SirScan scan specification: Difference between revisions
m (replace graphic) |
m (misc cleanup) |
||
Line 8: | Line 8: | ||
A scan specification screen is presented: | A scan specification screen is presented: | ||
<p class="caption" style="width:430px">Journal | <p class="caption" style="width:430px">Journal scan criteria screen</p> | ||
<p class="figure">[[File:ScanCriteria.png|430px]]</p> | <p class="figure">[[File:ScanCriteria.png|430px]]</p> | ||
Line 114: | Line 114: | ||
</blockquote></td></tr> | </blockquote></td></tr> | ||
<tr><th> | <tr><th>Line Width</th> | ||
<td>The audit trail data can be formatted for any line width from one less than the screen width to 255. The minimum output line width is 131 for <var>[[MODEL parameter|MODEL]]</var> 5 terminals, and it is 79 for all other terminal types.</td></tr> | <td>The audit trail data can be formatted for any line width from one less than the screen width to 255. The minimum output line width is 131 for <var>[[MODEL parameter|MODEL]]</var> 5 terminals, and it is 79 for all other terminal types.</td></tr> | ||
<tr><th>Read extra SCANTIME seconds</th> | <tr><th nowrap>Read extra <br>SCANTIME seconds</th> | ||
<td>This field only appears if the <var>SCANTIME</var> system parameter is set to a non-zero value.The value of this field must be either <code>Y</code> or <code>N</code>. | <td>This field only appears if the <var>SCANTIME</var> system parameter is set to a non-zero value.The value of this field must be either <code>Y</code> or <code>N</code>. | ||
Setting this field to <code>N</code> allows anomalous and confusing behavior on <var class="product">SirScan</var>'s part so should be avoided unless following are all true: | Setting this field to <code>N</code> allows anomalous and confusing behavior on <var class="product">SirScan</var>'s part so should be avoided unless following are all true: | ||
Line 128: | Line 128: | ||
</ul></td></tr> | </ul></td></tr> | ||
<tr><th> | <tr><th>Max I/O's</th> | ||
<td>The maximum number of full-track journal reads <var class="product">SirScan</var> will perform when scanning the journal. The maximum value allowed for this field is determined by the user's subsystem SCLASS. | <td>The maximum number of full-track journal reads <var class="product">SirScan</var> will perform when scanning the journal. The maximum value allowed for this field is determined by the user's subsystem SCLASS. | ||
This value should generally be kept to a relatively small number such as 100 or 1000 in the case of very busy systems to avoid accidentally scanning too much of the journal when an inappropriate time interval is specified.</td></tr> | This value should generally be kept to a relatively small number such as 100 or 1000 in the case of very busy systems to avoid accidentally scanning too much of the journal when an inappropriate time interval is specified.</td></tr> | ||
<tr><th> | <tr><th>Max records</th> | ||
<td>The maximum number of journal records to be formatted by <var class="product">SirScan</var>. The maximum value allowed for this field is determined by the user's subsystem SCLASS. | <td>The maximum number of journal records to be formatted by <var class="product">SirScan</var>. The maximum value allowed for this field is determined by the user's subsystem SCLASS. | ||
This value should generally be kept to a reasonably small number such as 10000 to avoid accidentally building an unmanageably large list of formatted records.</td></tr> | This value should generally be kept to a reasonably small number such as 10000 to avoid accidentally building an unmanageably large list of formatted records.</td></tr> | ||
<tr><th>Display | <tr><th>Display</th> | ||
<td> | <td> | ||
<table> | |||
<tr><th>Date</th> | |||
<td>Indicates whether the date of each entry is to appear in the formatted audit trail data. The dates are displayed in YYMMDD format.</td></tr> | |||
<tr><th nowrap> | <tr><th nowrap>Server number</th> | ||
<td> | <td>Indicates whether server numbers are to appear in the fomatted audit trail data.</td></tr> | ||
<tr><th> | <tr><th>Entry type</th> | ||
