Google
 

Trailing-Edge - PDP-10 Archives - BB-KL11L-BM_1990 - t20src/acjlog.rnh
There are 9 other files named acjlog.rnh in the archive. Click here to see a list.
.ap;.lm0;.rm72
.c;Help for ACJLOG 1(14)

.hl1 Introduction

ACJLOG is a program that is used to filter the ACJ log files produced by the
ACJ (ACJDEC).  The ACJLOG commands are:
.lm5;.literal

  BEGIN (processing)
  EXIT (program)
  HELP (message)
  READ (log files) logfile.log.*
  SELECT (criteria) keyword value
  SET (mode) keyword
  SHOW (status)
  TAKE (commands from) acjlog.cmd
  WRITE (summary to) logfile.sum.-1

.end literal;.lm0

.hl1 Commands
.hl2 Begin Command

The BEGIN command is used to start ACJLOG processing once the selection
criteria, input files, and output file have been decided on by the user.

.hl2 Exit Command

The EXIT command exits the program.

.hl2 Help Command

The HELP command prints out a short help text.

.hl2 Read Command

The READ command is used to specify a wild filespec that will be used as the
source for ACJLOG to read.  Wildcards are allowed.  The default is
LOGFILE.LOG.*.

.hl2 Set Command

The SET command takes only one keyword argument at the present time.  The SET
[NO] DISPLAY-FILESPECS command is used to control display of log file names as
they are processed by ACJLOG.  The default is to display filespecs.  If the
WRITE command directs output to the terminal, display of filespecs is
suppressed.

.hl2 Select Command

The SELECT command is used to filter the events in the log file by changing the
selection criteria.  The selection criteria are ANDed together when examining a
record to determine if the record should be written to the output file. 

The SELECT command can be followed by several keywords to modify the selection
criteria, each of which is explained below.
.ls "*"
.le
SELECT BEGIN-TIME date-time
.s 1
This command allows the user to specify the date time of the first record to be
considered.  If the date-time of the record is earlier than the time specified
in this command, then the record will not be written to the output file.  The
"date-time" can be any one of the following:
.ls "-"
.le;"EARLIEST" to specify the earliest date-time seen (this is the default).
.le;"NOW [+|-][hh:mm]" to specify the current date time, optionally followed
by a plus or minus and hours:minutes.
.le;"TODAY [+|-][hh:mm]" to specify today at midnight, optionally followed
by a plus or minus and hours:minutes.
.els
.le
SELECT END-TIME date-time
.s 1
This command allows the user to specify the latest date time to be 
considered.  If the date-time of the record is later than the time specified
in this command, then the record will not be written to the output file.  The
"date-time" can be any one of the following:
.ls "-"
.le;"LATEST" to specify the last date time seen (default).
.le;"NOW [+|-][hh:mm]" to specify the current date time, optionally followed
by a plus or minus and hours:minutes.
.le;"TODAY [+|-][hh:mm]" to specify today at midnight, optionally followed
by a plus or minus and hours:minutes.
.els
.le
SELECT FUNCTION [NO] function|ALL ... [NO] function|ALL
.s 1
This command is used to select one or more functions.  Any number of functions
may be included, and ALL can be used to specify ALL functions.  The default for
the function selected is ALL.  The function names are the same ones that are
used in the ACJDEC profile generation phase (see ACJFUN.MEM for more details).
The current list of functions is:
.lt

