Chapter 13 - Tracking Server Events
This chapter explains how to use the OPERATE or MSERVICE commands to:
![]() |
Specify mask levels for reporting network events |
![]() |
Generate log reports |
![]() |
View log reports on-line at your DOS workstation or at the server console |
![]() |
Write log reports to a DOS file |
Note: You can also use StreetTalk Explorer to accomplish these tasks.
This chapter does not contain information on using the Backup/Restore logs or on interpreting log messages. For information on using the Backup/Restore logs, refer to "Viewing Information About Backup/Restore Activity on the Server" in Chapter 5. If you need help interpreting log messages, contact your Banyan support representative.
The server maintains a record of the events in which it is involved. Information about server events assists you in troubleshooting, determining the source of security violations, and measuring usage.
These events include:
Local operations - Events related to operations you perform at the server, such as backup/restore operations, or installing hardware or software.
Network transactions - Events related to services maintained on the server, such as service users, sessions, file usage, access errors.
You can monitor these events in the following ways:
![]() |
View messages maintained in the server's log files. Most services maintain two log files between 10 KB and 50 KB in size. The service writes to one log until it is full, then flushes the contents of the other log and writes to it. You can configure the size of these log files; see Planning a Banyan Network. |
![]() |
Set up an Event Management Service (EVS) so that, when an event of a certain defined severity occurs, it generates a message that is sent to a target management station. |
A mask is a variable used to filter database information when building log files. Different mask levels exist. The mask level you use determines which information the log files contain. In general, using a higher mask level results in a more detailed log files.
Each mask level reports information for that level and all the lower levels. For example, if you select Mask Level 2, all the messages related to Level 2 are logged, as well as Level 1 and Level 0 messages.
A Banyan server maintains the following types of masks:
![]() |
Log mask |
![]() |
Event mask |
The log mask determines the level of reporting in effect for a service's local logs. The event mask determines the level of reporting to the Event Management Service (EVS).
EVS runs on each server and interacts with other network services. The event mask for each service determines which events the service reports to EVS for processing. Each time a network event occurs, services use the mask to determine whether to send the event to EVS, which stores the event in a database. Refer to the Server Agent Guide for information on configuring EVS.
Services report the following types of events:
![]() |
Alarms |
![]() |
Warnings |
![]() |
Audits |
![]() |
Information |
In addition, a service may report debug messages.
Alarms
Alarms alert you to critical problems that require immediate attention. The following problems are classified as alarms:
![]() |
Service shutting down due to errors |
![]() |
Communication problem (lost sessions or failure to communicate with another service) |
Warnings
A warning is an event that conveys information about service performance or function, such as a threshold level being reached or a recoverable error with a service. A warning alerts you to potential problems that may develop.
Audits
An audit event is an event that indicates security or accounting information, such as a login or logout, or a session with a service becoming active.
Information Events
An information event is an event that indicates general information about a service, such as a service starting or a change in date.
Servers report numerous events. Setting a mask level can assist you in identifying the event messages you are interested in. Each mask level defines a unique level of message reporting. In general, as you increase the log mask level, you also increase the volume of system messages that are logged. If you do not set a mask level, the default mask levels remains in effect.
Log mask levels range from 0 to 5 (Table 13-1) and the default is 4. Event mask levels range from 0 to 3 (Table 13-2) and the default is 2.
When you set a mask level for a service, it remains in effect until you set a new mask level for that service. The mask level does not change when you reboot the server or stop and start services.
Setting the Mask for Multiple Servers and Events
You set the mask level differently depending on whether you are setting an event mask or a log mask and whether you want to set levels for multiple services or for a single service.
Use OPERATE to set the log mask for multiple services; you cannot set the event mask using OPERATE.
Use MSERVICE to set the mask level for a single service and to set the event mask.