<td> | <td>Indicates whether the type of each entry is to be included in the formatted audit trail data. The types are described in [[SirScan browsing of the journal#Journal entry types|Journal entry types]]. If entry types are not displayed, colors are automatically turned off. </td></tr> | ||
<tr><th> | <tr><th>Time</th> | ||
<td> | <td>Indicates whether the time of each entry is to appear in the formatted audit trail data. The times are displayed in HHMMSSTH format.</td></tr> | ||
<tr><th> | <tr><th>User numbers</th> | ||
<td> | <td>Indicates whether user numbers are to appear in the fomatted audit trail data.</td></tr> | ||
<tr><th>Use color</th> | |||
<td>Indicates whether the formatted journal output is to be shown using the user-specified colors. Colors are only displayed if <b>Entry type</b> is <code>Y</code>. </td></tr> | |||
</table></tr> | |||
<tr><th>Format entry types</th> | |||
<td> | |||
<table> | |||
<tr><th>ST</th> | <tr><th>ST</th> | ||
<td>Responding <code>Y</code> to this prompt causes ST records (all types of statistics records) to be included in the formatted output. Specifying <code>N</code> excludes these records.</td></tr> | <td>Responding <code>Y</code> to this prompt causes ST records (all types of statistics records) to be included in the formatted output. Specifying <code>N</code> excludes these records.</td></tr> | ||
<tr><th> | <tr><th>All Audit Types</th> | ||
<td>Responding <code>Y</code> to this prompt causes all audit type records to be included in the formatted output. | <td>Responding <code>Y</code> to this prompt causes all audit type records to be included in the formatted output. | ||
Specifying <code>N</code> causes <var class="product">SirScan</var> to pay attention to the specific <code>Y/N</code> settings for each record type in the bottom two rows on the screen. | Specifying <code>N</code> causes <var class="product">SirScan</var> to pay attention to the specific <code>Y/N</code> settings for each record type in the bottom two rows on the screen. | ||
The various record types are described in the | The various record types are described in [[SirScan browsing of the journal#Journal entry types|Journal entry types]] and also in | ||
[[Tracking system activity (CCAJRNL, CCAAUDIT, CCAJLOG)#Audit trail format|Audit trail format]]. | [[Tracking system activity (CCAJRNL, CCAAUDIT, CCAJLOG)#Audit trail format|Audit trail format]]. | ||
<tr><th>SirScan RK</th> | <tr><th nowrap>SirScan RK lines</th> | ||
<td>Responding <code>Y</code> to this prompt causes SirScan heartbeat RK messages for the <var>SCANTIME</var> system parameter to be formatted. | <td>Responding <code>Y</code> to this prompt causes SirScan heartbeat RK messages for the <var>SCANTIME</var> system parameter to be formatted. | ||
These messages largely exist to help <var class="product">SirScan</var> identify threads by userid or other selection criteria and are not particularly interesting so are ordinarily suppressed | These messages largely exist to help <var class="product">SirScan</var> identify threads by userid or other selection criteria and are not particularly interesting so are ordinarily suppressed | ||
regardless of the < | regardless of the <b>All Audit Types</b> or <var>RK</var> switch settings. | ||
If this prompt is set to <code>Y</code> the <var class="product">SirScan</var> heartbeat messages will be displayed.</td></tr> | If this prompt is set to <code>Y</code>, the <var class="product">SirScan</var> heartbeat messages will be displayed.</td></tr> | ||
<tr><th>Bookmarks</th> | |||
<td>Creates extra lines in the display listing that mark the time range for each scan. </td></tr> | |||
<tr><th>AD, CI, ... QT</th> | |||
<td>Journal entry types; see [[SirScan browsing of the journal#Journal entry types|Journal entry types]].</td></tr> | |||
</table></td></tr> | |||
</table> | </table> | ||
Revision as of 00:34, 4 November 2015
Installation of SirScan is described in RKTools installation.
SirScan should be installed as a private APSY subsystem
in order to use the I/O limits assigned to each SCLASS.
To access the system, enter
SIRSCAN
(or the name of the subsystem you have installed)
on the Model 204 command line.
