included
         in the selection criteria).




2.7  Show Command

     The SHOW command is used to display current  program  settings  and
selection criteria.  It takes no arguments.



2.8  Take Command

     The TAKE command accepts a file specification.  This file is filled
with ACJLOG commands which are executed.



2.9  Write Command

     The WRITE command is used to  specify  the  filename  to  use  when
writing the log file summary.  The default filename is LOGFILE.SUM.



3.0  EXAMPLES

     ACJLOG is quite useful when run once a day to  provide  the  system
manager  a  summary of events.  For example the following CTL file could
be used to mail the previous night's activity to the system manager.

! Get last period's log files renamed to *.new.*

@RENAME ACJLOGS:ACJ.LOG.* ACJLOGS:ACJ.NEW.*
@UNDELETE ACJLOGS:ACJ.NEW.*

! Run fine ACJLOG program to extract daily report

@RUN ACJLOG
*READ ACJLOGS:ACJ.NEW.*
*WRITE ACJLOGS:ACJ.SUM
*SHOW
*BEGIN
*EXIT

! Rename new log files to old log files

@RENAME ACJLOGS:ACJ.NEW.* ACJLOGS:ACJ.OLD.-1
@UNDELETE ACJLOGS:ACJ.OLD.*

! Send mail about this to the usual people

@MS SEND
*MANAGER
*OPERATOR
*Access Control Summary from ACJLOG
^BACJLOGS:ACJ.SUM
^Z

     Another use would be to check for activity  by  a  certain  suspect
user over the last hour.  An example of such a ACJLOG session follows.

$ACJLOG
ACJLOG 1(14)
ACJLOG>SELECT (criteria) USER SUSPECT
ACJLOG>SELECT (criteria) STATUS ALL
ACJLOG>SELECT (criteria) BEGIN-TIME NOW -1:00
ACJLOG>READ (ACJ log file) ACJLOGS:ACJ.LOG.*
ACJLOG>WRITE (summary to) TTY:
ACJLOG>BEGIN (processing) 
 Starting at 18-Apr-89 17:15:27
 Summary by ACJLOG 1(14) at 18-Apr-89 17:15:27
        ACJ 7(126) on GARK, Tuesday, April 18, 1989
 Finished at 18-Apr-89 17:15:29
 Earliest at 18-Apr-89 04:13:49, latest at 18-Apr-89 17:15:23
 Extracted 0 out of 628 events in 37 pages in 2 files
 Used 0.99 in 2.11
 37.45 pages/CPU second, 17.51 pages/people second
 ACJLOG>EXIT


     [End of ACJLOG.HLP]