Re: SYSLOG/OPERLOG Keyword Search

2017-02-13 Thread Mark Post 
>>> On 2/10/2017 at 03:18 PM, "Donald J."  wrote: 
> Splunk looks very interesting.
> Too bad they don't support z/Linux.

I contacted someone I know at Splunk.  They gave me a couple of links to look 
at:
"One of our partners, they wrote a forwarder for z/OS: 
http://www.syncsort.com/en/Products/Mainframe/Ironstream;
and
"We definitely have a linux s390 build not sure if we tell people about it, 
though"
and
https://conf.splunk.com/session/2014/conf2014_PatrickOgdinDonMarcotte_SplunkSyncsort_WhatsNew.pdf

You might want to contact them directly.  It could be that they will in fact 
support the platform.


Mark Post

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread David Crayford 
> On 11 Feb 2017, at 4:18 am, Donald J.  wrote:
> 
> Splunk looks very interesting.
> Too bad they don't support z/Linux.
> 

The elastic ELK stack will run on zLinux as its JVM based and can do everything 
Splunk does. 


> -- 
>  Donald

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Barry Merrill 
JCL===//  EXEC SAS
JCL===//SYSLOG DD DSN=YOUR.SYSLOG,DISP=SHR
JCL===//SYSIN DD *   
DATA _NULL_;
INFILE SYSLOG;
INPUT @;
IF INDEX(_INFILE_,'TEXT I WANT') GT 0 THEN LIST;

Nope, it ain't SPLUNK but will search any file and print the record.

Barry

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Jesse 1 Robinson
Sent: Friday, February 10, 2017 2:35 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SYSLOG/OPERLOG Keyword Search

The hardest task in searching the system log is that rarely are you interested 
only in a particular character string. What you normally want is the contextual 
environment of that string. Even a message id is not very useful if all you get 
is the one line containing that id. You really need the full, often multiline 
message that starts with message id but generally contains vital information in 
subsequent lines. 

I don't know of any tool that can do the needful except a special purpose 
program written for the purpose. We have one here written eons ago in PLI that 
serves a common purpose. Not sure that we're ready to share it, but I’m dubious 
of finding a GA tool that satisfy this common requirement. As others have said, 
if the log in question is on DASD, you can use ISPF browse to find a target 
string and then look at the surrounding text. May be easy; may be really time 
consuming. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Pew, Curtis G
Sent: Friday, February 10, 2017 6:45 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: SYSLOG/OPERLOG Keyword Search

On Feb 10, 2017, at 8:30 AM, Donald J. <dona...@4email.net> wrote:
> 
> What programs (free or IBM or other) are available for doing 
> historical keyword searches against the SYSLOG or OPERLOG archives?  ISPF or 
> otherwise.

I don’t think this is exactly what you’re asking for, but we forward our 
OPERLOG to Splunk and then we can do all kinds of searches and reports.

--
Pew, Curtis G
curtis@austin.utexas.edu
ITS Systems/Core/Administrative Services


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Jesse 1 Robinson 
The hardest task in searching the system log is that rarely are you interested 
only in a particular character string. What you normally want is the contextual 
environment of that string. Even a message id is not very useful if all you get 
is the one line containing that id. You really need the full, often multiline 
message that starts with message id but generally contains vital information in 
subsequent lines. 

I don't know of any tool that can do the needful except a special purpose 
program written for the purpose. We have one here written eons ago in PLI that 
serves a common purpose. Not sure that we're ready to share it, but I’m dubious 
of finding a GA tool that satisfy this common requirement. As others have said, 
if the log in question is on DASD, you can use ISPF browse to find a target 
string and then look at the surrounding text. May be easy; may be really time 
consuming. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Pew, Curtis G
Sent: Friday, February 10, 2017 6:45 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: SYSLOG/OPERLOG Keyword Search

On Feb 10, 2017, at 8:30 AM, Donald J. <dona...@4email.net> wrote:
> 
> What programs (free or IBM or other) are available for doing 
> historical keyword searches against the SYSLOG or OPERLOG archives?  ISPF or 
> otherwise.

I don’t think this is exactly what you’re asking for, but we forward our 
OPERLOG to Splunk and then we can do all kinds of searches and reports.

--
Pew, Curtis G
curtis@austin.utexas.edu
ITS Systems/Core/Administrative Services


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Donald J. 
Splunk looks very interesting.
Too bad they don't support z/Linux.

-- 
  Donald J.
  dona...@4email.net

On Fri, Feb 10, 2017, at 06:44 AM, Pew, Curtis G wrote:
> On Feb 10, 2017, at 8:30 AM, Donald J.  wrote:
> > 
> > What programs (free or IBM or other) are available for doing historical 
> > keyword
> > searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.
> 
> I don’t think this is exactly what you’re asking for, but we forward our 
> OPERLOG to Splunk and then we can do all kinds of searches and reports.
> 
> -- 
> Pew, Curtis G
> curtis@austin.utexas.edu
> ITS Systems/Core/Administrative Services
> 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

-- 
http://www.fastmail.com - The professional email service

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Pew, Curtis G 
On Feb 10, 2017, at 8:30 AM, Donald J.  wrote:
> 
> What programs (free or IBM or other) are available for doing historical 
> keyword
> searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.

