IBM Books

Software User's Guide Version 3.4


Configuring and Monitoring the Event Logging System (ELS)

This chapter describes how to configure events logged by ELS and how to use the ELS commands. The information includes the following sections:

For more information on the Event Logging System and how to interpret ELS event messages, refer to "Using the Event Logging System (ELS)".


Accessing the ELS Configuration Environment

The ELS configuration environment is characterized by the ELS config> prompt. Commands entered at this prompt are described "Configuring and Monitoring the Event Logging System (ELS)".

To enter the ELS configuration environment:

  1. Enter configuration.

    The monitoring displays the Config> prompt. If the prompt does not appear, press enter.

  2. At the Config> prompt, enter the following command to access ELS:
     event
    

    The monitoring displays the ELS configuration prompt (ELS config>). Now, you can enter ELS configuration commands.

To leave the ELS configuration environment, enter the exit command.


ELS Configuration Commands

Table 15 summarizes the ELS configuration commands. The remainder of this section describes each one in detail. After accessing the ELS configuration environment, you can enter ELS Configuration commands at the ELS Config> prompt.

Table 15. ELS Configuration Command Summary
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Add   Adds an event to an existing group or creates a new group. 
 Advanced   Places you in the advanced configuration environment in which you can configure message buffering. 
 Clear   Clears all ELS configuration information. 
 Default   Resets the display or trap setting of an event, group, or subsystem. 
 Delete   Deletes an event number from an existing group or deletes an entire group. 
 Display   Enables message display on the console monitor. 
Filter Filter ELS messages based upon the net number.
 List   Lists information on ELS settings and messages. 
 Nodisplay   Disables message display on the console. 
 Noremote   Disables remote logging to a remote workstation. 
 Notrace   Controls disablement of packet trace events. 
 Notrap   Keeps messages from being sent out in SNMP traps. 
 Remote   Allows messages to be logged to a remote workstation. 
 Set   Sets the pin parameter and the timestamp feature options. 
 Trace   Controls enablement of packet trace events. 
 Trap   Allows messages to be sent to a network management workstation in SNMP traps. 
 View   Allows viewing of traced packets. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Add

Use the add command to add an individual event to an existing group or to create a new group. Group names must start with a letter and are case sensitive. You cannot append an entire subsystem to a group.

Syntax:

add
group_name subsystem.event_number
Note:If the specified group does not exist, the following prompt asks you to confirm the creation of a new group:
Group not found. Create new group? (yes or no)

Advanced

Use the advanced command to enter the advanced configuration environment. In this environment you configure message buffering.

Syntax:

advanced
 

Clear

Use the clear command to clear all of the ELS configuration information.

Syntax:

clear
 

Example:

clear
 
You are about to clear all ELS configuration information
Are you sure you want to do this (Yes or No):

Default

Resets the display or trap setting of an event, group, or subsystem back to a disabled state.

Syntax:

default
display

trap

remote
display event or group or subsystem
Controls the output of the display of messages to the monitoring.
trap event or group or subsystem
Controls the generation of traps to the network management station.
remote event or group or subsystem
Controls the generation of traps to the remote station.

Delete

Use the delete command to delete an event number from an existing group or to delete the entire group. If the specified event is the last event to be deleted in a group, you will be notified. If all is specified instead of subsystem.event_number, a prompt asks you to confirm the deletion of the entire group.

Syntax:

delete
group_name subsystem.event_number

Display

Use the display command to enable message displaying on the monitoring monitor for specific events, a range of events for a subsystem, groups, or subsystems.

Syntax:

display
event . . .

 
group . . .

range . . .

 
subsystem . . .

event subsystem.event#
Displays messages of the specified event (subsystem.event#).

group groupname
Displays messages of a specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event in the specified event range.

Displays a range of messages for the specified subsystem.

Example:

display range gw 19 22

Displays events gw.19, gw.20, gw.21, and gw.22.

subsystem subsystemname
Displays messages associated with the specified subsystem. To find out which subsystems are on the device, type list subsystems.
Note:Although ELS supports all subsystems on the device, not all devices support all subsystems. See Event Logging System Messages Guide for a list of currently supported subsystems.

Filter

Use the filter command to access the filter configuration command environment. See "ELS Net Filter Configuration Commands" for complete command details.

Syntax:

filter
net

List

Use the list command to get updated information regarding ELS settings and listings of selected messages.

Syntax:

list
all

filter-status

 
groups

 
pin

remote-log status

 
status

 
subsystem . . .

 
subsystems all

 
trace-status

all
Lists information from all the list categories.

filter-status
Lists ELS net number filters.

groups
Lists the user-defined group names and contents.

pin
Lists the current number of ELS event messages sent in SNMP traps (per second).

remote-log status
Lists the current values of remote logging options.

Example:

list r
 
Remote Logging is ON
Source IP Address = 192.67.38.2
Remote Log IP Address = 192.9.200.1
Default Syslog Facility = LOG_DAEMON
Default Syslog Priority Level = LOG_CRIT
Number of Messages in Remote Log = 256
Remote Logging Local ID = MYHOSTNAME

status
Lists the subsystems, groups, and events that have been modified by the display, nodisplay, trap, notrap, trace, notrace, remote, and noremote commands.

Example:

list status
 
Subsystem:             TKR
Disp Levels:           STANDARD
Trap levels:           none
Trace levels:          none
Remote levels:         ERROR INFO TRACE
Syslog Facility/Level: LOG_USER LOG_INFO
 
Group        Disp     Trap    Trace  Remote
Mygroup     Unset    Unset    Unset    On
                                       Syslog Facilty/Level: LOG_DAEMON LOG_CRIT
 
Event        Disp     Trap    Trace  Remote
IP.007      Unset    Unset    Unset    On
                                       Syslog Facility/Level: LOG_CRON LOG_NOTICE  
Note:Not only is remote logging enabled, but the display includes the Syslog Facility/Level values for each subsystem, group, and event. Ranges of events are listed as individual events.

subsystem
Lists names, events, and descriptions of all subsystems.

(Example output from a list subsystem command can be found beginning on page ***.)

subsystem subsystem
Lists all events in a specified subsystem.

Example:

list subsystem gw
 
 
Event      Level      Message
 
GW.001     ALWAYS   Copyright 1984 Mass Institute of Technology
GW.002     ALWAYS   Portable CGW %s Rel %s strtd
GW.003     ALWAYS   Unus pkt len %d nt %d int %s/%d
GW.004     ALWAYS   Sys %s q adv alloc %d excd %d
GW.005     ALWAYS   Bffrs: %d avail %d idle   fair %d low %d
GW.006     C-INFO    Pkt frm nt %d int %s/%d for uninit prt, disc
GW.007     C-INFO    Ip err %x nt %d int %s/%d
GW.008     U-INFO    Ip ovfl nt %d int %s/%d, disc
GW.009     UI-ERROR  Nt dwn ip rstrt nt %d int %s/%d
GW.010     UI-ERROR  Ip q len %d no ip buf nt %d int %s/%d
GW.011     U-INFO    Op err %x hst %wo nt %d int %s/%d
GW.012     U-INFO    Op err cnt excd hst %wo nt %d int %s/%d
GW.013     U-INFO    Rtrns cnt excd hst %wo nt %d int %s/%d
GW.014     UI-ERROR  Nt dwn op rstrt nt %d int %s/%d
GW.015     UI-ERROR  Nt dwn to hst %wo nt %d int %s/%d
GW.016     U-INFO    Op ovfl to hst %wo nt %d int %s/%d
GW.017     UE-ERROR  Intfc hdw mssng nt %d int %s/%d
GW.018     U-TRACE   Strt nt slf tst nt %d int %s/%d
GW.019     C-INFO    Slf tst nt %d int %s/%d
GW.020     U-TRACE   Nt pss slf tst nt %d int %s/%d
GW.021     UE-ERROR  Nt up nt %d int %s/%d
GW.022     U-TRACE   Nt fld slf tst nt %d int %s/%d

subsystems all
Lists all events in all subsystems.

trace-status
Displays information on the status of packet tracing, including configuration and run-time information.

Example:

list trace-status
 
------------------------- Configuration -----------------------------
Trace Status:ON  Wrap Mode:ON  Decode Packets:ON  HD Shadowing:ON
RAM Trace Buffer Size:100000  Maximum Trace Buffer File Size:10000000
Max Packet Bytes Trace:256  Default Packet Bytes Traced:100
Trace File Record Size:2048  Stop Trace Event: TCP.013
Maximum Hours to HD Shadow:  1

Nodisplay

Use the nodisplay command to select and turn off messages displaying on the console.

