4.572 rtrv-seculog
Use this command to retrieve the contents of a security log and display it to the user in the scroll area. Various reports can be produced by varying the values of the command parameters. By default, the report is generated from the log on the active fixed disk, although the slog parameter can be used to generate the report from the log on the standby fixed disk.
Parameters
- edate (optional)
- End date. This parameter displays log entries that were created on or before the specified date. If the sdate parameter is specified, log entries created for the period specified by the sdate and edate combination are displayed.
- etime (optional)
- End time. This parameter displays log entries created between midnight (00:00:00) and the time specified by this parameter. If the stime parameter is specified, log entries created in the time period specified by the stime and etime combination are displayed.
- mode (optional)
- Use this parameter to produce a either full log report or an abbreviated log report.
- Range:
-
- brief
- Causes only one line of output to be generated for each log entry reported. Some information in each reported log entry is not shown.
- full
- Produces a report showing multiple lines of output for each log record that is reported. This report displays more information from each log record (including the entire command) than the mode=brief report.
- Default:
- brief
- rectype (optional)
- This parameter specifies whether to consider all records in the log for reporting or only new (un-uploaded) records.
- sdate (optional)
- Start date. This parameter displays log entries created on or after the specified date. If the edate parameter is also specified, log entries created for the period specified by the sdate/edate combination are displayed.
- stime (optional)
- Start time. This parameter displays log entries created between the time specified by this parameter and the end of the day (23:59:59) inclusive. If the etime parameter is specified, log entries created in the time period specified by the stime/etime combination are displayed.
- trm (optional)
- Terminal ID. Use this parameter to report only those log entries created by the specified terminal.
Example
rtrv-seculog:sdate=960214:edate=960215:num=7
rtrv-seculog:mode=full:sdate=960214:edate=960214:stime=062900:etime=063200
Dependencies
If the sdate and edate parameters are specified, the date specified for the sdate parameter must be earlier than or equal to the date specified for the edate parameter.
If the stime and etime parameters are specified, the time specified for the stime parameter must be earlier than or equal to the time specified for the etime parameter.
The month component of the sdate and edate parameter combination must be specified in the range 1–12.
The day component of sdate and edate parameter combination must be specified in the range 1–31. This value must accurately reflect the number of days in the month and year indicated. For example, sdate=960631 is not a valid parameter value because June has only 30 days.
The second component of the stime and etime parameter combination must be specified in the range 00–59.
The minute component of the stime and etime parameter combination must be specified in the range 00–59.
No other security log command can be in progress when this command is entered.
This command cannot be entered at a telnet terminal (terminal ID 17-40).
Notes
To accommodate the year 2000 and beyond, the two-digit year portion of dates is interpreted to be in the indicated century as follows:
- years 95–99 = 1995 through 1999
- years 00–36 = 2000 through 2036
A consequence of this is that date 000101 (Jan 1, 2000) is greater than 991231 (December 31, 1999).
If the mode=brief parameter is specified and the output report has a plus (+) symbol appearing at the end of the command, the plus symbol indicates that more command characters are available to be displayed. Specify the mode=full parameter to see these additional characters.
In the mode=full output report, a plus (+) symbol appearing at the end of the command indicates the command is longer than 150 characters. Note that even in the uploaded log, each record in the log has room to record only 150 characters of the entered command. If the command is longer than 150 characters, then only the first 149 characters of the command and the plus symbol (to indicate that truncation has occurred) are recorded.
Security log size is limited to 50,000 records. Data from a query that exceeds the size limit of the security log cannot be displayed.
The system checks to ensure that the day portion of any sdate/edate value entered is in agreement with the month and year. It issues error message E2252 if the day is found to be invalid (for example, 960631 is not a valid date). The system software and date/time hardware properly handle leap years and leap centuries.
