ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Disabling the library sharing actlog messages

2012-06-20 10:55:32
Subject: Re: [ADSM-L] Disabling the library sharing actlog messages
From: "Allen S. Rout" <asr AT UFL DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 20 Jun 2012 10:47:28 -0400 
On 06/20/2012 08:38 AM, Neil Schofield wrote:



I personally wouldn't choose to do this, because for troubleshooting
purposes I rely on my actlog to be an authoritative source of everything
the server has done. I mainly use it to prevent messages I don't care
about (such as ANR0944E) from going to other receivers such as the Windows
application event log.



What he said, with enlargement:

I'm a firm fan of keeping the activity logs essentially forever.  I
would reframe your problem description, Grant, as a query-interface
issue, not a data storage issue.   The q actlog interface is Not
Intended For That, and I think they're right not to try to get a whole
analytic engine in there at the command line.

Here's what I do, in a nutshell: Every day, for every server instance,
at about 00:05, I drop "yesterday's" actlog into a compressed file.
They compress really well, more than 10x just with gzip.  Well enough
that I haven't bothered going back and making them do bz2.

Then, I have a script which walks through the actlogs.

1) it applies an extensive list of "I don't really care much about
this sort of line", with reasons.  These get dumped.

my $ignore =
{
 'ANE4952I' => "Client session postmortem",
 'ANE4953I' => "Client session postmortem",
[...]
 'ANR0402I' => "Server session start",
[...]
 'ANR0811I' => "Expiration Processing",
}

2) it identifies lines which I want to forward to those responsible
for a TSM artifact, with regexps for how to extract the artifact in
question.  These get filed, and at the end of the log run, they get
emailed to the responsible parties.


my $collect =
  {
   '        ' => "Node: (\\S+)\\\)\\s",
[...]
   'ANR0425W' => "node (\\S+)\\s",
   'ANR0479W' => "server (\\S+)\\s",
[...]
   'ANR2716E' => "client (\\S+)\\s",
}


3) All the rest of the messages get sent to "Central TSM admins" (aka
me and some folks who don't read it. ;) )


So: In Grant's case, I'd put those messages... (looks..) Aha.  In
fact, I _have_ those messages in my ignore list. :) but they're still
in my actlog repository, so when I e.g. want to analyze frequency of
mount actions per-server since inception, to support an assertion
about my infrastructure, I can still do it.

Here.  Yesterday I was working on an occupation graph dating to the
point I adopted my current architecture.

http://open-systems.ufl.edu/static/asr-pub/servers-5000.pdf

Incredibly useful to keep the data.   I can do the same thing for
mount behavior.


- Allen S. Rout
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Disabling the library sharing actlog messages, Neil Schofield
Next by Date:  [ADSM-L] AW: Disabling the library sharing actlog messages, Michael malitz
Previous by Thread:  Re: [ADSM-L] Disabling the library sharing actlog messages, Neil Schofield
Next by Thread:  [ADSM-L] OpenVMS Client, Geoff Gill
Indexes:  [Date] [Thread] [Top] [All Lists]