 ACCESS                ARPANET-ACCESS         ASSIGN-DEVICE
 ASSIGN-DUE-TO-OPENF   ATTACH-JOB             CAPABILITIES
 CLASS-ASSIGNMENT      CLASS-SET-AT-LOGIN     CREATE-DIRECTORY
 CREATE-FORK           CREATE-JOB             CREATE-LOGICAL-NAME
 CTERM                 DECNET-ACCESS          DETACH
 ENQ-QUOTA             GET-DIRECTORY          GETAB
 HSYS                  INFO                   LATOP
 LOGIN                 LOGOUT                 MDDT
 MTA-ACCESS            SECURE-CHFDB           SECURE-DELF
 SECURE-OPENF          SECURE-RNAMF           SET-TIME
 SMON                  STRUCTURE-MOUNT        SYSGT
 TERMINAL-SPEED        TLINK                  TTMSG
 USER-TEST
.el
.le
SELECT STATUS [NO] ALL|DENIED|FAILED|NORMAL|UNUSUAL ...
.s 1
The SELECT STATUS command is followed by any number of status keywords, and is
used to exclude or include records based on the status of the record.  The
following is a list of the keywords, each of which may be preceeded by the "NO"
keyword to reverse its meaning.
.ls "-"
.le;ALL to select all records
.le;DENIED to select records containing the string "[Denied]"
.le;FAILED to select records containing the string "[Failed]"
.le;NORMAL to select records not containing the string
"[Denied]", "[Failed]", or "[Unusual]"
.le;UNUSUAL to select records containing the string "[Unusual]"
.els
The default status is DENIED FAILED UNUSUAL.  See ACJDEC.MEM for details
concerning the status strings that can appear in each record.
.le
SELECT USER username|wilduser
.s 1
This command is used to select records that were caused by the user name or
wild user specification supplied in the command.  The default is user * (which
means that all users are included in the selection criteria).
.els

.hl2 Show Command

The SHOW command is used to display current program settings and selection
criteria.  It takes no arguments.

.hl2 Take Command

The TAKE command accepts a file specification.  This file is filled with ACJLOG
commands which are executed.

.hl2 Write Command

The WRITE command is used to specify the filename to use when writing the log
file summary.  The default filename is LOGFILE.SUM.

.hl1 Examples

ACJLOG is quite useful when run once a day to provide the system manager 
a summary of events.  For example the following CTL file could be used to
mail the previous night's activity to the system manager.
.literal

! Get last period's log files renamed to *.new.*

@RENAME ACJLOGS:ACJ.LOG.* ACJLOGS:ACJ.NEW.*
@UNDELETE ACJLOGS:ACJ.NEW.*

! Run fine ACJLOG program to extract daily report

@RUN ACJLOG
*READ ACJLOGS:ACJ.NEW.*
*WRITE ACJLOGS:ACJ.SUM
*SHOW
*BEGIN
*EXIT

! Rename new log files to old log files

@RENAME ACJLOGS:ACJ.NEW.* ACJLOGS:ACJ.OLD.-1
@UNDELETE ACJLOGS:ACJ.OLD.*

! Send mail about this to the usual people

@MS SEND
*MANAGER
*OPERATOR
*Access Control Summary from ACJLOG
^BACJLOGS:ACJ.SUM
^Z
.end literal

Another use would be to check for activity by a certain suspect user
over the last hour.  An example of such a ACJLOG session follows.
.literal

$ACJLOG
ACJLOG 1(14)
ACJLOG>SELECT (criteria) USER SUSPECT
ACJLOG>SELECT (criteria) STATUS ALL
ACJLOG>SELECT (criteria) BEGIN-TIME NOW -1:00
ACJLOG>READ (ACJ log file) ACJLOGS:ACJ.LOG.*
ACJLOG>WRITE (summary to) TTY:
ACJLOG>BEGIN (processing) 
 Starting at 18-Apr-89 17:15:27
 Summary by ACJLOG 1(14) at 18-Apr-89 17:15:27
	ACJ 7(126) on GARK, Tuesday, April 18, 1989
 Finished at 18-Apr-89 17:15:29
 Earliest at 18-Apr-89 04:13:49, latest at 18-Apr-89 17:15:23
 Extracted 0 out of 628 events in 37 pages in 2 files
 Used 0.99 in 2.11
 37.45 pages/CPU second, 17.51 pages/people second
 ACJLOG>EXIT

.end literal

[End of ACJLOG.HLP]