netfmt(1M)netfmt(1M)NAMEnetfmt - format tracing and logging binary files
SYNOPSIS
records] file_name]
config_file]
config_file] records]
| file_name]
DESCRIPTION
is used to format binary trace and log data gathered from the network
tracing and logging facility (see nettl(1M)). The binary trace and log
information can be read from a file or from standard input (if standard
input is a tty device, an informative message is given and quits).
Formatted data is written to standard output.
Formatting options are specified in an optional filter configuration
file. Message inclusion and format can be controlled by the filter
configuration file. If no configuration commands are specified, all
messages are fully formatted.
Global filtering is done by for NetTL's trace/log packets. A descrip‐
tion of the filter configuration file follows the option descriptions.
Options
recognizes the following command-line options and arguments:
Display a summary of the input file.
The summary includes the total number of mes‐
sages, the starting and ending timestamps, the
types of messages, and information about the sys‐
tem that the data was collected on. The contents
of the input file are not formatted; only a sum‐
mary is reported.
Specifies the number of records from the tail end of the input
file to
format. This option is helpful, because it
allows the user to bypass extraneous information
at the beginning of the file, and get to the most
recent information quickly. The maximum number
of records that can be specified is 1000. If
omitted, all records are formatted. The option
is not allowed when the input file is a FIFO
(pipe).
Specifies the input file containing the binary log or trace
data.
file_name may not be the name of a tty device.
Other options may impose additional restrictions
on the type of the input file allowed. If omit‐
ted, data is read from standard input.
Parse input: this switch allows the user to perform a syntax
check on
the config_file specified by the parameter. All
other parameters are ignored. If the syntax is
correct, terminates with no output or warnings.
Specifies the file containing formatter filter configuration
commands.
Syntax for the commands is given below. When is
omitted the file is read for both logging and
tracing filter configuration commands if it
exists.
Follow the input file.
Instead of closing the input file when end of
file is encountered, keeps it open and continues
to read from it as new data arrives. This option
is especially useful for watching events occur in
real time while troubleshooting a problem.
Another use would be for recording events to a
console or hard-copy device for auditing. (Note
that console logging is controlled by the config‐
uration files and see nettlgen.conf(4).) The
option is not allowed when the input file is
redirected.
The following options are not supported by all subsystems. If a sub‐
system does not support an option, that option is ignored during for‐
matting of data from that subsystem. Consult the product documentation
of the subsystem for information regarding the support of these
options.
Enables output of verbose information.
This option displays additional cause and action
text with formatted output. This information
describes the possible cause of the message and
any actions that may be required by the subsys‐
tem.
After the contents of the input file have been
formatted a summary of the file is displayed.
When this option is used with the option, only a
summary of the last records is reported. No sum‐
mary is produced when this option is used in con‐
junction with the option or if formatting is
interrupted.
(ell) Turn off inverse video highlighting of certain
traced fields. Use this flag when sending for‐
matted trace data to a line printer. By default,
certain fields in the trace file are highlighted
in inverse video when viewing the formatted trace
format at a terminal that supports highlighting.
Shows port numbers and network addresses(such as IP and x121) as
numbers (normally, interprets numbers and
attempts to display them symbolically).
Enables formatting TCP payload for XoT (X.25 over TCP) packets.
Enables "nice" formatting where Ethernet/IEEE802.3,
SLIP, IP, ICMP, IGMP, TCP, UDP, ARP, Probe, and
RPC packets are displayed symbolically. All
remaining user data is formatted in hexadecimal
and ASCII.
(one) Attempts to tersely format each traced packet on
a single line. If and/or options are used, the
output lines will be more than 80 characters
long.
Places a time stamp on terse tracing output.
Used with the (minus one) option.
Prefixes local link address information to terse tracing output.
Used with the (minus one) option.
Filter Configuration File
Filter configuration file syntax converges the syntax used with the
obsolete network trace formatter and network log formatter commands
with new syntax for controlling formatter options. The first section
below describes the general use and syntax of the filter configuration
file. Specific options for subsystem Naming and Filtering are listed
in the section below.