To set the mask for a service, you must be an administrator of either the server or the group that maintains a service. To qualify as an administrator, you must be on one of the following lists:
![]() |
AdminList@servername@Servers (where servername is the name of the server that maintains the service) |
![]() |
AdminList@group@organization (where group and organization are the names of the group and organization that maintain the service) |
To Set the Log Mask Level for Multiple Services
1. From the DOS command line of a network workstation, do one of the following:
- Enter OPERATE. The Operate A Server screen appears and displays a list of servers. Continue with step 2.
or
- Enter OPERATE servername, where servername represents the name of a server. The Operate A Server screen appears. Skip to step 3.
2. Select a server from the list of available servers. You can only select one server name at a time. The Operate A Server screen changes to display a list of commands and a list of services.
3. Select MANAGE server logs. The Manage Server Logs screen appears.
4. Select SPECIFY service log levels. The Select Services screen appears and displays a list of the services on the server.
5. Select the services that you will set the log levels for by doing one of the following:
- To select all services, press F8.
- To select individual services, use the arrow keys to highlight a service and press ENTER. You can select more than one service. An asterisk (*) appears beside the name of each service you select.
Services that you do not select do not have their log level changed.
6. Press F10. The Specify Log Message Level screen appears and displays the available log levels.
7. Do one of the following:
- Select a log level. The following message appears:
Setting log levels on selected services.
The new log level takes effect immediately.
- Press ESC to leave the current log level in effect.
To Set the Mask Level for a Single Service
1. From the DOS command line of a network workstation, do one of the following:
- Enter MSERVICE. The Manage Services screen appears and lists the services available in your StreetTalk group.
or
- Enter MSERVICE servicename, where servicename represents the full StreetTalk name of a service you want to control. The Manage a Service screen appears. Skip to step 7.
2. Do one of the following:
- If the service appears on the screen, choose SELECT from list below. Skip to step 6.
- If the service does not appear, select SEARCH for other services. The Search For Services screen appears.
3. Select the method you would like to use to search for a service. You are prompted to enter information about the service.
4. Enter the appropriate information. The Manage Services screen appears and lists services that match your search criteria.
5. Choose SELECT from list below.
6. Select a service from the list. The Manage A Service screen appears.
7. Select CONTROL the service. The Control A Service screen appears.
8. Do one of the following:
- Select SPECIFY log mask. The Specify Log Message Level screen appears.
- Select SPECIFY event mask. The Specify Event Mask Level screen appears.
9. Do one of the following:
- Select a mask level. The Control a Service Menu appears and briefly displays the following message:
Setting level for servicename@group@organization.
The new log level takes effect immediately except in the case of file services; go to step 10.
- Press ESC to leave the current mask level in effect.
10. For file services, stop and then restart the service for the new log level to take effect. Refer to Chapter 2 for information on how to stop and start services.
When generating a log report, you can specify the range of dates and select which services to include in the report. To view information for particular dates or multiple services, use one of the following commands:
![]() |
If you want to include a single service in the report and do not want to specify a time range, use MSERVICE. |
![]() |
If you want to include multiple services or want to specify a time range in the report, use OPERATE. |
Note: The time range covered by a log report may not be exactly as you specify it. Services have no control over messages generated by the operating system and the report may contain operating system messages from dates outside the specified range. In addition, if the log file for the days you specify has been overwritten, messages from those days are no longer available.
To cancel a request while it is being processed, press ESC or ENTER. At the confirmation screen that appears, indicate that you want to cancel the operation.
To Generate a Log Report for Several Services
1. From the DOS command line of a network workstation, do one of the following:
- Enter OPERATE. The Operate A Server screen appears and displays a list of servers.
or
- OPERATE servername, where servername represents the name of a server. The Operate A Server screen appears. Skip to step 3.
2. Select a server from the list of available servers. You can select only one server name at a time. The Operate a Server screen changes to display a list of commands and a list of services.
3. Select MANAGE Server Logs. The Manage Server Logs screen appears.
4. Select GENERATE a log report. The Select Services screen appears and lists the services on the server.
5. Do one of the following:
- To select all services, press F8.
- To select individual services, use the arrow keys to highlight a service and press ENTER. You can select more than one service. You can also choose to view the System Log. An asterisk (*) appears beside the name of each selection you make.
6. Press F10. The Specify Time/Date Range screen appears. You are prompted to enter the date and time of the period for which you want to view log messages.
7. Do one of the following:
- To view logs that relate to a specific period of time, at the prompt, enter the time and date for the earliest and latest log entries you wish to view. You must enter the information in the following format: MM/DD/YY,HH:MM.
For example, specifying 05/14/95,00:30 in the From field and 05/16/95,12:30 in the To field displays all messages logged from 12:30 a.m. on May 14, 1995 to 12:30 p.m. on May 16, 1995.
- To accept the default time range, press ENTER. If you do not specify a range, the report includes all log entries received from each selected service during the period shown.
8. Press ENTER. One of the following occurs:
- If you selected System Log or pressed F8 to view all logs in step 5, you are prompted to perform consistency checking within the System Logs.
- The Creating Log Report screen appears. Skip to step 10.
9. Do one of the following:
- Select NO to cancel the consistency checking.
- Select YES to perform consistency checking. A consistency check requires several minutes to complete.
The Creating Log Report screen appears.
Note: If you want to perform a consistency check, select YES within 30 seconds; otherwise the log report is automatically generated without performing the check.
10. Do one of the following:
- Press ENTER or ESC to cancel the report. You are prompted to verify that you want to cancel the report. Continue with step 11.
- Wait until the report is created. The Manage Log Report menu appears. You can now view the report on-line or write it to a DOS file. Refer to "Viewing Log Reports" later in this chapter.
11. Select one of the following:
- YES to cancel the report. The Manage Server Logs screen appears.
- NO to continue generating the report. The Manage Log Report menu appears. You can now view the report on-line or write it to a DOS file. Refer to "Viewing Log Reports" later in this chapter.
Note: If you do not cancel the report within 30 seconds after you are prompted to verify your choice, the log report is automatically generated.
To Generate a Log Report for a Single Service
1. From the DOS command line of a network workstation, do one of the following:
- Enter MSERVICE. The Manage Services screen appears and lists the services available in your StreetTalk group. Continue with step 2.
or
- Enter MSERVICE servicename, where servicename represents the full StreetTalk name of a service you want to control. The Manage a Service screen appears. Skip to step 7.
2. Do one of the following:
- If the service appears on the screen, choose SELECT from list below.
- If the service does not appear, select SEARCH for other services. The Search For Services screen appears.
3. Select the method you would like to use to search for a service. You are prompted to enter information about the service.
4. Enter the appropriate information. The Manage Services screen appears and lists services that match your search criteria.
5. Choose SELECT from list below.
6. Select a service from the list. The Manage A Service screen appears.
7. Select CONTROL the service. The Control A Service Menu appears.
8. Select Generate log report. The Creating Log Report screen appears.
9. Do one of the following:
- Press ENTER or ESC to cancel the report. You are prompted to verify that you want to cancel the report. Go to step 10.
- Wait until the report is created. The Manage Log Report menu appears. You can now view the report on-line or write it to a DOS file. Refer to "Viewing Log Reports" later in this chapter.
10. Select one of the following:
- YES to cancel the report. The Control a Service screen appears.
- NO to continue generating the report. The Manage Log Report menu appears. You can now view the report on-line or write it to a DOS file. Refer to "Viewing Log Reports," which follows.
Note: If you do not cancel the report within 30 seconds after you are prompted to verify your choice, the log report is automatically generated.
After the log report is generated for either multiple services or a single service, the Manage Log Report menu is appears. The Manage Log Report Menu allows you to view log messages on the terminal screen, or to write the log messages to a file.
These functions are described in the next two sections.
To Write Log Messages to a DOS File
1. From the Manage Log Report screen, select Write Log Messages to a File. You are prompted to enter a pathname for the file.
2. Enter the pathname to a directory on a workstation or network fixed disk.
3. One of the following occurs:
- If you specify an invalid directory, the file is not created.
- The following messages appear:
Copying file please wait...