Syntax:

nodisplay
event. . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Suppresses the displaying of a specified event (subsystem.event#).

group groupname
Suppresses the displaying of messages that were previously added to the specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Suppresses the displaying of a range of messages for the specified subsystem.

Example:

nodisplay range gw 19 22

Suppresses the display of events gw.19, gw.20, gw.21, and gw.22.

subsystem subsystemname
Suppresses the displaying of messages associated with the specified subsystem.

Noremote

Use the noremote command to suppress the logging of events to a remote workstation based on event number, group, range of events, or subsystem.
Note:With the noremote command, there is usually no need to specify a syslog_facility and syslog_level, such as there is with the remote command. However, for noremote subsystem command, there exists the option of selectively suppressing specific message levels (for example, "error" only or "trace" only) rather than turning them all off. (If you do not specify any particular message level, "all" is assumed). Additionally, with the noremote subsystem command, you can set a syslog_facility and syslog_level for any remaining message levels that have not been turned off.

Syntax:

noremote
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event#
Suppresses the remote logging of messages for the specified event.

group group.name
Suppresses the remote logging of messages that were previously added to the specified group (group.name).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Suppresses the remote logging of a range of messages for the specified subsystem.

Example:

noremote range gw 19 22

Suppresses the remote logging of events gw.019, gw.020, gw.021, and gw.022

subsystem subsystem.name [syslog_facility syslog_level]
Suppresses the remote logging of messages associated with the specified subsystem (subsystem.name).

Example 1:

noremote subsystem tkr

Suppresses the remote logging of all "tkr" messages.

Example 2:

ELS config> noremote subsystem tkr info
ELS config> SYSLOG FACILITY[LOG_USER]?
ELS config> SYSLOG LEVEL[LOG_INFO]?

In this example, "LOG_USER" and "LOG_INFO" were the values last picked for subsystem TKR. The command specified turns off the remote logging for subsystem TKR only for messages coded for "info". Because syslog_facility and syslog_level was not specified, the software prompts for syslog_facility and syslog_level. If you enter another value at the prompts, that value will replace syslog_facility and syslog_level for the remaining remote-logged messages for the TKR subsystem.

Use the list all or list status commands to display what you have set with the noremote and remote commands.

For more information about syslog_facility and syslog_level see "Remote".

Notrace

Disables packet trace for the specified event/range/subsystem/group.

Syntax:

notrace
event . . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Suppresses the sending of packet trace data for the specified event#

group groupname
Suppresses the sending of packet trace data that was previously added to the specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Disables the sending of packet trace data for a range of messages for the specified subsystem.

Example:

trace range gw 19 22

Suppresses the sending of packet trace data for events gw.19, gw.20, gw.21, and gw.22.

subsystem subsystemname
Suppresses the sending of packet trace data for the specified subsystem (subsystemname).

Notrap

Use the notrap command to select and turn off messages so that they are no longer sent to a network management workstation in SNMP traps.

Syntax:

notrap
event . . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Suppresses the sending of the specified message in an SNMP trap (subsystem.event#).

group groupname
Suppresses the sending of messages in SNMP traps that were previously added to the specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Suppresses the sending of messages for the events in the specified range for the specified subsystem in SNMP traps.

Example:

notrap range gw 19 22

Suppresses the sending of messages for events gw.19, gw.20, gw.21, and gw.22 in SNMP traps.

subsystem subsystemname
Suppresses the sending of messages in SNMP traps that are associated with the specified subsystem.

Remote

Use the remote command to select the events to be logged to a remote workstation by event number, range of events, group, or subsystem.

Syntax:

remote
event . . .

range . . .

group . . .

subsystem . . .

event subsystem.event# syslog_facility syslog_level
Causes the specified event to be logged remotely.

Syslog facility and level values are used by the syslog daemon in the remote workstation to determine where to log the messages. This value overrides the default values that are set with the set facility and set level commands.

syslog_facility

log_auth

log_authpriv

log_cron

log_daemon

log_kern

log_lpr

log_mail

log_news

log_syslog

log_user

log_uucp

log_local0-7

syslog_level

log_emerg

log_alert

log_crit

log_err

log_warning

log_notice

log_info

log_debug

These values do NOT have any particular association with any daemons on the IBM 2212. They are merely identifiers which are used by the syslog daemon on the remote workstation.

range subsystemname first_event_number last_event_number syslog_facility syslog_level

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the events in the specified range for the specified subsystem to be remotely logged based on the syslog_facility and syslog_level values. See the remote event command.

Example:

remote range gw 19 22 log_user log_info

Causes the event gw.19, gw.20, gw.21, and gw.22 to be logged remotely on the syslog_facility value of log_user and the syslog_level value of log_info.

group group.name syslog_facility syslog_level
Allows events belonging to the specified group to be logged remotely based on the syslog_facility and syslog_level values. See the remote event command.

subsystem subsystem.name message_level syslog_facility syslog_level
Where subsystem.name is the name of the subsystem and message_level is the level of messages selected in the subsystem.

Causes the events within the specified subsystem.name whose message_level agrees with the specified message_level to be logged remotely at the files based on the syslog_facility and syslog_level values. See the remote event command.

Message_level is a value such as "ALL," "ERROR," "INFO," or "TRACE". See Logging Level. The value specified in the remote command must agree with the value as coded on the particular event within the subsystem, or that event within the subsystem will not be remotely logged.

Example:

remote subsystem ETH all log_user log_info

In the above example, all messages in subsystem ETH ("all" includes any messages coded for "error," "info," or "trace") will be logged remotely based on log_user and log_info values at the remote host.

Use the list all or list status commands to display what you have set with the noremote and remote commands.

Set

Use the set command to set the maximum number of tags per second, the timestamp feature, or to set tracing options.

Syntax:

set
pin . . .

remote-logging . . .

 
timestamp . . .

 
trace . . .

pin max_traps
Use the set pin command to set the pin parameter to the maximum number of traps that can be sent on a per-second basis. Internally, the pin resets every tenth of a second. (One tenth of the number (max_traps) is sent every tenth of a second.)

remote-logging
Use the set remote-logging command to configure remote logging options. When these options are configured from the monitoring environment, the changes take effect immediately, and return to their previously configured settings when the device is rebooted.

Syntax:

set remote-logging
on
off
facility . . .
level . . .
no-msgs
remote_ip_addr . . .
source_ip_addr ...
local_id

on
Turns remote logging on. Remote logging is now enabled to allow any messages selected by the remote command to be actively logged.

off
Turns remote logging off. All messages selected by the 'remote' command will be prevented from being logged.

facility
Specifies a value that, in combination with the level value, is used by the syslog daemon in the remote workstation to determine where to log messages. This value is used for all remotely-logged ELS messages unless you specify a different value for a particular ELS event, range, group, or subsystem with the remote command.

These are all possible syslog facility values:

log_auth

log_authpriv

log_cron

log_daemon

log_kern

log_lpr

log_mail

log_news

log_syslog

log_user

log_uucp

log_local0-7

level
Specifies a value that, in conjunction with the facility value, is used by the syslog daemon in the remote workstation to determine where to log messages. This value is used for all remotely-logged ELS messages unless you specify a different value for a particular ELS event, range, group, or subsystem with the remote command.

These are all possible syslog level values:

log_emerg

log_alert

log_crit

log_err

log_warning

log_notice

log_info

log_debug

no-msgs
Specifies the number of messages in the buffer for the remote log before log wraps.

remote_ip_addr
This is an ip address of the form xxx.xxx.xxx.xxx where xxx can be any integer 0 to 255. It represents the ip address of the remote host where the log files reside.

source_ip_addr
This is an ip address of the form xxx.xxx.xxx.xxx where xxx can be any integer 0 to 255.

You should use an IP address that is configured in the 2212 for easier identification when the IP address or the hostname is shown in the remotely-logged ELS message. You should also verify that this IP address is quickly resolved to a hostname by the name server, or at least that the name server responds quickly with "address not found."