The filter configuration file allows specification of two types of
information:
· Specify options in order to control how the input data is to
be formatted. These options determine what the output looks
like and allow a user to select the best format to suit their
needs.
· Specify filters in order to precisely tailor what input data
is to be discarded and what is to be formatted. control all
subsystems; pertain only to specific subsystems. The global
filtering can start with the word which means it is global to
all the NetTL's subsystems.
A filter is compared against values in the input data. If the data
matches a filter, the data is formatted; otherwise, the input data is
discarded. A filter can also specify by using before the filter value
in the configuration file. If the input data matches a filter, it is
discarded. A filter can also be a "wild-card" (matching any value) by
specifying an asterisk before the filter value in the configuration
file. "Wild card" filters pass all values of the input data. Specify‐
ing as the filter means
Filter Configuration File Syntax
· The formatter ignores white space, such as spaces or tabs.
However, newlines (end of line characters) are important, as
they terminate comments and filter specifications.
· The formatter is not case sensitive. For example and are
treated as equivalent.
· To place comments in the file, begin each comment line with a
character. The formatter ignores all remaining characters on
that line. There are no inline comments allowed.
· An exclamation point in front of an argument indicates This
operator is not supported for timestamp, log instance, and ID
filtering.
· The asterisk when used as an argument, indicates Since the
default for all formatting options is it is unnecessary to
use the asterisk alone. It can be used along with the excla‐
mation point, to indicate This operator is not available for
timestamp, log instance, and ID filtering.
This section explains global filtering options which apply only to sub‐
systems. global filtering commands start with the word followed by the
keywords or
value is one of the following:
Enables output of netfmt internal debugging informa‐
tion to standard error.
Same as the option.
No internal debugging information is to be displayed.
value is one of the following:
Dumps out the messages in hex format.
Enables "nice" formatting.
Same as option.
Attempts to tersely format each traced packet on a
single line.
Same as (minus one) option.
Normal formatting.
value is one of the following:
Normally repeated lines in hex output are condensed
into a single line
and a message stating that redun‐
dant lines have been skipped is
displayed. Specifying will print
all redundant data. This is use‐
ful when the formatted output is
used as input into other commands.
Normally the formatter will highlight certain fields
in its trace
output in inverse video. Specify‐
ing will turn this feature off.
Same as the (minus ell) option.
Six types of filtering are provided:
log classes
trace kinds
connection, device, path, process, and user
specific thread of events
subsystem names
specify ranges of time(s)
The following combinations are recognized:
value indicates the log class. This option allows
the user to select one or more classes to be
formatted. Initially all log classes are for‐
matted. Only one class is allowed per line.
Classes in multiple lines are logically ORed.
The optional subsystem name sets the class fil‐
ter only for the specified subsystem. The log
classes are:
Describes routine operations and current
system values.
Indicates abnormal events possibly caused by
subsystem problems.
Signals an event or condition which was
affecting the overall sub‐
system or network opera‐
tion, but may have caused
an application program to
fail.
Signals an event or condition which
did affect the overall
subsystem or network oper‐
ation, caused several pro‐
grams to fail or the
entire node to shut down.
value spec‐
i‐
fies
the
ID
num‐
ber
of
the
mes‐
sages
to
for‐
mat.
Last-
entered
value
has
prece‐
dence
over
any
pre‐
vi‐
ous
ones.
See
the
record
header
in
the
for‐
mat‐
ted
out‐
put
to
deter‐
mine
which
ID
num‐
bers
to
fil‐
ter
on.
The
oper‐
a‐
tor
is
allowed
in
value.
value can
either
be
an
estab‐
lished
trace
kind
or
a
mask.
A
mask
is
a
hexa‐
dec‐
i‐
mal
rep‐
re‐
sen‐
ta‐
tion
of
a
(set
of)
trace
kind(s).
Masks
in
mul‐
ti‐
ple
lines
are
log‐
i‐
cally
ORed.
