Trailing-Edge
-
PDP-10 Archives
-
bb-kl11l-bm_tops20_v7_0_tsu03_2_of_3
-
t20sub/acjlog.hlp
There are 8 other files named acjlog.hlp in the archive. Click here to see a list.
Help for ACJLOG 1(14)
1.0 INTRODUCTION
ACJLOG is a program that is used to filter the ACJ log files
produced by the ACJ (ACJDEC). The ACJLOG commands are:
BEGIN (processing)
EXIT (program)
HELP (message)
READ (log files) logfile.log.*
SELECT (criteria) keyword value
SET (mode) keyword
SHOW (status)
TAKE (commands from) acjlog.cmd
WRITE (summary to) logfile.sum.-1
2.0 COMMANDS
2.1 Begin Command
The BEGIN command is used to start ACJLOG processing once the
selection criteria, input files, and output file have been decided on by
the user.
2.2 Exit Command
The EXIT command exits the program.
2.3 Help Command
The HELP command prints out a short help text.
2.4 Read Command
The READ command is used to specify a wild filespec that will be
used as the source for ACJLOG to read. Wildcards are allowed. The
default is LOGFILE.LOG.*.
2.5 Set Command
The SET command takes only one keyword argument at the present
time. The SET [NO] DISPLAY-FILESPECS command is used to control display
of log file names as they are processed by ACJLOG. The default is to
display filespecs. If the WRITE command directs output to the terminal,
display of filespecs is suppressed.
2.6 Select Command
The SELECT command is used to filter the events in the log file by
changing the selection criteria. The selection criteria are ANDed
together when examining a record to determine if the record should be
written to the output file.
The SELECT command can be followed by several keywords to modify
the selection criteria, each of which is explained below.
* SELECT BEGIN-TIME date-time
This command allows the user to specify the date time of the
first record to be considered. If the date-time of the record
is earlier than the time specified in this command, then the
record will not be written to the output file. The "date-time"
can be any one of the following:
- "EARLIEST" to specify the earliest date-time seen (this is
the default).
- "NOW [+|-][hh:mm]" to specify the current date time,
optionally followed by a plus or minus and hours:minutes.
- "TODAY [+|-][hh:mm]" to specify today at midnight,
optionally followed by a plus or minus and hours:minutes.
* SELECT END-TIME date-time
This command allows the user to specify the latest date time to
be considered. If the date-time of the record is later than
the time specified in this command, then the record will not be
written to the output file. The "date-time" can be any one of
the following:
- "LATEST" to specify the last date time seen (default).
- "NOW [+|-][hh:mm]" to specify the current date time,
optionally followed by a plus or minus and hours:minutes.
- "TODAY [+|-][hh:mm]" to specify today at midnight,
optionally followed by a plus or minus and hours:minutes.
* SELECT FUNCTION [NO] function|ALL ... [NO] function|ALL
This command is used to select one or more functions. Any
number of functions may be included, and ALL can be used to
specify ALL functions. The default for the function selected
is ALL. The function names are the same ones that are used in
the ACJDEC profile generation phase (see ACJFUN.MEM for more
details). The current list of functions is:
ACCESS ARPANET-ACCESS ASSIGN-DEVICE
ASSIGN-DUE-TO-OPENF ATTACH-JOB CAPABILITIES
CLASS-ASSIGNMENT CLASS-SET-AT-LOGIN CREATE-DIRECTORY
CREATE-FORK CREATE-JOB CREATE-LOGICAL-NAME
CTERM DECNET-ACCESS DETACH
ENQ-QUOTA GET-DIRECTORY GETAB
HSYS INFO LATOP
LOGIN LOGOUT MDDT
MTA-ACCESS SECURE-CHFDB SECURE-DELF
SECURE-OPENF SECURE-RNAMF SET-TIME
SMON STRUCTURE-MOUNT SYSGT
TERMINAL-SPEED TLINK TTMSG
USER-TEST
* SELECT STATUS [NO] ALL|DENIED|FAILED|NORMAL|UNUSUAL ...
The SELECT STATUS command is followed by any number of status
keywords, and is used to exclude or include records based on
the status of the record. The following is a list of the
keywords, each of which may be preceeded by the "NO" keyword to
reverse its meaning.
- ALL to select all records
- DENIED to select records containing the string "[Denied]"
- FAILED to select records containing the string "[Failed]"
- NORMAL to select records not containing the string
"[Denied]", "[Failed]", or "[Unusual]"
- UNUSUAL to select records containing the string "[Unusual]"
The default status is DENIED FAILED UNUSUAL. See ACJDEC.MEM
for details concerning the status strings that can appear in
each record.
* SELECT USER username|wilduser
This command is used to select records that were caused by the
user name or wild user specification supplied in the command.
The default is user * (which means that all users are included
in the selection criteria).
2.7 Show Command
The SHOW command is used to display current program settings and
selection criteria. It takes no arguments.
2.8 Take Command
The TAKE command accepts a file specification. This file is filled
with ACJLOG commands which are executed.
2.9 Write Command
The WRITE command is used to specify the filename to use when
writing the log file summary. The default filename is LOGFILE.SUM.
3.0 EXAMPLES
ACJLOG is quite useful when run once a day to provide the system
manager a summary of events. For example the following CTL file could
be used to mail the previous night's activity to the system manager.
! Get last period's log files renamed to *.new.*
@RENAME ACJLOGS:ACJ.LOG.* ACJLOGS:ACJ.NEW.*
@UNDELETE ACJLOGS:ACJ.NEW.*
! Run fine ACJLOG program to extract daily report
@RUN ACJLOG
*READ ACJLOGS:ACJ.NEW.*
*WRITE ACJLOGS:ACJ.SUM
*SHOW
*BEGIN
*EXIT
! Rename new log files to old log files
@RENAME ACJLOGS:ACJ.NEW.* ACJLOGS:ACJ.OLD.-1
@UNDELETE ACJLOGS:ACJ.OLD.*
! Send mail about this to the usual people
@MS SEND
*MANAGER
*OPERATOR
*Access Control Summary from ACJLOG
^BACJLOGS:ACJ.SUM
^Z
Another use would be to check for activity by a certain suspect
user over the last hour. An example of such a ACJLOG session follows.
$ACJLOG
ACJLOG 1(14)
ACJLOG>SELECT (criteria) USER SUSPECT
ACJLOG>SELECT (criteria) STATUS ALL
ACJLOG>SELECT (criteria) BEGIN-TIME NOW -1:00
ACJLOG>READ (ACJ log file) ACJLOGS:ACJ.LOG.*
ACJLOG>WRITE (summary to) TTY:
ACJLOG>BEGIN (processing)
Starting at 18-Apr-89 17:15:27
Summary by ACJLOG 1(14) at 18-Apr-89 17:15:27
ACJ 7(126) on GARK, Tuesday, April 18, 1989
Finished at 18-Apr-89 17:15:29
Earliest at 18-Apr-89 04:13:49, latest at 18-Apr-89 17:15:23
Extracted 0 out of 628 events in 37 pages in 2 files
Used 0.99 in 2.11
37.45 pages/CPU second, 17.51 pages/people second
ACJLOG>EXIT
[End of ACJLOG.HLP]