To determine that the IP address resolves properly enter the host command on your workstation as shown:

workstation>host 5.1.1.1
host: address 5.1.1.1 NOT FOUND
workstation>

If the response takes more than 1 second, select an IP address that resolves more quickly.

local_id
This is any character string of up to 32 characters, which is included in the logged message at the remote file and can help identify which machine logged the message.

timestamp [timeofday or uptime or off]
Allows you to turn on message timestamping so that either the time of day or uptime (number of hours, minutes, and seconds, but no date, since the device was last initialized) appears next to each message. Set timestamp can also be turned off.

Use the set timestamp command to enable one of the following timestamp options.

timeofday
Adds an HH:MM:SS prefix to each ELS message indicating the time of the occurrence during a 24-hour day.

uptime
Adds an HH:MM:SS prefix to each ELS message indicating the time of the occurrence during a 100-hour cycle. After 100 hours of uptime, the uptime counter returns to zero to begin another 100-hour cycle.

off
Turns off the ELS timestamp prefix.

trace
Use the set trace command to configure tracing options. If you configure tracing options from the monitoring environment, the changes take effect immediately. They return to their previously configured settings when the device is rebooted.
Note:Tracing should be used only under the direction of trained support personnel. Tracing, especially when used with disk-shadowing enabled, uses device resources and can impact overall performance and throughput.

Syntax:

set trace
decode
default-bytes-per-pkt
disk-shadowing
max-bytes-per-pkt
memory-trace-buffer-size
off
on
reset
stop-event
wrap-mode

decode off/on
Turns packet decoding on or off. Packet decoding is not supported by all components.

default-bytes-per-pkt bytes
Sets the default number of bytes traced. This value is used if a value is not specified by the component doing the tracing.

disk-shadowing [[off or on] or record-size or time-limit or delete-file or max-file-size]
Turns disk shadowing on or off, sets the maximum trace file size, or sets the maximum time for disk-shadowing traces.

[off or on]
Turns disk shadowing on or off. If disk shadowing is enabled, trace records are copied to the hard disk. Once a traced record is copied to the hard disk, it can no longer be viewed from the monitoring.
Note:Disk shadowing should be set to OFF whenever the WRITE, TFTP software, RETRIEVE system dump, or COPY software commands are issued.

disk-shadowing delete-file
Deletes the trace file.

disk-shadowing max-file-size Mbytes
Sets the maximum file size for the trace file.

Valid Values: 1 MB to 16 MB

Default Value: 10

disk-shadowing record-size bytes
Sets the record size for trace file records:

Valid Values
1024, 2048, or 4096 bytes

Default
2048 bytes

Notes:

  1. If a trace file already exists, "Cannot change Record Size without first deleting the existing Trace File" is displayed and record size is not changed.

  2. If you configure a record size and a trace file already exists, the trace will use the record size of the existing file.

disk-shadowing time-limit hours
Sets the maximum time for disk-shadowing of traces:

Valid Values
1 - 72 hours

Default
24 hours
Note:Disk shadowing stops (tracing continues) after this time has elapsed. The actual time is reset to 0 when disk shadowing is turned on again.

max-bytes-per-pkt bytes
Sets the maximum number of bytes traced for each packet.

memory-trace-buffer-size bytes
Sets the size, in bytes, of the RAM trace buffer.

Valid Values: 0, >=10,000

Default Value: 0

off
Disables packet tracing.

on
Enables packet tracing.

reset
Clears the trace buffer and resets all associated counters.

stop-event event id
Stops tracing when an event (event id) occurs. Enter either an ELS event id (for example: TCP.013) or "None". "None" is the default. Tracing stops only if the display of the particular ELS event is enabled.

When a stop-event occurs, an entry is written to the trace buffer. The view command for this trace entry will display "Tracing stopped due to ELS Event Id: TCP.013".

After tracing stops due to a stop-event, you must re-enable tracing with the set trace on command. (A restart will also re-enable tracing if enabled from the ELS Config> prompt.)

wrap-mode [off  or  on]
Turns the trace buffer wrap mode on or off. If wrap mode is on and the trace buffer is full, previous trace records will be overwritten by new trace records as necessary to continue tracing.

Trace

Enables packet trace for the specified event/range/subsystem/group. When the trace command is used from the ELS Config> prompt, the changes become part of the configuration, and a reboot is required to activate the changes.

Syntax:

trace
event . . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Causes the specified trace event (subsystem.event#) to be displayed on the system monitoring.

group groupname
Allows trace events that were previously added to the specified group to be displayed on the device monitoring.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the trace events in the specified range for the specified subsystem to be displayed on the system monitoring.

Example:

trace range gw 19 22

Causes the trace events gw.19, gw.20, gw.21, and gw.22 to be displayed on the system monitoring.

subsystem subsystemname
Allows trace events associated with the specified subsystem to be displayed on the device monitoring.

Trap

Use the trap command to select the message to be sent to the remote SNMP network management workstation. A remote SNMP network management workstation is an IP host in the network acting as an SNMP manager.

Syntax:

trap
event . . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Causes the specified message (subsystem.event#) to be sent to a network management workstation in an SNMP trap.

group groupname
Allows messages that were previously added to the specified group to be sent to a network management workstation in an SNMP trap.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the messages that are in the specified range for the specified subsystem to be sent to a network management workstation in an SNMP trap.

Example:

trap range gw 19 22

Causes the messages in events gw.19, gw.20, gw.21, and gw.22 to be sent to a network management workstation in an SNMP trap.

subsystem subsystemname
Allows messages associated with the specified subsystem to be sent to a management station in an SNMP trap.
Note:Messages for the IP, ICMP, ARP and UDP subsystems cannot be sent in SNMP traps because these areas are or may be used in the process of sending the SNMP trap. This could lead to an infinite loop of traffic putting an undue strain on the device.

ELS Net Filter Configuration Commands

ELS net filters give you the capability of looking only at ELS messages with certain net numbers and discarding other ELS messages.

When you create a filter, you specify the subsystem, event, or range of events to which the filter applies. You also specify the queue (for example, "DISPLAY", "TRAP", "TRACE", or "REMOTE-LOGGING"). Finally, you specify the net number (or range of net numbers) that you want to filter.

When you enable the filter, messages that have been turned on by the ELS commands are subject to filtering. The filter allows only messages with the specified net numbers. The filter causes the device to discard messages that do not contain the specified net numbers.

By reducing the number of ELS messages sent, you can more easily locate messages for the interfaces in which you are interested.

This section describes the commands to configure the ELS net filters. To configure these filters, enter the filter net command at the ELS> prompt. Then, enter the configuration commands at the ELS Filter net> prompt.

Table 16. ELS Net Filter Configuration Commands
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
Create Creates a filter and assigns it a number. A maximum of 64 filters is allowed.
Delete Deletes a specified filter number or all filters.
Disable Disables a specified filter number or all filters.
Enable Enables a specified filter number or all filters.
List Lists a specified filter number or all filters.
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Create

Use the create command to create an ELS net filter.

Syntax:

create queue
event event_name net#_start net#_end

range event_range net#_start net#_end

subsystem subsystem_name net#_start net#_end

queue
The queue for which you are setting the filter. The valid queues are:

Display

Trace

Trap

Remote

event event_name net#_start net#_end
Specifies the event and net numbers that you are filtering.

If you specify net#_start and net#_end as the same number, you are filtering on a single net number.

The command create trap event GW.009 2 10 filters traps for message GW.009 for net numbers 2 through 10.

range event_range net#_start net#_end
Specifies the range of ELS messages and net numbers that you are filtering.

If you specify net#_start and net#_end as the same number, you are filtering on a single net number.

The command create remote range ipx 19 22 3 6 filters all ipx messages beginning with IPX.019 and ending with IPX.022 for net numbers 3 through 6 for remote logging.

subsystem subsystem_name net#_start net#_end
Specifies the subsystem and net numbers that you are filtering.

If you specify net#_start and net#_end as the same number, you are filtering on a single net number.

The command create display subsys ip 1 1, filters all ELS messages for the ip subsystem that contain net number 1 to the display. All other ip subsystem messages are discarded.

Delete

Use the delete command to delete a specific ELS filter or all ELS filters.

Syntax:

delete
all

filter filter#

all
Deletes all currently configured filters.

filter filter#
Deletes the filter specified by filter#. Use the list command to obtain the number for the filter you want to delete.

Disable

Use the disable command to disable a specific ELS filter or all ELS filters.

Syntax:

disable
all

filter filter#

all
Disables all currently configured filters.

filter filter#
Disables the filter specified by filter#. Use the list command to obtain the number for the filter you want to disable.

