Chapter 3 Managing Event Logging
3.7 Event Log Panel Window
3.7.5 The Buttons
The window contains several buttons that allow you to quickly perform some common functions:
• View Event Records, to open up the Event Records View window and display event records
• LOG Directives..., (Tru64 UNIX) to gain access to the directives available for the selected Log.
• Open Associated Map Window, (Tru64 UNIX) to open a domain in the Iconic Map window with which the selected Log is associated.
Table 3-8 Log Panel Window Menu
Menu Menu Item Must Have Selected Result
File Quit n/a Closes the window
Operation View Event Records
One or more Logs Opens the Event Records View window
Log Directives...
(Tru64 UNIX)
One Log Gives access to the directives Show, Set, Suspend, Resume and Cleanup for the selected Log
Open Associated Map Window (Tru64 UNIX)
One Log Opens a Map window for the Domain with which the Log is associated
Help On Version n/a Help on TeMIP
On Window n/a Help on Event Log Panel
window
Chapter 4 Handling Event Records
This chapter explains how to retrieve and handle event records from the repository. Topics covered are:
• Section 4.1 Using the Mouse
• Section 4.2 Desktop Manager Window
• Section 4.3 Viewing Event Records
• Section 4.4 Using the Search Events Function
• Section 4.5 Handling Event Records Note
Operations on event data should be carried out only from the TeMIP Fault Managment windows. It is also possible to access Event Logs from the Iconic Map, but this is not recommended since it could cause a failure of the Iconic Map.
As an example, if you select an Event Log that has 5000 records, you will see all the event records. If you then select all these records and perform an action on them, the Iconic Map could fail and display the error message Can't Grow Stack.
4.1 Using The Mouse
The Event Logging windows contain lists in which actions can be
performed with the mouse. The action performed by the mouse depends on which list is being operated on. The windows and lists involved are:
• View Events window
- List of retrieved event records
• Event Search window - Lists of search criteria.
Mouse Operations
Table 4-1 summarizes the actions initiated by the mouse, and by the mouse in combination with the keyboard CTRL key.
Note
The term current line used in the table refers to the line that the pointer is on when the mouse button is pressed.
Table 4-1 Summary of Mouse Operations Mouse/
Keyboard
Window/List Action
Click MB1 Both windows/lists Selects the current line. Any other selected line is deselected.
CTRL + Click MB1
Both windows/lists Selects the current line and retains selection of other selected lines. If the current line is already selected, it is deselected.
Hold/Drag MB1
Retrieved events list
Selects all lines through which the pointer is dragged.
Search criteria lists No action Double-click
MB1
Retrieved events list
Full event information is displayed
Search criteria lists No action Hold MB3 Retrieved events
list
Selects the current line and displays a pop-up menu that stays selected as long as MB3 remains pressed. The command performed from the menu is that being pointed to when MB3 is released. If MB3 is released when the pointer is outside the pop-up menu, the menu closes and no action is taken.
Search criteria lists No action CTRL + Hold
MB3
Retrieved events list
As above, but for use where multiple selections have been made.
Search criteria lists No action Double-click
MB3
Retrieved events list
Selects the current line and displays a pop-up menu that remains displayed when MB3 is released. An action is performed by clicking MB3 on the appropriate menu item.
If MB3 is clicked with the pointer outside the pop-up menu, the menu closes and no action is taken.
Search criteria lists No action CTRL +
Double-click MB3
Retrieved events list
As above, but for use where multiple selections have been made.
Search criteria lists No action
4.2 Desktop Manager Window on Tru64 UNIX
The Desktop Manager window displays icons that correspond to specific windows and a new icon is added each time you open one of these windows.
Using the Desktop Manager window, you can "tidy up" your screen if you have many windows displayed, but without having to stop the
corresponding applications. You can re-display the windows when required.
