{CWoC 2010} aila 0.5.0 User Manual

########################## AILA COMMAND LINE HELP ##############################

Usage : aila [Parameter] [Option(s)]

Parameters:
      -h, --help to show this help message
      -f, --file <path_to_file>

Options:
      -c, --csv-format    Format output using tab seperated values
      -l, --log-level <lvl>    Output log data <= to <lvl> to stderr:
        --log-level  1 -> error
        --log-level  2 -> warning
        --log-level  4 -> information
        --log-level  8 -> verbose
        --log-level 16 -> debug
     -n0, --no-zero        Show results including 0 counts
    -ndc, --no-dump-cache    Do no writes the string cache content to file
     -nt, --no-topper    Do not output the top 20 entries from caches
     -qs, --query-shell    Open an interactive shell after parsing the
                provided log file. Type 'help' on the shell
                for details.
      -S, --summary        Parse file for summary review only
      -V, --version        Output program version only

Samples:
    aila --file iis.log --no-zero --log-level 8
    aila -f iis.log -l 4 -n0
    aila -f iis.log --query-shell -n0

{CWoc} info: http://www.symantec.com/connect/search/apachesolr_...

############################ AILA SHELL HELP ###################################

Currently supported commands are divided in 3 sub-sections:

    print: Enters the print sub-shell

    filter: Enters the filter sub-shell

    exec: Enters the execution sub-shell
    
    <sub-shell> <sub-shell command>: Execute the command within the sub-
        shell context. Samples:

        aila/:print top 10 ip
        aila/:filter c-ip 169.254.29.5
        aila/:exec stat store
        aila/:filter uri-webapp 2
        aila/:exec stat store

    log level <n>: set the current logging level to <n>

    exit: Leave the query shell and terminate aila.

    help, ?: Print this message or contextual shell help to stdout.

########################## PRINT SUB-SHELL HELP ################################

Currently supported commands are:

    top <n> ip | guid: print the n highest hitter from the ip or guid
        cache.

    get ip | guid <string>: print the cache data for the provided string
        if it exists in the specified (ip | guid) cache.

    exit: Leave the print shell mode.

########################## FILTER SUB-SHELL HELP ###############################

Currently supported commands are:

    print: display the current filter specifications

    clear: reset the filter to default value (c-ip, no string)
    
    not: switch (false -> true, true -> false) the exclude entries matching
        the current filter from exec commands
    
    not <field name> <value>: set an exclude filter explicitly

    
    help <field name>: to get help on the filter field specified, for exam-
        ple use 'filter help uri-webapp' to get the help message for the
        uri-webapp filter.

    <field name> <value>

        Global filter:
            top n
            from n

        Standard filter:
            c-ip <client_ip>
            uri-agent [0..6]
            uri-webapp [0..10]
            uri-mime [0..3]
            guid <guid>
            iis-status n
            win32-status n
            time-taken n

    The 2 global filters can be combined with the standard filter, so you
    can specify where to start from, how much data to look at and other keys
    keys.
    ________________________________________________________________________
    Field name: c-ip
    Values: <ip address>

    Sample: 'filter c-ip 169.254.29.1' to match request from 169.254.29.1.
    ________________________________________________________________________
    Field name: uri-mime
    Values:
         0: htm        1: html        2: js        3: css
         4: asp        5: aspx        6: asmx        7: ascx
         8: xml        9: other

    Sample: 'filter uri-mime 2' to match java-script file requests only.
    ________________________________________________________________________

    Field name: uri-agent
    Values:
        0: CreateResource.aspx        1: GetClientPolicies.aspx
        2: GetPackageInfo.aspx        3: GetPackageSnapshot.aspx
        4: PostEvent.asp | .aspx    5: GetLicense.asmx
        6: Other

    Sample: 'filter uri-agent 2' to match GetPackageInfo.aspx requests only.
    ________________________________________________________________________

    Field name: uri-webapp
    Values:
         0: Altiris Agent         1: NSCAP
         2: NS Console             3: Resource Manager
         4: Patch Inventory Rule     5: SWD Packages
         6: SWD Portal             7: Client Task Agent
         8: Client Task Server         9: Task Management
        10: Other Altiris apps        11: Other directories

    Sample: 'filter uri-agent 6' to match Software Portal requests only.
    ________________________________________________________________________
    Field name: guid
    Values: <guid>

    Sample: 'filter guid 38af0d00-a9a5-4dc9-abf8-9e215679a6e1' to match any
        request that contained the guid string in the uri-query section.

    Note! The current guid search is done only on the Altiris Agent web-app
        and on the Client Task Server, as we do not want to collect data
        from the NS console.
    ________________________________________________________________________
    Field name: iis-status
    Values:
        0: Success (1xx,2xx)    1: Redirected (3xx)
        2: Client error (4xx)    3: Server error (5xx)

    Sample: 'filter iis-status 2' to match any request that returned a 400
         error.
    ________________________________________________________________________
    Field name: win32-status
    Values: any integer (positive or negative)

    Sample: 'filter win32-status 0' to match any request that returned 0.
    ________________________________________________________________________
    Field name: time-taken
    Values: any positive integer (in second)

    Sample: 'filter time-taken 20' to match any request that took more than
        20 seconds to return.
    ________________________________________________________________________
    Field name: top
    Values: any positive integer
    
    Sample: 'filter top 200' to limit processing to 200 requests.
    ________________________________________________________________________
    Field name: from
    Values: any positive integer
    
    Sample: 'filter from 5000' to start the processing from request 5000.
    ________________________________________________________________________

########################### Exec SUB-SHELL HELP ################################

Currently supported commands are:

    stat store: return stats for the data in store with the current filter
        (if one is configured) applied.

    print store: print the content of the store to stdout with the current.
        The print format is comma delimited with a white space after the
        comma to improve console readability. The current output follows
        this schema:

             1. Request ID (line #)
             2. Client IP (c-ip)
             3. Line size in bytes
             4. Altiris webapp (uri-webapp)
             5. Altiris Agent interface (uri-agent)
             6. Http mime type (uri-mime)
             7. Request date (format is 'yyyymmdd')
             8. Request time (format is 'hhmmss', without leading 0)
             9. IIS Status code
            10. W32 status code
            11. Time taken

    release: release the store memory and string caches

    exit: Leave the exec shell mode.

############################### End-of-file ####################################