The system uses the sdate/edate and stime/etime parameters to select log records for reporting as follows:
- If the date on which the log record was created is not in the date range specified by the sdate/edate parameters, the record is not reported. The default sdate is the date of the oldest record in the log, and the default edate is the current date.
- If the time of day at which the log record was created is not in the time range specified by the stime/etime parameters, the record is not reported. The default stime is 00:00:00 (midnight), and the default etime is 23:59:59.
- Otherwise, the log record is reported, unless it is disqualified by other parameters such as uid or trm.
As an example, if the following command is entered, records are displayed for October 10, 1996 from 2:00 p.m. until 4:00 p.m., for October 11, 1996, from 2:00 p.m. until 4:00 p.m., and for October 12, 1996, from 2:00 p.m. until 4:00 p.m.
rtrv-seculog:sdate=961010:edate=961012:stime=140000:etime=160000 It takes the system approximately one minute to display 500 lines of data in the scroll area. To output a complete mode=full report (150,000 lines maximum) takes approximately 300 minutes. For this reason, the num parameter defaults to 125 (mode=full) or 500 (mode=brief) to prevent an excessively long process time, unless you deliberately choose a longer report.
This command can be canceled using the F9 function key or the canc-cmd command. See canc-cmd for more information.
The following message appears in the scroll area if the slog=stb parameter is specified (either explicitly or by default) and the standby fixed disk is not available (for example, simplex mode).
Command Failed - unable to read security log
When the rtrv-seculog command is entered, one of the first things that the reporting function does is to examine the log overflow and logging failure flags in the header of the specified log. Depending on the nature of the information found, one of the following notices is displayed in the output:
Notice: Log overflow has occurred -- report may be incomplete.
Notice: Logging failure -- report may be incomplete.
Output
This example shows output for records in the log created between 2/14/96 and 2/15/96 are displayed, up to a maximum of 9 records:
rtrv-seculog:sdate=960214:edate=960215:num=9
rlghncxa03w 96-02-14 06:32:20 EST EAGLE Release 34.0
Notice: Log overflow has occurred -- report may be incomplete.
Reporting parameters:
sdate = 960214
edate = 960215
num = 9
uid trm date time st cmd
-------------- --- ------ ------ -- ------------------------------------
NONE 03 960214 063000 OK login:uid=johnlamb
SEAS 15 960214 063010 OK CHG-SLK::LSN123-03:123456:50,RCH::S+
johnlamb 03 960214 063021 OK rept-stat-trbl
SEAS 15 960214 063032 OK CHG-RTE::LSNABC-001001001:123456:55+
johnlamb 05 960215 064524 RJ ent-card:loc=1201:type=lime1:appl=+
johnlamb 05 960215 064528 OK ent-card:loc=1201:type=lime1:appl=+
johnlamb 03 960215 063030 AB rept-stat-card
johnlamb 03 960215 063031 OK canc-cmd
johnlamb 05 960215 064533 OK logout
Report terminated -- output length limitation (NUM=) reached.
9 records reported of 5613 records scanned.
END OF SECURITY LOG REPORT.
;
This example shows all records in the log created on 2/14/96 between the hours of 06:29:00 and 06:32:00:
rtrv-seculog:mode=full:sdate=960214:edate=960214:stime=062900:etime=063200
rlghncxa03w 96-02-14 06:32:20 EST EAGLE Release 34.0
Reporting parameters:
sdate = 960214
edate = 960214
stime = 062900
etime = 063200
uid trm date time result
---------------- --- ------ ------ -----------
NONE 05 960214 062912 E1234
Cmd: login:uid=eagle
johnlamb 03 960214 063000 OK
Cmd: rept-stat-card
SEAS 16 960214 063123 OK
Cmd:CHG-SLK::LSN12345-12:123456:50,RCH::OOS::::D,PRV123456-106-12,96-02-14-06-31-22;
Johnlamb 03 960214 063128 OK
Cmd:chg-lnp-lrn:lrn=1234567890:nmrgt1=255-255-255-255-255-dpcssn-ssn-255- yes:nmrgt2=255-255-255-255-dpcssn-ssn-255-yes:mrrgt3=255-255-255-255-255- dpcssn+
3 records reported of 50000 records scanned.