The name of the window is displayed to the right of the icon to enable you to quickly identify the window you want to iconize/de-iconize. Icons are displayed for the following Event Logging windows:
• Event Records View window
• Event Log Panel window
• DC Editor window
• DC/SF Librarian window
• SP Editor window
If you double click Mouse Button 1 (MB1) on an icon in the Desktop Manager window, the corresponding window is iconized. If you double click on the icon again, the window is re-displayed. The icons displayed are the same as those in the Iconic Map applications bar at the top of the window and the multi screen display function is also supported. See the OpenView TeMIP Customization Guide for further details.
Figure 4-1 shows an example of the Desktop Manager window.
Figure 4-1 Desktop Manager Window on Tru64 UNIX
Note
1. If the TeMIP PM does not exit normally, the TeMIP Fault
Managment icons in the Desktop Manager window on Tru64 UNIX do not disappear.
2. Some icons may appear on Tru64 UNIX that correspond to TeMIP Framework applications.
3. For details of the Iconic Map, Desktop Manager and Console windows, refer to the manual OpenView TeMIP Iconic Map and FCL User’s Guide.
4.3 Viewing Event Records on Tru64 UNIX
You can retrieve and view event record information from the repository, for analysis or any other processing that is needed in your fault management scheme.
Entry from:
The Initial Display
When you start the view process, TeMIP begins to retrieve event records from the selected Log repository using the default search criteria, which is ALL records. After a certain number of records have been retrieved (as explained in Section 4.3.2), the retrieval operation is suspended.
At this point you can either continue the retrieval of all event records, or enter search criteria to narrow the retrieval down to specific types of records.
4.3.1 Stand-Alone Operation
You can open the Event Records View window in stand-alone mode, by entering the following command at the UNIX prompt:
If the LOG does not exist, the following exception is returned:
If you do not provide the <OSI_system_name> or <log_name>, the command usage is displayed. An example of the Event Records View window is shown in Figure 4-2.
Window Operation Remark
Opens the Event Log Panel window for the selected OSI_System.
Event Log Panel
Select a LOG, and then - View Event Records from the Operation menu
Opens the Event Records View window for the selected LOG.
Event Log Panel
View Event Records button (must have one or more LOGs selected)
Opens the Event Records View window for the selected LOG.
Event Log Panel
Double click on a LOG Opens the Event Records View window for the selected LOG.
A stand-alone application
temip_el_pm <OSI_system_name>
<log_name> at the UNIX prompt
Opens the Event Records View window for the input LOG name.
temip_el_pm <OSI_system_name> <log_name>
No such entity
Figure 4-2 Event Records View Window
4.3.2 Segmented Retrieval
In the initial retrieval operation, and also in certain selective searches, a large number of event records may be involved. This could result in some delay before the retrieval operation is completed. To avoid this situation the search and retrieval operation is segmented, which means that events are retrieved a certain number at a time. The number of event records in a segment is a configuration variable with a default value of fifty (50), but can be set to any number required by the user.
The search is suspended when the first segment is retrieved. To continue the search and retrieve the next segment (if any) you click on the More...
button.
This procedure can be repeated until all the retrievable events have been obtained. You will need to use the vertical scroll bar to view all the retrieved event records.
4.3.3 Event Records View Window Menu Bar
The menu bar of the Event Records View window contains the items: File, Edit, Search, Operation, Options. Table 4-2 summarizes the menu
items, preconditions for using the menu items, and the results of selecting them.
Table 4-2 Event Records View Window Menu Bar
Menu Menu Item Must Have
Selected
Result
File Expand Search to
LOG...
n/a Opens the Expand window to continue the search through another Event Log within the same OSI System
LOG Directives... n/a Gives access to the window-associated Event Log directives Close Window n/a Exits from the View function and
closes the window Edit Select all Records n/a Selects all event records
Search Search... n/a Opens the Search Criteria
window
Redo Last Search n/a Repeats the last search and displays the latest event information
Operation Full Information One record Opens the Full Information window and displays details of the event record
Print One or more
records
Prints on the default printer
Print... One or more
records
Opens a window for you to select a printer
Print to File... One or more records
Opens the File Name prompt window for you to enter the target filename
Delete One or more
records
Deletes the selected event records from the repository
Entity Directives... n/a Gives access to the directives of the managed entity that produced the event
4.3.4 Event Record Information Displayed
A one-line summary of the event record information is displayed for each event record retrieved. Information displayed, starting with the left column, is as follows for each LOG class.
• LOG_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - Additional Text
- Εvent Time (Timestamp of event generation) - Logging Time (Timestamp of event collection)
• ALARM_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - The Alarm Perceived Severity
- The Probable Cause - Additional Text
- Event Time (Timestamp of event generation) - Logging Time (Timestamp of event collection)
• SECURITY_ALARM_RECORD Class - Event Type
- Managed Object (The network entity that produced the record)
Options General... n/a Opens the TeMIP General
Options window, for you to customize the default printer and the segment size value (see
Chapter 5)
Window... n/a Opens the TeMIP Window
Options window, for you to customize the event information list (see Chapter 5)
Save n/a Allows you to save customized
settings in your user-associated resource file. These will become the default settings for your next TeMIP PM session. See Chapter 5 for important information concerning the Save function.
Help On Version n/a Activates online help.
On Window n/a Activates online help.
Table 4-2 Event Records View Window Menu Bar (Continued)
Menu Menu Item Must Have
Selected
Result
- The Security Alarm Severity - The Security Alarm Cause - Additional Text
- Event Time (Timestamp of event generation) - Logging Time (Timestamp of event collection)
• OBJECT_CREATION_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - Additional Text
- Event Time (Timestamp of event generation) - Logging Time (Timestamp of event collection)
• OBJECT_DELETION_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - Additional Text
- Event Time (Timestamp of event generation)
- Logging Time (Timestamp of event collection) collected)
• STATE_CHANGE_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - Additional Text
- Event Time (Timestamp of event generation) - Logging Time (Timestamp of event collection)
• ATTRIBUTE_VALUE_CHANGE_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - Additional Text
- Event Time (Timestamp of event generation) - Logging Time (Timestamp of event collection)
• RELATIONSHIP_CHANGE_RECORD Class - Event Type
- Managed Object (The network entity that produced the record) - Additional Text
- Event Time (Timestamp of event generation) - Logging Time (Timestamp of event collection).
4.3.5 The Event Records View Window Buttons
• Abort, to stop a retrieval operation before its normal termination
• Delete, to delete selected event records from the database
• Full Information, to display full information on a selected event record
• More, to retrieve the next segment of event records
• Print, to print the event information Note
When you prematurely terminate a retrieval operation using the Abort function, the window shows the number of records retrieved up to the point of termination.
4.3.6 Refreshing the Display
The display of retrieved event records is not updated in real time. The Event Records View window is a static display, effectively a "snapshot" of the database as it exists at the time you first open the window or make a search. While the retrieved event records are being displayed it is possible that the states of certain records may change as other users take some action on them.
In order to obtain the latest information, the facility is provided for you to quickly repeat the last search made and so refresh the display. The procedure is as follows, assuming that the Event Records View window is already displayed:
1. Select Search from the menu bar
2. From the resulting pop-up menu select Redo Last Search
The search will be repeated using the same criteria that were last defined in the Event Search window. Event records in the repository that currently match the criteria will be displayed.
4.4 Using the Search Events Function
To retrieve specific types or classes of event records you must open the Search Criteria window and enter the appropriate search information. You make an event record search as follows:
1. Open the Event Records View window, as explained in the previous section
2. Select the Search item on the menu bar
3. From the resulting pop-up menu select the Search... option The Search Criteria window opens for you to specify the type(s) of events to be retrieved
4. Enter your required search criteria, as explained in Section 4.4.1 5. Click on OK or Apply to initiate the search
The retrieved event data (if any) replaces the default event data in the Event Records View window.
An example of the Event Search Criteria window is shown in Figure 4-3.
Note
If you carry out a search on a selected Managed Object, the information displayed depends not only on the search criteria you select, but also on the setting of the temip.search_scope resource defined in the resource file temip_resource.dat. The default behavior of this resource is to search on the basis of the whole Managed Object sub-tree. Refer to the OpenView TeMIP Customization Guide for details of how to change the default behavior.