I don’t think this is exactly what you’re asking for, but we forward our 
OPERLOG to Splunk and then we can do all kinds of searches and reports.

-- 
Pew, Curtis G
curtis@austin.utexas.edu
ITS Systems/Core/Administrative Services


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Donald J. 
Another team member  installed an ISPF product written at one of his
former places of employment.  We were investigating other products.
The ISPF panel allows entering starting/end date and time, along
with up to 3 keyword strings with AND or OR operatives.
The console log lines with those keywords are then returned.

-- 
  Donald J.
  dona...@4email.net

On Fri, Feb 10, 2017, at 06:36 AM, Lizette Koehler wrote:
>   So you can use (depending on level of z/OS) the SDSF REXX function.
>   REXX
>   DFSORT
>   SAS
>   CA EASYTRIEVE
>   CA EARL
>   SYNSORT
> 
> And so on.  If you have the SYSLOG copied off to a physical file, it is 
> easily read
> 
> If you are asking about REAL TIME Processing, then you would need to look at 
> extracting data (ISFBATCH, or OPERLOG Function) then using one or more of the 
> above tools.  You will be scanning a line for a string.
> 
> 
> It will really depend on your requirements.  REAL TIME or after the fact.
> 
> What problem are you trying to solve?
> 
> Lizette
> 
> > -Original Message-
> > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> > Behalf Of Donald J.
> > Sent: Friday, February 10, 2017 7:31 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: SYSLOG/OPERLOG Keyword Search
> > 
> > What programs (free or IBM or other) are available for doing historical
> > keyword searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.
> > 
> > --
> >   Donald J.
> >   dona...@4email.net
> > 
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

-- 
http://www.fastmail.com - Choose from over 50 domains or use your own

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Allan Staller 
IEHIBALL  (FREE)   


Subject: SYSLOG/OPERLOG Keyword Search

What programs (free or IBM or other) are available for doing historical keyword 
searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.




::DISCLAIMER::


The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only.
E-mail transmission is not guaranteed to be secure or error-free as information 
could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or may contain viruses in 
transmission. The e mail and its contents
(with or without referred errors) shall therefore not attach any liability on 
the originator or HCL or its affiliates.
Views or opinions, if any, presented in this email are solely those of the 
author and may not necessarily reflect the
views or opinions of HCL or its affiliates. Any form of reproduction, 
dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written 
consent of authorized representative of
HCL is strictly prohibited. If you have received this email in error please 
delete it and notify the sender immediately.
Before opening any email and/or attachments, please check them for viruses and 
other defects.




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Mike Wawiorko 
If you have NetView CANZLOG is very good at this.

Mike Wawiorko   
 Please consider the environment before printing this e-mail


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Donald J.
Sent: 10 February 2017 14:31
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: SYSLOG/OPERLOG Keyword Search

What programs (free or IBM or other) are available for doing historical keyword 
searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.

--
  Donald J.
  dona...@4email.net

--
http://www.fastmail.com - Email service worth paying for. Try it for free

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This e-mail and any attachments are confidential and intended solely for the 
addressee and may also be privileged or exempt from disclosure under applicable 
law. If you are not the addressee, or have received this e-mail in error, 
please notify the sender immediately, delete it from your system and do not 
copy, disclose or otherwise act upon any part of this e-mail or its attachments.

Internet communications are not guaranteed to be secure or virus-free. The 
Barclays Group does not accept responsibility for any loss arising from 
unauthorised access to, or interference with, any Internet communications by 
any third party, or from the transmission of any viruses. Replies to this 
e-mail may be monitored by the Barclays Group for operational or business 
reasons.

Any opinion or other information in this e-mail or its attachments that does 
not relate to the business of the Barclays Group is personal to the sender and 
is not given or endorsed by the Barclays Group.

Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). 
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. 

Barclays Bank PLC is authorised by the Prudential Regulation Authority and 
regulated by the Financial Conduct Authority and the Prudential Regulation 
Authority (Financial Services Register No. 122702).

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Lizette Koehler 
  So you can use (depending on level of z/OS) the SDSF REXX function.
  REXX
  DFSORT
  SAS
  CA EASYTRIEVE
  CA EARL
  SYNSORT

And so on.  If you have the SYSLOG copied off to a physical file, it is easily 
read

If you are asking about REAL TIME Processing, then you would need to look at 
extracting data (ISFBATCH, or OPERLOG Function) then using one or more of the 
above tools.  You will be scanning a line for a string.


It will really depend on your requirements.  REAL TIME or after the fact.

What problem are you trying to solve?

Lizette

> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Donald J.
> Sent: Friday, February 10, 2017 7:31 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: SYSLOG/OPERLOG Keyword Search
> 
> What programs (free or IBM or other) are available for doing historical
> keyword searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.
> 
> --
>   Donald J.
>   dona...@4email.net
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

SYSLOG/OPERLOG Keyword Search

2017-02-10 Thread Donald J. 
What programs (free or IBM or other) are available for doing historical keyword
searches against the SYSLOG or OPERLOG archives?  ISPF or otherwise.

-- 
  Donald J.
  dona...@4email.net

-- 
http://www.fastmail.com - Email service worth paying for. Try it for free

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN