E.3  Old Common Syntax

Old common syntax commands use the following format:

wsea x command_verb
Where command_verb indicates the action you want to perform.

Table E–2 describes the commands supported by the old common syntax:

Table E–2 Command Verbs—wsea (Old Common Syntax) 
Command Verb
Description
analyze
Performs manual analysis one or more binary event logs. See Section E.3.1 for more details.
trans
Translates one or more binary event logs, but does not analyze the events. See Section E.3.2 for more details.
summ
Returns a summary of all the events contained in a binary event log. See Section E.3.3 for more details.
filterlog
Applies a filter to an existing binary event log and creates a new binary event log containing the subset of events returned after filtering. See Section E.3.4 for more details.
listrk
Lists the registered analysis rule sets. See Section E.3.6 for syntax information and Chapter 8 for more details on rule sets.
regknw r
Registers one or more analysis rule sets for use during automatic and manual event analysis. See Section E.3.6 for syntax information and Chapter 8 for more details on rule sets.
regknw u
Unregisters one or more analysis rule sets so they are no longer considered during automatic and manual event analysis. See Section E.3.6 for syntax information and Chapter 8 for more details on rule sets.
help
Displays a text-based help file. The text-file describes the new common syntax.

E.3.1  Manual Analysis

To perform manual analysis with the old common syntax, use the following command:

wsea x analyze [inputfile] [outtext | outhtml outputfile]

inputfile—enter the path and name of a binary log file. See Section E.3.5.1 for more details.
outputfile—enter the path and name where you want the output saved. See Section E.3.5.2 for more details.

E.3.2  Translation

To perform translation with the old common syntax, use the following command:

wsea x trans [inputfile] [outtext | outhtml outputfile] [filter "filterstatement"] [brief | full]
inputfile—specify the path and name of a binary log file. See Section E.3.5.1 for more details.
outputfile—specify the path and name where you want the output saved. See Section E.3.5.2 for more details.
filterstatement—enter a filterstatement to limit the events translated. See Section E.3.5.3 for more details.
Select the desired report type using the brief or full modifier.

E.3.3  Summary of Events

To view a summary of the events in a log file with the old common syntax, use the following command:

wsea x summ [index] [inputfile]

Create indexed output (instead of tallied output) by using the index modifier.
inputfile—provide the path and name of a binary log file. See Section E.3.5.1 for more details.

E.3.4  Creating New Binary Event Log Files

To create a new binary log file with the old common syntax, use the following command:

wsea x filterlog inputfile outputfile ["filterstatement"] [skipconfig]
inputfile—provide the path and name of the binary log file you want to filter to create a new log file. You must provide a input file; however, you cannot use multiple files. See Section E.3.5.1 for more details.
outputfile—provide the path and name of the new log file.
filterstatement—specify a filter to restrict the events added to the new log file. See Section E.3.5.3 for more information.
Skip the configuration entries in the input file by using the skipconfig keyword.

E.3.5  Modifying Commands

By default, the analysis, translation, summary and new binary log file commands all process the system event log. The output from analysis, translation and summary commands is displayed on the screen. You can change these defaults in order to process other binary log files and save the processing results to a file. With some of the commands you can further restrict the events that are processed by filtering the binary log file used for input. The following sections describe how to use these features.

E.3.5.1  Input Files

To change the binary log file used as input by a command, append the directory and file name of the desired file to the end of the command. For example:

wsea x analyze examples\ds20.errlog

When you are specifying an input file, the following guidelines apply:

The old common syntax filterlog command is the exception to this rule and requires an input file. See Section E.3.4 for more information.

E.3.5.2  Output Files

Note


These output file guidelines do not apply when you are creating a new binary event log. See Section E.3.4 for more details.


To specify an output file, use one of the following modifiers:

outtext filename
outhtml filename
The outtext modifier creates a text output file and the outhtml modifier creates a HTML output file. The filename indicates the path and name where you want to save the output.

The following examples show commands that specify output files:

wsea x analyze outtext results.txt
wsea x analyze outhtml results.html

E.3.5.3  Filtering

The trans and filterlog commands enable you to filter a binary event log file and only process a subset of the events. The general rules that apply to filtering in the old common syntax are:

Table E–3 describes the old common syntax filtering statements.

