7.7 Simulation of Automatic Analysis
SEA can simulate the occurrence of events and their automatic analysis. The events are translated and analyzed as if they occurred on the local system and events and problem reports from analysis appear as automatic events do. Using the simulation, you can perform and end-to-end test of SEA.
7.7.1 Sending A Test Event To The System Error Log
Use the following command to test SEA, from event detection to analysis and notification:
wsea testThis command sends an event with header fields but no further content to the system's error logging API. The action taken with this event is dependent on the system:
Tru64 UNIX, HP-UX, Linux, and OpenVMS
If the command was run on a supported platform, the system's error logging service takes the event content and wraps it with a Common Event Header (CEH). This is necessary because SEA only recognizes events with a CEH or a Storage Event Header (SEH). After the CEH is created and all its fields are populated, the event is written to the error log where it can be processed by automatic analysis, generate a problem report, and trigger notification.
The error logging service on Windows does not wrap event content with a CEH since that is usually done by the device drivers themselves. So, like a device driver, the test command creates a mock CEH which is used as the event content and passed to the system error logging API. The command does not provide values for all the fields in the mock CEH. Only the fields critical to translation, analysis, and human identification (including time, computer name, OS type and event ID) are given valid values. Most other fields are set to 0 or NULL values and do not affect translation or analysis. After Windows receives the event, it adds a Windows NT header and the event is appended to the system error log. Once in the error log the event is processed by automatic analysis, generates a problem report, and triggers notification.
7.7.2 Bypassing The System Error Log
Use the following command to test SEA without sending an event through the system error log:
wsea test nosystemThe Director must be running in order to use the test nosystem command.
The nosystem option sends an event directly to the SEA event reader, bypassing the system altogether. This command is used to facilitate troubleshooting of a problem and determine if it is caused by SEA.
Regardless of the platform, the command creates a mock CEH for the event so that it can be recognized. Since SEA also requires an NT event header when running on Windows platforms, a mock NT header also is created when the command is executed on an Windows system. Only the NT header fields necessary for translation, analysis, and human identification are populated with valid values. Fields set to 0 or NULL do not affect translation or analysis.
Since the event created by the nosystem option has a CEH (and for Windows, a NT header as well), it should always be recognized by SEA. However, since the event is never appended to the system error log, it cannot be seen when manually translating or analyzing the system error log. In addition, the problem report immediately expires and, as a result, it will not appear if you subsequently run the wsea report command. The only ways to view the problem report generated by analysis is by using the "Real Time Monitoring" view in the web interface, or the problem report logging functionality (see Section 5.6.1.2). The wsea report command will not show the problem report because it is designed to expire immediately.
The nosystem option creates an event that can be translated and analyzed for all the supported operating systems, regardless of whether or not the hardware platform is supported.