A scan specification screen is presented:
This screen allows the user to specify the journal data to be retrieved and the format in which it should be displayed. Input fields are:
Start time | Formatted HH:MM:SS or -MMMMMM. The earliest audit trail entry to be formatted. The second syntax identifies the number of minutes to go back from the current time to begin formatting the journal. If Start time is not specified, data is formatted from the start of the run or the oldest ring journal (if using ring journals) if the requesting user is a system manager (or is in one of the ADMIN SCLASSes). Otherwise data is formatted from the logon time of the requesting user. | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Start date | Formatted YY/MM/DD. The date of the earliest audit trail entry to be formatted. If this is not specified, it is determined based on the start time. If the start time is less than the current time the current date is used, otherwise yesterday's date is used. | ||||||||||||||||||||
Interval | Valid formats are MM:SS, HH:MM:SS, or MMMMMMM, where H is hours, M is minutes, and S is seconds.
If an interval is not specified, data is formatted up to the current time (or until I/O limits are hit). In addition, by leaving this time blank, SirScan runs in auto-refresh mode, so the data being scanned is constantly refreshed to reflect any new audit trail data that was generated after the initial data was collected. | ||||||||||||||||||||
User | Users to be included in the formatted output. This input field indicates which thread's/user's audit entries will be viewed.
The selection criteria can be a set of blank or comma delimited "phrases," each made up of one or more "clauses" separated by the ampersand (
Criteria can be mixed and matched using the IODEV15&LENIN 11-20 And this: TROT*&198.242.244.33 JAN:SOCIALIST&MARX PST requests information for all of the following:
Portnames and userids can contain special wildcard characters. These characters and their meanings are:
Users in USER_HI, USER_MED or USER_LO SCLASSes, no matter what selection criteria are specified, are only able to view audit entries associated with their own userid or, if the system SCANPARM 1 bit is set, entries for public logins on Janus Web Server threads. So if a user in the USER_MED SCLASS specifies the following for a selection criterion: IODEV15 The user will be able to see only IODEV 15 activity for her own userid or perhaps for public logins to a Janus Web thread (if the SCANPARM 1 bit is set). Because the specified time interval may not include the journal entries that would allow SirScan to associate a thread's activity with a particular userid, IP address, or port number, it is possible that entries associated with a particular userid, IP address, or port number will not be formatted. It is also possible that many entries in a time interval for a requested userid, IP address, or port number will not be formatted, but those after an audit entry that allows determination of all these entities (a since-last statistic or a SirScan RK line), will be. SirScan makes every effort to use all available information (current logged on userids and log times, M204.0352 messages, M204.0118 messages, since-last stat entries, etc.) to ascertain this information about each audit trail entry, but these attempts are necessarily hit and miss: While most of the time, SirScan will pick up the desired information, it is possible that information will also seem to be inexplicably missing. Often this information can still be retrieved by varying the date/time interval.
Alternatively, if the SCANTIME system parameter is set, and the "Read extra SCANTIME seconds" switch is set to If no criteria are specified for User, only audit entries for the requesting user are displayed.
| ||||||||||||||||||||
Line Width | The audit trail data can be formatted for any line width from one less than the screen width to 255. The minimum output line width is 131 for MODEL 5 terminals, and it is 79 for all other terminal types. | ||||||||||||||||||||
Read extra SCANTIME seconds |
This field only appears if the SCANTIME system parameter is set to a non-zero value.The value of this field must be either Y or N .
Setting this field to
| ||||||||||||||||||||
Max I/O's | The maximum number of full-track journal reads SirScan will perform when scanning the journal. The maximum value allowed for this field is determined by the user's subsystem SCLASS. This value should generally be kept to a relatively small number such as 100 or 1000 in the case of very busy systems to avoid accidentally scanning too much of the journal when an inappropriate time interval is specified. | ||||||||||||||||||||
Max records | The maximum number of journal records to be formatted by SirScan. The maximum value allowed for this field is determined by the user's subsystem SCLASS. This value should generally be kept to a reasonably small number such as 10000 to avoid accidentally building an unmanageably large list of formatted records. | ||||||||||||||||||||
Display |
| ||||||||||||||||||||
Format entry types |
|
Commands and function keys
The following commands and PF keys are valid on the scan specification screen:
=x.yy.z | Commands prefixed by = invoke fastpath navigation of the UL/SPF menu system. =M sends the user to the RKTools main menu if RKTools is active.
=X exits to command level. =M.4.5.2 sends the user to the "Active Subsystems" display in SirMon (if SirMon is active). |
---|---|
X | Exits to command level. |
PF1 | Accesses online help. |
---|---|
PF3 | Quit (return to command level). |