Enable

Use the enable command to enable a specific ELS filter or all ELS filters.

Syntax:

enable
all

filter filter#

all
Enables all currently configured filters.

filter filter#
Enables the filter specified by filter#. Use the list command to obtain the number for the filter you want to enable.

List

Use the list command to list a specific ELS filter or all ELS filters.

Syntax:

list
all

filter filter#

all
Lists all currently configured filters.

filter
Lists the filter specified by filter#.

ELS Message Buffering Configuration Commands

Table 17 describes the commands available at the ELS Config Advanced> prompt.

Table 17. ELS Message Buffering Configuration Commands
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 List   Displays the configuration settings for message buffering. 
 Log   Enables logging of selected messages to the message buffer. 
 Nolog   Turns off logging of selected messages to the message buffer. 
 Set   Sets the size of the message buffer, the wrapping mode, whether logging occurs, which event will end message buffering, and what the system does when message buffering is stopped by an event. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

List

Use the list command to list the ELS message buffering configuration.

Syntax:

list
status

Example:

ELS Config Advanced> list status
----------------------------------Configuration----------------------------------- 
Logging Status:    OFF    Wrap Mode:   ON  Logging Buffer Size:    8500   Kbytes 
Stop-Event:    APPN.2          Stop-String:     netdn for  intf 6 
Additional Stop-Action:  NONE

See Set for a description of the commands that change the values in the display.

Log

Use the log command to select which messages will be logged to the message buffer.

Syntax:

log
event

group

range

subsystem

event subsystem.event#
Causes the specified message (subsystem.event#) to be logged to the message buffer.

group groupname
Allows messages that were previously added to the specified group to be logged to the message buffer.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the messages that are in the specified range for the specified subsystem to be logged to the message buffer.

Example:

log range gw 19 22

Causes the messages in events gw.19, gw.20, gw.21, and gw.22 to be logged to the message buffer.

subsystem subsystemname
Allows messages associated with the specified subsystem to be logged to the message buffer.

Nolog

Use the nolog command to remove messages from the defined list of messages that are logged to the message buffer.

Syntax:

nolog
event

group

range

subsystem

event subsystem.event#
Causes the specified message (subsystem.event#) not to be logged to the message buffer.

group groupname
Allows messages that were previously added to the specified group not to be logged to the message buffer.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the messages that are in the specified range for the specified subsystem not to be logged to the message buffer.

Example:

log range gw 19 22

Causes the messages in events gw.19, gw.20, gw.21, and gw.22 not to be logged to the message buffer.

subsystem subsystemname
Allows messages associated with the specified subsystem not to be logged to the message buffer.

Set

Use the set command to configure various ELS message buffering options.

Syntax:

set
buffer-size Kbytes

logging [on or off]

stop action . . .

stop event subsystem.event#

stop string text

wrap on or off]

buffer-size Kbytes
Specifies the size, in kilobytes, of the message buffer that the system should allocate. The mem command displays this memory as Never Alloc. Setting this value too high could prevent the device from operating correctly after a reboot because of insufficient memory for protocols and features.

Valid values: 0 KB to 60% of the memory available on the device.

Default value: 0 (no message buffering)
Note:You must allocate a buffer with this command before you can set logging on.

logging [on  or  off]
Specifies whether message buffering will occur. This command will not take affect until you allocate a buffer using the set buffer-size command. The default is off.

stop action [appn-dump  or  disk-offload or  none  or  system-dump]
Specifies the additional action the system takes when the "stop event" (and if specified, the "stop string") occurs. The actions are:

appn-dump
Dumps the APPN protocol, if it is active. The APPN dump will indicate that the dump was taken as the result of a stop action.

disk-offload
Writes a formatted version of the buffer to a file on the hard file. If the file already exists, the new file replaces it. You can then use the tftp file monitoring command to send the file to a remote host.

none
No other action is taken after logging stops.

system-dump
Dumps the entire system. The system dump will indicate that the dump was taken as the result of a stop action.

Default value: none

stop event [subsystem.event#  or  none]
Specifies the event (subsystem.event#) that stops logging. If you have specified a stop string, the text in the stop string must also match. When the stop event occurs:
  1. If NO stop action has been specified (a value of none), the next five ELS messages are logged. However, if a stop action (a value other than none) has been specified, no additional ELS messages get logged.
  2. Logging stops.
  3. The system performs the specified "stop action."

Logging remains stopped until the next time you issue the set logging on command or reboot the device.

If you do not specify the stop event when you enter the command, the system prompts you to enter the stop event. Specifying none disables the stop event function.

Default value: none

stop string text  or  none
Specifies the string to be used in conjunction with the "stop event" to stop logging. If you have not specified a stop event, the system ignores the "stop string."

Text can be any ASCII string up to 32 characters in length. If you do not specify text when you enter the command, the system will prompt you for the string. Entering none clears the "stop string."

Default value: none

wrap [on  or  off]
Specifies whether to stop the log when the buffer is full (off) or to log the new messages at the beginning of the buffer (on).

Default value: on


Entering and Exiting the ELS Operating Environment

The ELS monitoring environment (available from the GWCON process) is characterized by the ELS> prompt. Commands entered at this prompt modify the current ELS parameter settings. These commands are described "Configuring and Monitoring the Event Logging System (ELS)".

To enter the ELS monitoring environment from OPCON:

  1. Enter the console command.
    * console
    

    The monitoring displays the GWCON prompt (+). If the prompt does not appear when you first enter GWCON, press enter.

  2. At the GWCON prompt, enter the following command to access ELS:
    + event
    

    The monitoring displays the ELS monitoring prompt (ELS>). Now, you can enter ELS monitoring commands.

To leave the ELS monitoring environment, enter the exit command.


ELS Monitoring Commands

This section summarizes and then explains all the ELS monitoring commands. After accessing the ELS Monitoring environment, you can enter ELS monitoring commands at the ELS> prompt.

Table 18. ELS Monitoring Command Summary
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Advanced   Places you in the advanced configuration environment in which you can configure message buffering. 
Clear Resets to zero the counts of messages associated with specified events, groups, or subsystems.
 Display   Enables message display on the console. 
 Exit   Exits the ELS console process and returns the user to GWCON. 
Filter Filter ELS messages based upon the net number.
 List   Lists information on ELS settings and messages. 
 Nodisplay   Disables message display on the console. 
 Noremote   Disables remote logging to file at remote workstation. 
 Notrace   Disables trace event display on the console. 
 Notrap   Keeps messages from being sent out in SNMP traps to the network management workstation. 
 Remote   Allows messages to be logged at a file on a remote workstation. 
 Remove   Frees up memory by erasing stored information. 
 Restore   Clears current settings and reloads initial ELS configuration. 
 Retrieve   Reloads the saved ELS configuration. 
 Save   Stores the current configuration. 
 Set   Sets the pin parameter and the timestamp feature. 
 Statistics   Displays available subsystems and pertinent statistics. 
 Trace   Enables trace event display on the console. 
 Trap   Allows messages to be sent to a network management workstation in SNMP traps. 
 View   Allows viewing of traced packets. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Advanced

Use the advanced command to enter the advanced monitoring environment. In this environment you change message buffering operation.

Syntax:

advanced
 

Clear

Use the clear command to reset to zero the counts of the display, trace, trap, or remote commands as they relate to specific events, groups or subsystems.

Syntax:

clear
event . . .

group . . .

subsystem . . .

event subsystem. event#
Resets the count of events to zero for displaying, trapping, tracing or remote logging of the specified event (subsystem.event#).

group group.name
Resets the count of events to zero for displaying, trapping, tracing or remote logging of the specified group (group.name).

subsystem subsystem.name
Resets the count of events to zero for displaying, trapping, tracing or remote logging of the specified subsystem (subsystem.name).

Display

Use the display command to enable the message display on the monitoring monitor for specific events.

Syntax:

display
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event#
Displays messages for the specified event (subsystem.event#).

group groupname
Displays messages of a specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event in the specified event range.

Displays a range of messages for the specified subsystem.

Example:

display range gw 19 22

Displays events gw.19, gw.20, gw.21, and gw.22.

subsystem subsystem.name
Displays any messages associated with the specified subsystem (logging level). If you do not specify a logging level, all messages for that subsystem are turned on.

Files Trace TFTP

Use the files trace tftp command to retrieve trace files from the subdirectory associated with:

Syntax:

files trace tftp
active-bank ...

bank-a ...

bank-b ...

net-subdir ...

