binex - Binary event log extraction utility
/usr/sbin/binex [-a | -A | -l | -v | -q] [-r rangespec]
[-w] [-x] [filename]
Displays an ASCII text summary of each event on stdout,
instead of writing the binary event. The items that are
displayed are: date, time, event class, event subclass,
event sequence number, event summary. If neither this
option nor -A is specified, events are written in their
original binary format. The same as the -a option, but
the summary includes the size of the binary event in bytes
and an indication of whether the event is coded in Common
Event Header (CEH) format or in "classic" (not CEH) format.
Displays a list of the recognized event types on
stdout, along with a description of each. Quiet mode.
When this option is specified, binex does not write messages
reporting data corruption to stderr. Other types of
errors, such as failure to open the input file, are
reported normally. Outputs only events that fall within
the specified range. The syntax of the rangespec is
defined as follows: timespec[-timespec] | day-count |
startup-count
A timespec range has the syntax
[[yyyy:][mm:dd:]]hh:mm:ss, representing an optional
date (year, month and day) and mandatory time
(hour, minute and second). If no date or a partial
date is specified, the current year, month and day
are assumed, as appropriate. If no ending time is
specified, all events in the file that occurred
after the specified starting time are output.
A day-count range has the syntax integerd, representing
a number of days prior to the current time.
A value of either 0d or 1d is interpreted as
"today," meaning that all events that occurred
after the last midnight are output. A value of 2d
outputs all events that occurred yesterday or
today, and so on. All events that occurred after
the specified day are output.
A startup-count range has the syntax integers, representing
a number of system startups, where startups
are identified by searching backwards through
the log file for events of type 300 (system
startup). A value of 0s or 1s is interpreted as the
current session and results in all events that
occurred since the last startup being output. If 2s
is specified, binex searches for the next-to-last
system startup event and uses that event as the
starting point for output.
If a rangespec is specified, binex may begin its
output with events that precede the start of the
range. See DESCRIPTION for more information. Verify
mode. In this mode, binex reads events from the
input stream and reports any errors on stderr but
does not write events to stdout. Truncates the
file after the last valid event has been read. This
option can be used to remove corruption that has
occurred at the end of the file without requiring
the original file to be copied and replaced.
Note
This option does not remove any corruption that is
detected before the last valid entry. If the -r
option is used, this option forces binex to begin
output exactly at the start of the specified range,
instead of beginning from the preceding startup
time.
The binex utility operates on log files produced by the
binary error log daemon binlogd. It can be used to summarize
the contents of a binlog file, to copy a selected
range of events to another file for remote analysis, or to
clean up corrupted areas of the file. The binex utility is
a system management facility that is primarily used by the
binlog daemon binlogd and by the sys_check utility.
The binex utility reads events from the file filename if
specified, or from the default binary error log file otherwise.
If no options are specified, binex reads all
events in the file, skipping any invalid areas, and writes
the events to stdout in their original binary format. Any
invalid areas found in the input file are reported on
stderr.
If a rangespec is supplied and the -x option is also specified,
output begins with the first event that falls
within the range. If the -x option is not specified, binex
attempts to preserve information that is likely to be useful
for problem diagnosis by beginning its output with the
configuration event (type 110/3, also known as a FRU table
event) and system startup event preceding the start of the
range, and including certain other events that may also
precede the range. Not all platforms produce configuration
(FRU table) events.
The -a and -A options can be used to produce a summary of
the contents of the file, instead of the usual binary output.
See the dia(8), ca(8), and evmget(1) reference pages
for information about performing a detailed analysis of
the file.
The -l option displays on stdout a list of the event types
recognized by binex.
The -w option is used by binlogd at system startup, to
remove any invalid data that may have been appended to the
log file if the previous session ended with a system
panic. When a panic occurs, invalid data may appear at the
end of the file if binlogd is interrupted as it attempts
to write new event data. Truncating the file at the start
of the invalid area before writing any new events is a
safe and convenient way to remove the invalid data without
requiring the file to be copied and replaced.
The -v and -q options restrict the output and are particularly
useful when the -w option is used.
To repair a binlog file that contains embedded invalid
data, run binex without options and save its output to a
temporary file. The output file should be free of invalid
data and can then replace the original file. Note that:
The active binlog file must not be replaced while the binlog
daemon is running. If the daemon is stopped in order
to replace the file, it must be restarted as soon as possible
after the file has been replaced. The default location
of the binlog file is a context sensitive symbolic
link (CDSL). The physical location of the file is listed
in the FILES section below. If you are repairing the
active binlog file, be sure to replace the physical file,
and not the CDSL. It is a good idea to copy or move the
original file to a backup location before replacing it.
The binex utility does not read events from its stdin
stream.
Success. An error occurred.
The following example extracts events that occurred
between 1 October and 30 November of the current year from
the default binary error log file. The output events are
saved in a temporary file. # /usr/sbin/binex -r
10:1:0:0:0-11:30:23:59:59 > /usr/tmp/saved_binlog_events
The following example reads the file saved by the previous
example, and summarizes the events that occurred during
the last two system sessions. # /usr/sbin/binex -a -r 2s
/usr/tmp/saved_binlog_events
The following example produces a summary of events that
occurred within the last three days. # /usr/sbin/binex -a
-r 3d
Command path. CDSL link to the default binary error log
file. Physical location of the default binary error log
file.
Commands: evmget(1), evmshow(1), logger(1), binlogd(8),
ca(8), dia(8), syscheck(8)
Files: binlog.conf(4)
Others: EVM(5)
System Administration
binex(8)
[ Back ] |
