Format
TYPE=LG | CLASS =object-class | INSTANCE=object-name | APPL=application-name [ | APPLQUAL=application-qualifier ] [ | MSGTYPE=message-type ] | TEXT=message-text
object-class
object-class and object-name identify the system to which the log message applies. The class of a system can be any of the base classes, or any class derived directly or indirectly from one of the base classes.
Only the object name is used to determine which Operations Sentinel log the event is written to. Therefore, you should usually specify “host” as the object class. However, if you specify “all” as both object-class and object-name, a log message is written to every Operations Sentinel log.
object-name
object-name is the name of the system to which the log message applies and the name of the log to which it is written. For systems defined in Operations Sentinel, this name must match the name that the Operations Sentinel administrator specified as the name for the system.
The Log Viewer allows you to select logs by these same system names. Operations Sentinel Console includes a node in its navigation pane for each of these names under the Log Policies node.
If object-class is sp_host, object-name must be SPO.
You can also log messages for objects that are not defined in Operations Sentinel. In this case, the first message for an object causes a log and a default log policy to be created for that object.
You cannot create a log policy for systems that are not defined in Operations Sentinel, but using the Log Policies node in Operations Sentinel Console you can alter the properties of any log once it has been created.
SP-AMS Consideration [MCP, UNIX]
You can use the variable \_HOSTID\ to substitute the name of the system that sent the matched message.
CP-AMS Consideration [OS 2200]
The character strings $HOST$ and $CONSOLE$ have a special meaning when used as values of an object name. Operations Sentinel replaces these strings with the name of the system ($HOST$) or console ($CONSOLE$) where the matched message originated.
application-name
application-name is an identifier displayed by the Log Viewer allowing you to identify the source of the log message. For instance, you can use the name of the SP-AMS database that sent the LG event report as application-name. This attribute is required.
When you administer log policies in Operations Sentinel Console, each application-name appears as a separate log source in the log policy for the log specified by object-name.
Reserved Names
See the list of reserved names in “AL Event Reports Syntax” for the names of processes internal to Operations Sentinel. Do not use them as application names in event reports. These names are case sensitive, as all are application-name attribute values.
application-qualifier
The application-qualifier further qualifies the application-name. It is commonly used to distinguish one instance of an application program from another. For example, there may be more than one instance of an application running on one or more systems. In this case, the application developer could use the system-id (network name) and process-id of the application as the application qualifier.
This is the recommended format for an application qualifier:
system-id:process-id.[MCP, UNIX]
If you have used the name of the SP-AMS database as the application-name, the application-qualifier could be the group-id and number of the pattern that generated the log message.
message-type
message-type is a 2-character string that you can use to classify a message. The character string is placed in the type box of the log entry created by the event report.
You determine how this attribute is used. It is an optional attribute. If it is not specified in an event report, the box is left blank in the log file.
The following table lists the message types that are used for specific purposes within Operations Sentinel. If you use one of these message types, ensure your use is consistent with its use within Operations Sentinel.
| Message Type | Description | Supported Systems |
|---|---|---|
| Acknowledge alert. | All | |
| Current state of an alert policy action execution (in log SP-EAI only). | All | |
| Clear alert. | All | |
| Close a user external application including remote desktop, console session or terminal emulation session. | All | |
| Control—denotes events of global interest, such as a loss of connection, detected by Operations Sentinel Logging. | All | |
| Discard acknowledge—an alert event report with SEV=acknowledge was discarded because it did not match any outstanding alert. | All | |
| SP-AMS debug mode message (in log SP-AMS only). DB is used for an action that SP-AMS would have taken if the system was not in the debug mode. An error message is also typed DB when SP-AMS is in debug mode. | MCP UNIX Linux | |
| Discard clear—alert event report with SEV=clear discarded because it did not match any outstanding alert. | All | |
| Discard raise—raise alert event report discarded because it was a duplicate of an outstanding alert. | All | |
| Data trace—data read or written to a service connection (in log SP-EAI only). | All | |
| Error. When the source is
| All | |
| Install. Indicates a message produced during installation. | All | |
| Keyin—OS 2200 consoles only. | OS 2200 | |
| Launch (in log SP-EXTAPP only). When an external application is launched from Operations Sentinel Console, messages of this type are written giving the command string, each environment variable, and a code indicating success or failure of initiation of the application. | All | |
| Normal. When the source is an OS 2200 console, NO is used for output from the operations session. | OS 2200 | |
| Normal. When the source is a system, NO designates both messages produced by the systems and commands entered by the user. | All | |
| Open a user external application including remote desktop console session, terminal emulation session, or Windows remote control session. | All | |
| Outstanding read-and-reply—OS 2200 consoles only. The read-and-reply message was outstanding on the console when a new logging connection began. | OS 2200 | |
| Raise alert. | All | |
| Read-and-reply release—OS 2200 consoles only. | OS 2200 | |
| Read-and-reply—OS 2200 consoles only. | OS 2200 | |
| SP-AMS trace mode message (in log SP-AMS only). TR is used for echoes of actions taken by SP-AMS. Error messages are also typed TR so that filtering on "TR>" finds each error message along with other information about the system message. Error messages and the associated descriptions of the system messages leading to the error are typed TR even if SP-AMS is in normal automation mode. | MCP UNIX Linux |
message-text
message-text is the text that is written to the log file and is displayed by the Log Viewer.
Formatting Multiline Text
To create multiline log text, enter the correct number of escape characters (\) before the newline character (\n) as follows. Using an incorrect number of escape characters results in truncated event reports.
From the program spo_event, use the sequence \n.
From a program that is writing to spo_pipe, use a newline character.
From a shell command or script writing to spo_pipe, use the sequence \n.
From an action in an AMS database, use the sequence \\n.
Including a Backslash in Text
To include a backslash (\) in text, you must enter multiple characters, because a backslash has a special meaning in certain contexts.
From spo_event or from a shell command, script, or C, C++, or C# program writing to spo_pipe, use two backslashes (\\).
[OS 2200, MCP, UNIX]
From an AMS database, use four backslashes (\\\\).
Using an incorrect number of escape characters can result in a truncated event report.
Typical Log Entry
The following example illustrates a typical log event report:
TYPE=lg|CLASS=host | INSTANCE=mccoy|APPL=sample |APPLQUAL=test | MSGTYPE=aa| TEXT=Samplemessagetext.
Figure 9–2 shows the log entry that is generated. This message is written to the log named mccoy.