You are prompted for the remote server IP address and the remote path/file name.

active-bank
Retrieves the traces file from the currently active bank

bank-a
Retrieves the trace file from bank A

bank-b
Retrieves the trace file from bank B

net-subdir
Retrieves the trace file stored in the Network Subdirectory (if there is no active bank)

Filter

Use the filter command to access the filter configuration command environment. See ELS Net Filter Monitoring Commands for complete command details.

Syntax:

filter
net

List

Use the list command to get updated information regarding ELS settings and to get listings of selected messages.

Syntax:

list
active . . .

all

event . . .

filter-status

groups . . .

pin

remote-log status

subsystem . . .

trace-status

all
Lists all subsystems, defined groups, enabled subsystems, enabled events, and pins.

active subsystem.name
Displays the events that are active for a specific subsystem or have non-zero message counts.

Example:

list active ip
Event      Active  Count  Message
 
IP.007              2874  %I -> %I
IP.022                13  add nt %I int %I nt %n int %s/%d
IP.036              2874  rcv pkt prt %d frm %I
IP.058                23  del nt %I rt via %I nt %n int %s/%d
IP.068     D          37  routing cache cleared
D=Display on   T=Trap on   P=Packet Trace on   F=Filter on  R=Remote Logging on
A=Advanced on
 
 

If Remote logging is turned on, those events displayed as active for a subsystem will have an "R" next to their name.

event subsystem.event#
Displays the logging level, the message, and the count of the specified event.

Example:

list event ip.007
 
Level: p-TRACE
Message: source_ip_address -> destination_ip_address
Active:  Count: 84182

If Remote-logging had been activated for this event, and the syslog_facility and syslog_level values were log_daemon and log_crit, the last lines would look like:

Active:  R count:84182
Syslog Facility: log_daemon   Syslog Level: log_crit

filter-status
Lists ELS net number filters.

groups group.name
Displays the user-defined group names.

pin
Lists the current number of ELS event messages sent per second in SNMP traps. This is a threshold value that can be used to reduce the amount of SNMP trap traffic.

Example:

list pin
 
Pin: 100 events/second

remote-log status
Lists the current values of the remote logging options set in the set remote-logging command.

Example:

list r
 
Remote Logging is On
Source Ip Address = 192.9.200.8
Remote  Log IP Address = 192.9.200.1
Default Syslog Facility = LOG_USER
Default Syslog Priority Level = LOG_INFO
Number of Messages in Remote Log = 256
Remote Logging Local ID =  SPHINX 

subsystem subsystem.name
Lists event names, the total number of events that have occurred, and their descriptions.
Note:Although ELS supports all subsystems on the device, not all devices support all subsystems. See ELS Messages for a list of currently supported subsystems.

subsystem subsystem.name
Lists all events, logging levels, and messages for the specified subsystem.

Example:

list subsystem eth
 
Event      Level      Message
ETH.001    P-TRACE    brd rcv unkwn type packet_type source_Ethernet_address ->
                      destination_Ethernet_address nt network
ETH.002    UE-ERROR   rcv unkwn typ packet_type source_Ethernet_address ->
                      destination_Ethernet_address nt network
ETH.010    C-INFO     LLC unk SAP DSAP source_Ethernet_address ->
                      destination_Ethernet_address nt network

subsystem all
Lists all events, logging levels, and messages for every event that has occurred on the device.

trace-status
Displays information on the status of packet tracing, including configuration and run-time information.

Example:

list trace-status
 
------------------------- Configuration -----------------------------
Trace Status:ON  Wrap Mode:ON  Decode Packets:ON  HD Shadowing:ON
RAM Trace Buffer Size:100000  Maximum Trace Buffer File Size:10000000
Max Packet Bytes Trace:256  Default Packet Bytes Traced:100
Trace File Record Size:2048  Stop Trace Event: TCP.013
Maximum Hours to HD Shadow:  1
------------------------ Run-time Status ----------------------------
Packets in RAM Trace Buffer:1   Free Trace Buffer Memory:99958
Trace Errors:0  First Packet:1  Last Packet:1
Trace Records Stored on HD:8  Trace Buffer File Size:16560
HD-Shadowing Time Exceeded? NO Elapsed Time:  0 hr,  0 min, 10 sec
Has Stop Trace Event Occurred? NO

ELS Config>LIST TRACE command under talk 6 displays information similar to the following:

------------------------- Configuration -----------------------------
Trace Status:ON  Wrap Mode:ON  Decode Packets:ON  HD Shadowing:ON
RAM Trace Buffer Size:100000  Maximum Trace Buffer File Size:10000000
Max Packet Bytes Trace:256  Default Packet Bytes Traced:100
Trace File Record Size:2048  Stop Trace Event: TCP.013
Maximum Hours to HD Shadow:  1

Nodisplay

Use the nodisplay command to select and turn off messages displaying on the console.

Syntax:

nodisplay
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event#
Suppresses the displaying of messages for the specified event.

group group.name
Suppresses the displaying of messages that were previously added to the specified group (group.name).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Suppresses the displaying of a range of messages for the specified subsystem.

Example:

nodisplay range gw 19 22

Suppresses the display of events gw.19, gw.20, gw.21, and gw.22.

subsystem subsystem.name
Suppresses the displaying of messages associated with the specified subsystem (logging level).

Noremote

Use the noremote command to select and turn off messages logging to a remote workstation.

Syntax:

noremote
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event#
Suppresses the remote logging of messages for the specified event.

group group.name
Suppresses the remote logging of messages that were previously added to the specified group (group.name).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Suppresses the remote logging of a range of messages for the specified subsystem.

Example:

noremote range gw 19 22

Suppresses the remote logging of events gw.19, gw.20, gw.21, and g.22

subsystem subsystem.name
Suppresses the remote logging of messages associated with the specified subsystem (logging level).

Example:

noremote subsystem tkr
Note:With noremote, there is no need to specify a Syslog Facility and Level, such as there is with Remote.

Use the list event and list active commands to verify what you set with the remote and noremote commands.

Notrace

Use the notrace command to stop display of selected trace events at the monitoring.

Syntax:

notrace
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event#
Suppresses the display of the specified tracing event.

group groupname
Suppresses the display of tracing events related to the specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Disables the sending of packet trace data for a range of messages for the specified subsystem.

Example:

notrace range gw 19 22

Suppresses the sending of packet trace data for events gw.19, gw.20, gw.21, and gw.22.

subsystem subsystemname [logging-level]
Suppresses the display of tracing events that are associated with the specified subsystem and logging level. If you do not specify a logging-level you suppress tracing for all logging levels for the subsystem.

Example:

notrace subsystem frl error
 
notrace subsystem frl

Notrap

Use the notrap command to select and turn off messages so that they are no longer sent to a network management workstation in SNMP traps.

Syntax:

notrap
event. . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Suppresses the sending of the specified message in an SNMP trap (subsystem.event#).

group groupname
Suppresses the sending of messages in SNMP traps that were previously added to the specified group (groupname).

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Suppresses the sending of messages for the events in the specified range for the specified subsystem in SNMP traps.

Example:

notrap range gw 19 22

Suppresses the sending of messages for events gw.19, gw.20, gw.21, and gw.22 in SNMP traps.

subsystem subsystemname [logging-level]
Suppresses the sending of messages in SNMP traps that are associated with the specified subsystem and logging level. If you do not specify a logging-level you suppress trapping for all logging levels for the subsystem.

Example:

notrap subsystem eth error

Remote

Use the remote command to select the events to be logged to a remote file by event number, range of events, group, or subsystem.

Syntax:

remote
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event# syslog_facility syslog_level
Causes the specified event to be logged remotely.

Syslog facility and level values are used by the syslog daemon in the remote workstation to determine where to log the messages. This value overrides the default values that are set with the set facility and set level commands.

syslog_facility

log_auth

log_authpriv

log_cron

log_daemon

log_kern

log_lpr

log_mail

log_news

log_syslog

log_user

log_uucp

log_local0-7

syslog_level

log_emerg

log_alert

log_crit

log_err

log_warning

log_notice

log_info

log_debug

These values do NOT have any particular association with any daemons on the IBM 2212. They are merely identifiers which are used by the syslog daemon on the remote workstation.

