NAME¶

explain_syslog - explain syslog messages

SYNOPSIS¶

explain_syslog [ -b begin_time ] [ -e end_time ]
[ -m message_file | -M ] [ -C catalog_dir ] [ -h ] [ -d ]

DESCRIPTION¶

The explain_syslog command reads the specified message file (defaults to stdin), which should be in the format produced by the syslogd daemon. For each line that matches a message documented in the message catalog, explain_syslog prints an explanation, including probable cause and recommended action.

OPTIONS¶

-b begin_time

Ignore messages with timestamps prior to begin_time. See "Timestamps."

-C catalog_dir

Use the message catalog in catalog_dir. The default is /etc/ppc64-diag/message_catalog.

-d

Print debugging output on stderr.

-e end_time

Ignore messages with timestamps after end_time. See "Timestamps."

-h

Print help text and exit.

-m message_file

Read syslog messages from the specified file instead of stdin.

-M

Read syslog messages from system default location.

TIMESTAMPS¶

The following timestamp formats are recognized by explain_syslog:
month day [ year ] [hh:mm[:ss]] — e.g., Feb 12 2010 14:30
month day hh:mm[:ss] [ year ]
day month [ year ] [hh:mm[:ss]] — e.g., 12 Feb 14:30
day month hh:mm[:ss] [ year ]
year-month-day [hh:mm[:ss]] — e.g., 2010-2-12 14:30:00

If no year is specified, explain_syslog assumes that the timestamp is from the prior 12 months. If no hh:mm is specified, explain_syslog assumes 00:00:00.

AUTHOR¶

Written by Jim Keniston (jkenisto@us.ibm.com). Conversion of format strings to regular expressions (for matching syslog messages to catalog entries) written by Jesse Larrew (jlarrew@us.ibm.com).

FILES¶

/etc/ppc64-diag/message_catalog/* — message catalog

SEE ALSO¶

syslog_to_servicelog(8), syslog(3)