END OF SECURITY LOG REPORT.
;
This example displays a maximum of 10 records (SEAS commands) in the log when the SEAS Over IP feature is turned on and SEAS commands are issued through the SEAS terminals:
rtrv-seculog:uid=seas:num=10
tekelecstp 07-03-09 11:57:50 IST EAGLE 37.5.0
Reporting parameters:
uid = seas
num = 10
uid trm date time st cmd
---------------- --- ------ ------ -- ------------------------------------
SEAS 17 070902 124846 RJ ASGN-SLK::LS111-00:AJP6OD:50,SOM::1+
SEAS 17 070902 124856 OK ASGN-SLK::LS111-02:AJP6OD:50,SOM::1+
SEAS 17 070902 124944 OK ASGN-SLK::LS111-03:AJP6OD:50,SOM::1+
SEAS 17 070902 125238 OK ASGN-SLK::LS111-11:AJP6OD:50,SOM::1+
SEAS 17 070902 125245 OK ASGN-SLK::LS111-05:AJP6OD:50,SOM::1+
SEAS 17 070902 125257 OK ASGN-SLK::LS111-13:AJP6OD:50,SOM::1+
SEAS 17 070902 130331 OK ASGN-SLK::LS111-02:AJP6OD:50,SOM::1+
SEAS 17 070902 130539 OK ASGN-SLK::LS111-02:AJP6OD:50,SOM::1+
SEAS 25 070902 131327 OK ASGN-SLK::LS111-03:AJP6OD:50,SOM::1+
SEAS 25 070902 184758 OK ASGN-SLK::LS111-02:AJP6OD:50,SOM::1+
Report terminated -- output length limitation (NUM=) reached
10 records reported of 240 records scanned.
END OF SECURITY LOG REPORT.
Legend
- uid—User ID that issued the command. The value SEAS appears if the command was received on a SEAS port. The value NONE appears if no user ID was associated with the port at the time the command was logged.
- trm—Terminal ID of the terminal where the command was received
- date—Date the log entry was made; that is, the date on which the command was received for execution
- time—Time the log entry was made; that is, the time the command was received for execution. A 24-hour time format is used (for example, 1:00 p.m. = 130000).
- st—Two-letter shorthand notation of the command’s status. The complete status can be obtained by re-entering the
rtrv-seculogcommand and specifying the mode=full parameter. The status abbreviations are:- AB—Command aborted. Displayed when the
canc-cmd:trmcommand is issued to abort the following commands:rept-stat-card, rept-stat-dstn, rept-stat-ls, rept-stat-slk, rtrv-dstn, rtrv-gta, rtrv-gtt, rtrv-ls, rtrv-map, rtrv-rte, rtrv-seculog, andrtrv-slk. An AB status indicates that processing and output of the command have been halted. This status is also displayed for SEAS flow-thru commands that are canceled with thecanc-cmd(without the trm parameter). - RJ—Command rejected. Displayed whenever the results value that would be displayed in the mode=full report would be one of the following:
- Edddd
- FAILED
- rrrrrr/mmmm
- RL—Retry later. The system is busy.
- IP—In Progress
- OK—Command successfully executed
- TO—Timed out.
- AB—Command aborted. Displayed when the
- cmd—Command that was recorded. In the mode=brief report, if the length of the recorded command is greater than or equal to 35 characters (as this much as can be displayed on a single line of the output report), then only the first 34 characters of the command are displayed, and the 35th character is displayed as a plus symbol (+) to indicate that more information is available in the log. Re-enter the
rtrv-seculogcommand with the mode=full parameter to see the additional information. In the mode=full report, a plus symbol at the end of a command indicates that the command is longer than 150 characters.