Example:

remote event gw.019 log_user log_info

group group.name syslog_facility syslog_level
Allows events belonging to the specified group to be logged remotely based on the syslog_facility and syslog_level values. See the remote event command.

range subsystemname first_event_number last_event_number syslog_facility syslog_level

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the events in the specified range for the specified subsystem to be remotely logged based on the syslog_facility and syslog_level. See the remote event command.

Example:

remote range gw 19 22 log_user log_info

Causes the event gw.19, gw.20, gw.21, and gw.22 to be logged remotely to the files specified by the syslog_facility value of log_user and the syslog_level value of log_info.

subsystem subsystem.name message_level syslog_facility syslog_level
Where subsystem.name is the name of the subsystem and message_level is the level of messages selected in the subsystem.

Causes the events within the specified subsystem.name whose message_level agrees with the specified message_level to be logged remotely based on the syslog_facility and syslog_level. See the remote event command.

Message_level is a value such as ALL, ERROR, INFO, or TRACE. See Logging Level. The value specified in the remote command must agree with the value as coded on the particular event within the subsystem, or that event within the subsystem will not be remotely logged.

Example:

remote subsystem eth all log_user log_info

In the above example, all messages in subsystem TKR ("all" includes any messages coded for "error," "info," or "trace") will be logged remotely to files specified by log_user and log_info at the remote host.

Use the list event and list active commands to verify what you set with the remote and noremote commands.

Remove

Use the remove command to free up memory by erasing stored information. If you have previously saved the current configuration with the save command, remove allows you to erase the saved configuration.

Syntax:

remove
 

Restore

Use the restore command to clear all current settings (except counters) and reload the initial ELS configuration. To retain the current settings, use the save command before restoring the initial configuration.

Syntax:

restore

Retrieve

Use the retrieve command to reload the saved ELS configuration. If you have previously saved the current configuration with the save command, use retrieve to reload it. Retrieve does not erase the saved configuration after it executes. To erase the saved configuration, use the remove command.

Syntax:

retrieve
 

Save

Use the save command to store the current configuration (except counters). Save does not affect the default configuration (the one you set with the configuration commands). Use save after modifying the configuration with the monitoring commands with the intention of saving this configuration over a restart. There can be only one saved configuration at a time. To reload the saved configuration, use the retrieve command.

Syntax:

save
 

Set

Use the set command to set the maximum number of traps per second, to set the timestamp feature, or to set the tracing options.

Syntax:

set
pin . . .

remote-logging . . .

timestamp . . .

trace . . .

pin
Use the set pin command to set the pin parameter to the maximum number of traps that can be sent on a per-second basis. Internally, the pin resets every tenth of a second. (One tenth of the number max_traps is sent every tenth of a second.)

remote-logging
Use the set remote-logging command to configure remote logging options. When these options are configured from the monitoring environment, the changes take effect immediately, and return to their previously configured settings when the device is rebooted.

Syntax:

set remote-logging
on

off

facility . . .

level . . .

local_id

remote_ip_addr . . .

source_ip_addr ...

on
Turns remote logging on. Remote logging is now enabled to allow any messages selected by the remote command to be actively logged.

off
Turns remote logging off. All messages selected by the remote command will be prevented from being logged.

facility
Specifies a value that, in combination with the level value, is used by the syslog daemon in the remote workstation to determine where to log messages. This value is used for all remotely-logged ELS messages unless you specify a different value for a particular ELS event, range, group, or subsystem with the remote command.

These are all possible syslog facility values:

log_auth

log_authpriv

log_cron

log_daemon

log_kern

log_lpr

log_mail

log_news

log_syslog

log_user

log_uucp

log_local0-7

level
Specifies a value that, in conjunction with the facility value, is used by the syslog daemon in the remote workstation to determine where to log messages. This value is used for all remotely-logged ELS messages unless you specify a different value for a particular ELS event, range, group, or subsystem with the remote command.

These are all possible syslog level values:

log_emerg

log_alert

log_crit

log_err

log_warning

log_notice

log_info

log_debug

local_id
Specifies a 1-32 character identifier that appears in the remote logging message that you can use to identify which machine logged a particular message.

remote_ip_addr
This is an IP address of the remote host where the log files reside.

source_ip_addr
Specifies the IP address of the machine that originated the message that is being remotely-logged.

You should use an IP address that is configured in the 2212 for easier identification when the IP address or the hostname is shown in the remotely-logged ELS message. You should also verify that this IP address is quickly resolved to a hostname by the name server, or at least that the name server responds quickly with "address not found."

To determine that the IP address resolves properly enter the host command on your workstation as shown:

workstation>host 5.1.1.1
host: address 5.1.1.1 NOT FOUND
workstation>

If the response takes more than 1 second, select an IP address that resolves more quickly.

timestamp
Allows you to turn on message timestamping so that either the time of day or uptime (number of hours, minutes, and seconds, but no date, since the device was last initialized) appears next to each message, or to turn off message timestamping.
Note:If you turn on timestamping, you must remember to go back into the CONFIG process and set the device's date and time using the time command. Otherwise, all messages will come out with 00:00:00, or negative numbers in the hours, minutes, and/or seconds, for example 00:-4:-5.

Use the set timestamp command to enable one of the following timestamp options:

timeofday
Adds an HH:MM:SS prefix to each ELS message indicating the time of the occurrence during a 24-hour day.

uptime
Adds an HH:MM:SS prefix to each ELS message indicating the time of the occurrence during a 100-hour cycle of uptime for the device. After 100 hours of uptime, the uptime counter returns to zero to begin another 100-hour cycle.

off
Turns off the ELS timestamp prefix.

Syntax:

set timestamp
[timeofday or uptime or off]

trace
Use the set trace command to configure tracing options. When tracing options are configured from the monitoring environment, the changes take effect immediately, and return to their previously configured settings when the device is rebooted.

Syntax:

set trace
decode . . .

default-bytes-per-pkt . . .

disk-shadowing . . .

max-bytes-per-pkt . . .

memory-trace-buffer-size . . .

off

on

reset

stop-event . . .

wrap-mode . . .

decode . . .
Sets packet decode options. Packet decoding is not supported by all components.

exclude
Excludes the specified frame type for decode. The possible frame types for exclusion are:

lecontrol
LE Control

ip
IP

arp
ARP

ipx
IPX

netbios
NetBIOS

bpdu
BPDU

appletalk
AppleTalk

aarp
AppleTalk ARP

hex
Turns off printing of hexadecimal frame data.

summary
Turns off printing of a one-line summary decode. A complete decode is printed.

all
Excludes all packet types from the trace. No frame types are decoded.

none
Excludes no packet types from the trace. exlcude all.

include
Includes the specified frame type for decode. The possible frame types for inclusion are:

lecontrol
LE Control

ip
IP

arp
ARP

ipx
IPX

netbios
NetBIOS

bpdu
BPDU

appletalk
AppleTalk

aarp
AppleTalk ARP

hex
Turns on printing of hexadecimal frame data.

summary
Turns on printing of a one-line summary decode. A complete decode is not printed.

all
Includes all packet types in the trace.

none
Includes no packet types in the trace. This is the opposite of include all.

off
Sets decoding off.

on
Sets decoding on.
Note:The default setting is to print complete decode output for all frame types. Use the list trace-status command to see the current decode settings. See page ***.

default-bytes-per-pkt bytes
Sets the default number of bytes traced. This value is used if a value is not specified by the component doing the tracing.

disk-shadowing [[off or on] or [delete-file or record-size or time-limit]]
Turns disk shadowing on or off, sets the maximum trace file size, or sets the maximum time for disk-shadowing traces.

[off or on]
Turns disk shadowing on or off. If disk shadowing is enabled, trace records are copied to the hard disk. Once a traced record is copied to the hard disk, it can no longer be viewed from the monitoring.
Note:Disk shadowing should be set to OFF whenever the WRITE, TFTP software, RETRIEVE system dump, or COPY software commands are issued.
Turns disk shadowing on or off and sets the maximum trace file size. If disk shadowing is enabled, trace records are copied to the hard disk. Once a traced record is copied to the hard disk, it is no longer viewable through the monitoring.

record-size bytes
Sets the record size for trace file records:

Valid Values:
1024, 2048, or 4096 bytes

Default:
2048 bytes

Notes:

  1. If a trace file already exists, "Cannot change Record Size without first deleting the existing Trace File" is displayed and record size is not changed.

  2. If you configure a record size and a trace file already exists, the trace will use the record size of the existing file.

delete-file
Deletes the trace file (in the subdirectory associated with the active bank only).
Note:If disk shadowing is ON when the command is issued, " Disk-shadowing must be set to OFF before trace file can be deleted" is displayed and the file is not deleted.

time-limit hours
Sets the maximum time for disk-shadowing of traces:
Valid Values:
1 to 72 hours
Default
24
Note:Disk shadowing stops (tracing continues) after this time has elapsed. The actual time is reset to 0 when disk shadowing is turned on again.

max-bytes-per-pkt bytes
Sets the maximum number of bytes traced for each packet.

memory-trace-buffer-size bytes
Sets the size, in bytes, of the RAM trace buffer.

Valid Values: 0, >=10,000

Default Value: 0

off
Disables packet tracing.

on
Enables packet tracing.

reset
Clears the trace buffer and resets all associated counters.

stop-event event id
Stops tracing when an event (event id) occurs. Enter either an ELS event id (for example: TCP.013) or "None". "None" is the default. Tracing stops only if the display of the particular ELS event is enabled.

When a stop-event occurs, an entry is written to the trace buffer. The view command for this trace entry will display "Tracing stopped due to ELS Event Id: TCP.013".

After tracing stops due to a stop-event, you must re-enable tracing with the set trace on command. (A restart will also re-enable tracing if enabled from the ELS Config> prompt.)

Example:

set trace stop-event TCP.013

wrap-mode off/on
Turns the trace buffer wrap mode on or off. When wrap mode is enabled and the trace buffer is full, previous trace records will be overwritten by new trace records as necessary to continue tracing.

Statistics

Use the statistics command to display a list of all of the available subsystems and their statistics.
Note:The following example may not match your display exactly. The output of the command depends on the version and release of the installed software.

Syntax:

statistics
 
Example:
statistics
 
Subsys  Vector  Exist   String  Active    Heap
 
  GW     105     101      3411     0         0
 FLT      20       7       184     0         0
 BRS      50       5       201     0         0
 ARP     150     142      7030     0         0
  IP     100     100      2463     2        20
ICMP      30      21       529     0         0
 TCP      60      57      2420     0         0
 UDP      10       6       179     0         0
 BTP      40      13       695     0         0
 RIP      30      22       474     0         0
OSPF      80      73      2859     0         0
MSPF      40      17       593     0         0
TFTP      35      29       819     0         0
SNMP      30      28       821     0         0
 DVM      30      21       589     0         0
  DN     140     115      5842     0         0
  XN      35      21       780     0         0
 IPX     110     110      4705     0         0
CLNP      80      58      1763     0         0
ESIS      40      24       716     0         0
ISIS      80      58      2422     0         0
DNAV      50      26      1314     0         0
 AP2      80      70      1755     0         0
ZIP2      60      51      1859     0         0
R2MP      50      38      1185     0         0
 VIN      90      79      3159     0         0
 SRT     120      94      5040     0         0
 STP      60      32      1590     0         0
  BR      50      30      1616     0         0
SRLY      30      28      1409     0         0
 ETH      60      47      1098     0         0
  SL      50      35       584     0         0
 TKR      60      45      2031     0         0
 X25      70      53      1909     0         0
FDDI      30      27      1155     0         0
SDLC     100      95      4263     0         0
 FRL     130      97      6068     0         0
 PPP     190     186      6394     0         0
X251      50      16       546     0         0
X252      50      34       996     0         0
X253      50      42      1649     0         0
ISDN      50      43      1994     0         0
IPPN      20       4       132     0         0
 WRS      40      33      1938     0         0
 LNM      70      60      3137     0         0
 LLC     170     168      9840     0         0
 BGP      80      74      2477     0         0
 MCF      15       9       244     0         0
 DLS     500     497     24340     0         0
 V25B     30      28      1058     0         0
 BAN      30      29      1223     0         0
 COMP     80      26      1050     0         0
 NBS     100      50      3029     0         0
  LEC     200     174      7258     0         0
APPN     100      28       467     0         0
ILMI     150      23       487     0         0
SAAL      30      26       621     0         0
 SVC      30      26       465     0         0
 LES     400     361     22333     0         0
LECS     150     145      5666     0         0
 
EVLOG      1       1       105     0         0
 NOT      25      15       508     0         0
NHRP     250     211      8193     0         0
 XTP      64      58      2271     0         0
 ESC     150      67      3122     0         0
 LCS      40      22       858     0         0
 LSA      70      61      3506     0         0
 MPC     130      30      1677     3        44
SCSP      40      34      1234     0         0
ALLC      50      36      1842     0         0
 NDR      50      38      1150     0         0
 MLP     100      93      4006     0         0
 SEC      50      30       688     0         0
ENCR     100       4       194     0         0
  PM      25       6       120     0         0
 DGW      20       9       238     0         0
QLLC      55      54      2411     0         0
 
Total   6490    4942    215805     5        64
 
Maximum:7976 vector, 155 subsystem
Memory:71784/620 vector+ 81256/217714 data+ 64 heap=371438Subsys

Subsys
Name of subsystem

Vector
Maximum size of subsystem

Exist
Number of events defined in this subsystem

String
Number of bytes used for message storage in this subsystem

Active
Number of active (displayed, trapped, or counted) events in the subsystem

Heap
Dynamic memory in use by subsystem

Trace

Use the trace command to select the trace events to be displayed on the system monitoring.

Syntax:

trace
event . . .

group . . .

range . . .

subsystem . . .

event subsystem.event#
Causes the specified trace event (subsystem.event#) to be displayed on the system monitoring.

group groupname
Allows trace events that were previously added to the specified group to be displayed on the device monitoring.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the trace events in the specified range for the specified subsystem to be displayed on the system monitoring.

Example:

trace range gw 19 22

Causes the trace events gw.19, gw.20, gw.21, and gw.22 to be displayed on the system monitoring.

subsystem subsystemname
Allows trace events associated with the specified subsystem to be displayed on the device monitoring.

Trap

Use the trap command to select the message to be sent to the remote SNMP network management workstation. A remote SNMP network management workstation is an IP host in the network acting as an SNMP manager.

Syntax:

trap
event . . .

 
group . . .

 
range . . .

 
subsystem . . .

event subsystem.event#
Causes the specified message (subsystem.event#) to be sent to a network management workstation in an SNMP trap.

group groupname
Allows messages that were previously added to the specified group to be sent to a network management workstation in an SNMP trap.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the messages that are in the specified range for the specified subsystem to be sent to a network management workstation in an SNMP trap.

Example:

trap range gw 19 22

Causes the messages in events gw.19, gw.20, gw.21, and gw.22 to be sent to a network management workstation in an SNMP trap.

subsystem subsystemname
Allows messages associated with the specified subsystem to be sent to a management station in an SNMP trap.
Note:Messages for the IP, ICMP, ARP and UDP subsystems cannot be sent in SNMP traps because these areas are or may be used in the process of sending the SNMP trap. This could lead to an infinite loop of traffic putting an undue strain on the device.

View

Use the view command to view traced packets.

Syntax:

view
current

first

jump

last

next

prev

search ...

current
Displays the current trace packet. If the current packet is not valid, the first packet in the trace buffer is displayed.

first
Displays the first traced packet in the trace buffer.

jump n
Displays the traced packet n packets ahead of or behind the current packet.

last
Displays the last traced packet in the trace buffer.

next
Displays the next traced packet.

prev
Displays the previous traced packet.

search
Displays the next traced packet that contains the specified information. You can specify the search information by:

ELS Net Filter Monitoring Commands

This section describes explains the commands to manipulate ELS net filters. To enter the filter environment, enter the filter net command at the ELS> prompt. Enter the monitoring commands at the ELS Filter net> prompt.

Table 19. ELS Net Filter Monitoring Commands
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
Create Creates a filter and assigns it a number. A maximum of 64 filters is allowed.
Delete Deletes a specified filter number or all filters.
Disable Disables a specified filter number or all filters.
Enable Enables a specified filter number or all filters.
List Lists a specified filter number or all filters.
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Create

Use the create command to create an ELS net filter.

Syntax:

create queue
event event_name net#_start net#_end

range event_range net#_start net#_end

subsystem subsystem_name net#_start net#_end

queue
The queue for which you are setting the filter. The valid queues are:

Display

Trace

Trap

Remote

event event_name net#_start net#_end
Specifies the event and net numbers that you are filtering.

If you specify net#_start and net#_end as the same number, you are filtering on a single net number.

The command create trap event GW.009 2 10 filters traps for message GW.009 for net numbers 2 through 10.

range event_range net#_start net#_end
Specifies the range of ELS messages and net numbers that you are filtering.

If you specify net#_start and net#_end as the same number, you are filtering on a single net number.

The command create remote range ipx 19 22 3 6 filters all ipx messages beginning with IPX.019 and ending with IPX.022 for net numbers 3 through 6 for remote logging.

subsystem subsystem_name net#_start net#_end
Specifies the subsystem and net numbers that you are filtering.

If you specify net#_start and net#_end as the same number, you are filtering on a single net number.

The command create display subsys ip 1 1, filters all ELS messages for the ip subsystem that contain net number 1 to the display. All other ip subsystem messages are discarded.

Delete

Use the delete command to delete a specific ELS filter or all ELS filters.

Syntax:

delete
all

filter filter#

all
Deletes all currently configured filters.

filter filter#
Deletes the filter specified by filter#. Use the list command to obtain the number for the filter you want to delete.

Disable

Use the disable command to disable a specific ELS filter or all ELS filters.

Syntax:

disable
all

filter filter#

all
Disables all currently configured filters.

filter filter#
Disables the filter specified by filter#. Use the list command to obtain the number for the filter you want to disable.

Enable

Use the enable command to enable a specific ELS filter or all ELS filters.

Syntax:

enable
all

filter filter#

all
Enable all currently configured filters.

filter filter#
Enable the filter specified by filter#. Use the list command to obtain the number for the filter you want to enable.

List

Use the list command to list a specific ELS filter or all ELS filters.

Syntax:

list
all

filter filter#

all
Lists all currently configured filters.

filter filter#
Lists the filter specified by filter#.

ELS Message Buffering Monitoring Commands

Table 20 describes the commands available at the ELS Config Advanced> prompt.

Table 20. ELS Message Buffering Monitoring Commands
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
Flush Clears the message buffer and turns off logging to the message buffer.
List Displays the operational settings for message buffering.
Log Enables logging of selected messages to the message buffer.
Nolog Turns off logging of selected messages to the message buffer.
Read-file Reads a formatted message buffer from a file and displays it on the console.
Set Sets the size of the message buffer, the wrapping mode, whether logging occurs, which event will end message buffering, and what the system does when message buffering is stopped by an event.
Tftp Sends the ELS message buffer to a file at a remote host.
View Displays all or a specific number of messages in the message buffer. You can also control how the messages scroll off the screen.
Write-buffer Writes the ELS message buffer to the hard file. The buffer is formatted before it is written. The file name on the hard file is always ELSADV.LOG.
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Flush

Use the flush command to set logging off, clear the messages from the buffer, and release the buffer memory for other use by the system.

Syntax:

flush
buffer

List

Use the list command to list the ELS message buffering configuration.

Syntax:

list
status

Example:

ELS Advanced> list status
-------------------------------------Configuration-------------------------------- 
Logging Status:    OFF       Wrap Mode:   ON    Logging Buffer Size:    8500 Kytes 
Stop-Event:    APPN.2          Stop-String:     netdn for  intf 6 
Additional Stop-Action:  APPN DUMP 
------------------------------------Run-Time Status------------------------------ 
Has Stop Condition Occurred ?     YES       Messages currently in buffer:         1222 

See Set for a description of the commands that change the values in the display.

Log

Use the log command to select which messages will be logged to the message buffer.

Syntax:

log
event

group

range

subsystem

event subsystem.event#
Causes the specified message (subsystem.event#) to be logged to the message buffer.

group groupname
Allows messages that were previously added to the specified group to be logged to the message buffer.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the messages that are in the specified range for the specified subsystem to be logged to the message buffer.

Example:

log range gw 19 22

Causes the messages in events gw.19, gw.20, gw.21, and gw.22 to be logged to the message buffer.

subsystem subsystemname
Allows messages associated with the specified subsystem to be logged to the message buffer.

Nolog

Use the nolog command to remove messages from the defined list of messages that are logged to the message buffer.

Syntax:

nolog
event

group

range

subsystem

event subsystem.event#
Causes the specified message (subsystem.event#) not to be logged to the message buffer.

group groupname
Allows messages that were previously added to the specified group not to be logged to the message buffer.

range subsystemname first_event_number last_event_number

Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.

Causes the messages that are in the specified range for the specified subsystem not to be logged to the message buffer.

Example:

log range gw 19 22

Causes the messages in events gw.19, gw.20, gw.21, and gw.22 not to be logged to the message buffer.

subsystem subsystemname
Allows messages associated with the specified subsystem not to be logged to the message buffer.

Read-file

Use the read-file command to read formatted ELS messages from a file on the hard file, ELSADV.LOG, created by the write-buffer command.
Note:If you enter this command and a hard file is not available, you will receive a message indicating the drive is unavailable.

Syntax:

read-file
 

Set

Use the set command to change configured ELS message buffering options.

Syntax:

set
logging [on or off]

stop action . . .

stop event subsystem.event#

stop string text

wrap [on or off]

logging [on  or  off]
Specifies whether message buffering will occur. This command will not take affect until you allocate a buffer using the set buffer-size command. The default is off.

stop action [appn-dump  or  disk-offload or  none  or  system-dump]
Specifies the additional action the system takes when the "stop event" (and if specified, the "stop string") occurs. The actions are:

appn-dump
Dumps the APPN protocol, if it is active. The APPN dump will indicate that the dump was taken as the result of a stop action.

disk-offload
Writes a formatted version of the buffer to a file on the hard file. If the file already exists, the new file replaces it. You can then use the tftp file monitoring command to send the file to a remote host.

none
No other action is taken after logging stops.

system-dump
Dumps the entire system. The system dump will indicate that the dump was taken as the result of a stop action.

Default value: none

stop event [subsystem.event#  or  none]
Specifies the event (subsystem.event#) that stops logging. If you have specified a stop string, the text in the stop string must also match. When the stop event occurs:
  1. If no stop action has been specified (that is, none), the next five ELS messages are logged. However, if a stop action (other than none) has been specified, no additional ELS messages are logged.
  2. Logging stops.
  3. The system performs the specified "stop action."

Logging remains stopped until the next time you issue the set logging on command or the device reboots.

If you do not specify the stop event when you enter the command, the system prompts you to enter the stop event. Specifying none disables the stop event function.

Default value: none

stop string text  or  none
Specifies the string to be used in conjunction with the "stop event" to stop logging. If you have not specified a stop event, the system ignores the "stop string."

Text can be any ASCII string up to 32 characters in length. If you do not specify text when you enter the command, the system will prompt you for the string. Entering none clears the "stop string."

Default value: none

wrap [on  or  off]
Specifies whether to stop the log when the buffer is full (off) or to log the new messages at the beginning of the buffer (on).

Default value: on

Tftp

Use the tftp command to send the ELS message buffer to a remote host as a formatted file.

Syntax:

tftp
buffer [formatted ] dest_ip_address dest_filename

file dest_ip_address dest_filename

buffer [formatted ] dest_ip_address dest_filename
Specifies that the ELS message buffer is to be sent to the remote host indicated by dest_ip_address as file dest_filename. The buffer can be either formatted.

View

Use the view command to view all of the messages or a specific number of messages in the message buffer.

Syntax:

view
all [scroll/noscroll]

last [scroll/noscroll number]

all scroll/noscroll
Displays all of the messages in the message buffer.

[scroll]
Specifies that the screen pauses until you hit the spacebar.
Note:If you are displaying a large number of messages, specify scroll so you do not miss any critical messages.

noscroll
Specifies that the messages will scroll off the screen if the number of messages exceeds the screen length.

last scroll/noscroll number
Display the last number messages in the message buffer.

[scroll]
Specifies that the screen pauses after displaying a full screen of messages and waits for the user to hit the space bar to get the next screen.
Note:If you are displaying a large number of messages, specify scroll so you do not miss any critical messages.

noscroll
Specifies that the messages will continuously scroll off the screen with no scroll control until either all messages in the buffer (or the last number of messages requested) have been displayed.

number
Specify a number from 1 to the total number of messages in the message buffer. To display the total number of messages in the buffer, use the list status monitoring command.

Write-buffer

Use the write-buffer command to write formatted ELS messages to the hard file.
Note:If you enter this command and a hard file is not available, you will receive a message indicating the drive is unavailable.

Syntax:

write-buffer
 


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]