Log report written to drive:\directory\filename4. The Manage Log Report Menu appears. Press ESC to exit.
To View the Log Report On-line
1. From the Manage Log Report screen, select View Log Messages to view the log report on-line. Page 1 of the log report appears. The current line number is listed on the lower right of the screen.
2. Do one of the following:
- Use the arrow keys or PAGE UP and PAGE DOWN to scroll through the report. Commands for searching the log file are available (Table 13-3).
- Press ESC or CTRL-C to stop viewing the report. The Manage Log Report screen appears.
3. Depending in whether you want to save the report to a file, do one of the following:
- If you do not want to save the report, press ESC. You are prompted to save the report. Continue with step 4.
- If you want to save the report, refer to "To Write Log Messages to a DOS File."
4. Select NO. The Control a Service screen appears.
Generating Server Log Reports from the Console
You can also generate log reports from the server console. The server's operating system log includes the following information:
![]() |
Server patch history |
![]() |
Console startup messages |
![]() |
System profile |
![]() |
Dates and times of past power failures and shutdowns |
![]() |
Server communications configuration and errors |
![]() |
Device errors for the server's fixed disks and tape drive |
![]() |
Memory parity errors |
![]() |
Total I/O operations |
![]() |
Stray interrupts |
![]() |
System time changes |
![]() |
Disk-checking log |
The server log report is designed for Banyan service representatives to resolve problem reports quickly and efficiently. A support engineer will work with you to interpret these logs.
You can view the log report on the console screen or save it to a file.
To Generate a Server Log Report on a VINES Server
1. From the Operator Menu, select System Maintenance. The System Maintenance menu appears.
2. Select Save/Display Server Log Reports. A menu appears, listing the items you can include in the report. The menu includes the following: Server Operating System, Server Log File, Backup/Restore Log files, and all services on the server.
3. Do one of the following:
- To generate a comprehensive report on all services, enter ALL. You are prompted to perform consistency checking on the System Log files. Enter NO. You are prompted to choose between viewing the report on screen or saving the report to a file. Skip to step 5.
- To generate a log report for one or more individual items, enter the number of each item to include. If you chose Server Operating System as one of the items to include in the report, you are prompted to perform consistency checking on the System Log files. Enter NO.
After each entry, the number of the item appears in the list of current choices and you are prompted to enter another number or press ENTER.
4. When you finish selecting items to include in the report, press ENTER. You are prompted to choose between viewing the report on screen or saving the report to a file.
5. Do one of the following:
- Select Save Report. The report is saved in the specified file volume.
- Select Display Report on Screen. The report appears on the console.
Benign Log Entries
When you generate log reports, you may notice some error messages that look serious but are actually benign and do not indicate a problem with the system. The System Log, for example, may include the following entries each time services start:
[256] Version mismatch encountered in atp.db.
[256] Version mismatch encountered in arte.db.
These entries, which refer to the AppleTalk port and routing tables, are normal and do not indicate problems.
The SS log may include any of the following entries each time services are started:
[256] error 2 opening /disk1/local/ss/pgms.db
[256] error 2 opening /disk1/local/ss/svc.db
In these two entries, the pgms.db and svc.db files exist if the server has third-party services installed and created. (If you created and then deleted third-party services, the pgms.db file remains but not the svc.db file.) These messages indicate that these database files do not exist.
When fsck runs, the "Phase 2 - Check Pathnames" section of the fsck log may contain several entries similar to the following example:
BAD DIR ENTRY I = 233
BLK 33109 I=233 OWNER=root MODE=40000
SIZE=352288 MTIME=May 14 13:57 1992
DIR=/BFS/VFS/resource_forks
BAD DIR ENTRY I = 88
BLK 11631 I=88 OWNER=root MODE=40000
SIZE=352288 MTIME=May 10 15:17 1992
DIR=/BFS/VFS/newrforks
Any entry that has a pathname of /BFS/VFS/resource_forks or /BFS/VFS/newrforks is a benign entry and does not indicate a problem with the file system.