Table E–3 Filtering Statements (Old Common Syntax) 
Filter Statement
Description
dtb=date
(date_time_begin)
dte=date
(date_time_end)
Filters based on the time the event occurred. No events that occurred before the given start time or after the given end time are processed. The date can be entered in any format supported by Java (for example, dd-mmm-yyyy,hh:mm:ss). You do not need to include the time (hh:mm:ss) with the date.
rtdb=days
(rel_time_days_begin)
rtde=days
(rel_time_days_end)
rthb=hours
(rel_time_hours_begin)
rthe=hours
(rel_time_hours_end)
Filters based on the time the event occurred relative to the time the first or last event in the log file occurred. Filtering based on days and hours is supported. For example, using the filter rtdb=3 will processes all the events that occurred within three days of the first event in the file.
et=nn
et!=nn
et<nn
et>nn
(entry_type)
Filters based on the numeric event type. Be aware of the following guidelines:
  • With the = and != operators you can enter multiple entry types by separating them with commas.
  • Instead of entering entry type numbers, you can use one of the supported keywords. See Table E–4 for the supported keywords.
  • cn=name
    cn!=name
    (computer_name)
    Filters based on the node responsible for generating the event.
  • Using the = and != operators you can enter multiple entry types by separating them with commas.
  • The name argument is case sensitive.
  • ost=n
    ost!=n
    (os_type)
    Filters based on the operating system type, using the numeric representation for each operating system. With the = and != operators you can enter multiple entry types by separating them with commas.
    idx=nn
    idx!=nn
    idx<nn
    idx>nn
    (event_index)
    Filters based on the event's position in the event log. The first event in the file is event index 1. With the = and != operators you can enter multiple entry types by separating them with commas.
    sort=keyword
    Used with a keyword to organize the output. The following keywords are supported:
  • entry—sorts based on entry type from highest entry type number to lowest
  • reventry—sorts based on entry type from lowest entry type number to highest
  • time—sorts based on entry time from most recent to oldest
  • revtime—sorts based on entry time from oldest to most recent
  • idx—sorts based on the entry index number from highest to lowest
  • revidx—sorts based on the entry index number from lowest to highest
  • Table E–4 Event Type Keywords (Old Common Syntax) 
    Keyword
    Description
    mchk-all
    All machine check events.
    mchk
    All machine check events.
    mchk-sys
    All system machine check events.
    mchk-cpu
    All cpu machine check events.
    mchk-env
    All environmental machine check events.

    Examples—Old Common Syntax

    The following examples show sample commands that use filtering.

    Processes events from the system described by ComputerName:

    wsea x trans filter "computer_name=ComputerName"
    wsea x filterlog inputfile.zpd outputfile.bin "computer_name=ComputerName"

    Processes events that did not occur on the system described by ComputerName that occurred after January 11, 2000:

    wsea x trans filter "computer_name!=ComputerName & date_time_begin=11-Jan-2000"
    wsea x filterlog inputfile.zpd outputfile.bin "computer_name!=ComputerName & date_time_begin=11-Jan-2000"

    Processes events that occurred before 8:33:57 PM on January 31, 2000:

    wsea x trans filter "date_time_end=31-Jan-2000,20:33:57"
    wsea x filterlog inputfile.zpd outputfile.bin "date_time_end=31-Jan-2000,20:33:57"

    Processes events that occurred no more than four days after the first event in the log file:

    wsea x trans filter "rel_time_days_begin=4"
    wsea x filterlog inputfile.zpd outputfile.bin "rel_time_days_begin=4"

    Processes events that occurred no more than 35 hours before the last event in the log file:

    wsea x trans filter "rel_time_hours_end=35"
    wsea x filterlog inputfile.zpd outputfile.bin "rel_time_hours_end=35"

    Processes all CPU machine check events:

    wsea x trans filter "entry_type=mchk-cpu"
    wsea x filterlog inputfile.zpd outputfile.bin "entry_type=mchk-cpu"

    Processes all events, except those of type 610, 620, and 630. Only the common syntax supports filtering based on specific entry types the other syntaxes must use keywords:

    wsea x trans filter "entry_type!=610,620,630"
    wsea x filterlog inputfile.zpd outputfile.bin "entry_type!=610,620,630"

    Processes all events with a type greater than 600:

    wsea x trans filter "entry_type>600"
    wsea x filterlog inputfile.zpd outputfile.bin "entry_type>600"

    Processes all events with a type less than 300 and an operating system of type 3:

    wsea x trans filter "entry_type<300 & os_type=3"
    wsea x filterlog inputfile.zpd outputfile.bin "entry_type<300 & os_type=3"

    Processes all events without an operating system type of 1 or 2. The translation command presents the output in reverse chronological order:

    wsea x trans filter "os_type!=1,2 & sort=revtime"
    wsea x filterlog inputfile.zpd outputfile.bin "os_type!=1,2"

    Processes all the events after the fifteenth event in the log file:

    wsea x trans filter "event_index>15"
    wsea x filterlog inputfile.zpd outputfile.bin "event_index>15"

    E.3.6  Knowledge Rule Sets

    Rule sets are used in conjunction with analysis. The events in a binary log file are compared with rule sets. Depending on the results of this comparison problem reports are generated. The following old common syntax commands can be used to work with rule sets.

    wsea x listrk
    Lists the registered rule sets used by analysis (see Section 8.3.1 for more information).
    wsea x regknw r [ruleset]
    Registers the rule sets used by analysis (see Section 8.3 for more information).
    wsea x regknw u [ruleset]
    Unregisters the rule sets used by analysis (see Section 8.3 for more information).