Figure 4-3 Event Search Criteria Window
4.4.1 Selecting Search Criteria
In the Event Search Criteria window you may select any number or combination of the available criteria for your event record search. Some items have predefined lists of possible choices, that are automatically displayed in the panel headed Possible Choices when you select that item.
The procedure for selecting your search criteria is as follows:
1. Click on the box to the right of the required item to select the search criteria class
2. Where a predefined list is displayed, select the appropriate value - The selected value will be displayed in the search criteria value box 3. For items that do not have a predefined list, type the details in the box
- Select the item required (Day, Month or Year) (Hours, Minutes, Seconds)
- Click on the UP or DOWN arrows located to the right of the group.
5. To include selected criteria in the search, toggle the button to the left of the item
- Click on the criterion name to turn selection ON (button dark) - Click again to turn the selection OFF (button light).
Note, when a criterion value is changed it is automatically selected.
6. When all your selections are complete, click on OK or Apply to carry out the search.
The Search Event Records Window Buttons
At the base of the Search Event Records window are four buttons that you Click on to quickly perform the following functions:
• OK, accepts the choices you have made and exits from the window
• Apply, accepts the choices you have made but retains the window open
• Reset, clears all entries in the search criteria boxes
• Cancel, closes the Search Event Records window, but retains the selected values for future use
Available Search Criteria
The number of search criteria available for you to specify in a search depends on which class of event records is being searched. Table 4-3 lists the criteria available for each event record class.
Table 4-3 Search Criteria for an Event Search Log Record Class Available Search Criteria
Log Record Managed Object, Event Type, Additional Text, Notification Identifier, Event Start time, Event End time
Alarm Record Managed Object, Alarm Type, Probable Cause, Perceived Severity, Additional Text, Notification Identifier, Event Start time, Event End time
Security Alarm Record
Managed Object, Security Alarm Type, Security Alarm Cause, Security Alarm Severity, Additional Text, Notification Identifier, Event Start time, Event End time
Object Creation Record
Managed Object, Additional Text, Notification Identifier, Event Start time, Event End time
Object Deletion Record
Managed Object, Additional Text, Notification Identifier, Event Start time, Event End time
State Change Record
Managed Object, Additional Text, Notification Identifier, Event Start time, Event End time
Attribute Value Change Record
Managed Object, Additional Text, Notification Identifier, Event Start time, Event End time
Relationship Change Record
Managed Object, Additional Text, Notification Identifier, Event Start time, Event End time
Note
1. Probable Cause, Perceived Severity, Security Alarm Cause and Security Alarm Severity are normally a single value, but can be a set of values if specific FCL commands are entered, for example, Summarize.
2. The criteria: Time From/Time To apply to the Event Creation Time attribute.
4.4.2 Expanding a Search
On some occasions you will find it useful to continue a search made in one Event Log, through the records of a different Event Log. The facility is available for you to quickly do this, using the same search criteria in the expanded search that you used in the initial search. The new Event Log you wish to search must be a child of your Local OSI System. Assuming you have carried out the initial search, the procedure is as follows:
1. Select File from the menu bar
2. From the resulting pull-down menu select the Expand Search to LOG...
option
3. A window opens displaying a list of the Log children of your local OSI system
4. Select the appropriate Log from the list 5. Click on the button Create New View
6. A new Event Records View window is opened for the second Event Log, displaying any retrieved event records that matched the previous search criteria.
If you decide not to pursue an extended search that has been started, Click on the Cancel button on the window listing the available Event Logs.
An example of the Expand Event Search window is shown in Figure 4-4.
Figure 4-4 Expand Event Search Window
4.5 Handling Event Records
When the requested event information is displayed, you have several options for handling it, namely:
• Read the summary information as it is displayed
• Display the full information (identifiers, characteristics and statuses)
• Quick-print the alarm information on the default printer
• Print the alarm information on your selected printer
• Delete Event Log records that are no longer needed in the database
4.5.1 Displaying Full Information
There are several ways to open the Log Information window to display the contents of a retrieved event record:
• Double-click on the required event record.
• Double-click on the required event record.