The
optional
sub‐
sys‐
tem
name
sets
the
kind
fil‐
ter
only
for
the
spec‐
i‐
fied
sub‐
sys‐
tem.
Trace
kinds
and
their
cor‐
re‐
spond‐
ing
masks
are:
Name Mask Name Mask
───────────────────────────────────────────────────
hdrin 0x80000000 state 0x04000000
hdrout 0x40000000 error 0x02000000
pduin 0x20000000 logging 0x01000000
pduout 0x10000000 loopback 0x00800000
proc 0x08000000
Inbound
Pro‐
to‐
col
Header.
Out‐
bound
Pro‐
to‐
col
Header.
Inbound
Pro‐
to‐
col
Data
Unit
(includ‐
ing
header
and
data).
Out‐
bound
Pro‐
to‐
col
Data
Unit
(includ‐
ing
header
and
data).
Pro‐
ce‐
dure
entry
and
exit.
Pro‐
to‐
col
or
con‐
nec‐
tion
states.
Invalid
events
or
con‐
di‐
tion.
Spe‐
cial
kind
of
trace
that
con‐
tains
a
log
mes‐
sage.
Pack‐
ets
whose
source
and
des‐
ti‐
na‐
tion
sys‐
tem
is
the
same.
value spec‐
i‐
fies
the
log
instance
num‐
ber
of
the
mes‐
sages
to
fil‐
ter.
Select‐
ing
a
log
instance
allows
the
user
to
see
the
mes‐
sages
from
a
sin‐
gle
thread
of
net‐
work
events.
Only
one
log
instance
is
allowed
per
fil‐
ter
con‐
fig‐
u‐
ra‐
tion
file.
The
log
instance
can
not
be
negated
with
the
oper‐
a‐
tor.
value spec‐
i‐
fies
the
sub‐
sys‐
tem
name.
Avail‐
able
sub‐
sys‐
tem
names
can
be
listed
by
using
the
com‐
mand:
Only
one
sub‐
sys‐
tem
name
is
allowed
per
line;
mul‐
ti‐
ple
lines
OR
the
request.
To
elim‐
i‐
nate
a
given
sub‐
sys‐
tem
name,
use
the
oper‐
a‐
tor,
which
for‐
mats
all
sub‐
sys‐
tems
except
those
excluded
by
the
list
of
negated
sub‐
sys‐
tems.
To
include
all
sub‐
sys‐
tems
(the
default),
use
the
oper‐
a‐
tor.
To
elim‐
i‐
nate
all
sub‐
sys‐
tems,
use
the
oper‐
a‐
tor.
indi‐
cates
the
inclu‐
sive
start‐
ing
time. indi‐
cates
the
inclu‐
sive
end‐
ing
time.
value
con‐
sists
of
time_of_day
and
option‐
ally
day_of_year,
(usu‐
ally
sep‐
a‐
rated
by
one
or
more
blanks
for
read‐
abil‐
ity).
time_of_day
spec‐
i‐
fies
the
time
on
the
24-hour
clock
in
hours,
min‐
utes,
sec‐
onds
and
dec‐
i‐
mal
parts
of
a
sec‐
ond
(res‐
o‐
lu‐
tion
is
to
the
near‐
est
microsec‐
ond).
Hours,
min‐
utes
and
sec‐
onds
are
required;
frac‐
tional
sec‐
onds
are
optional.
time_of_day
for‐
mat
is
dddddd.
day_of_year
spec‐
i‐
fies
the
day
of
the
year
in
the
form
month/day/year
in
the
for‐
mat:
Spec‐
ify
month
and
day
numer‐
i‐
cally,
using
one
or
two
dig‐
its.
For
exam‐
ple,
Jan‐
u‐
ary
can
be
spec‐
i‐
fied
as
or
the
third
day
of
the
month
as
or
Spec‐
ify
the
year
in
four
dig‐
its
or
by
its
last
two
dig‐
its.
Only
years
in
the
ranges
1970-2037
are
accepted.
Two
digit
years
in
the
range
70-99
are
inter‐
preted
as
being
in
the
20th
cen‐
tury
(19xx)
and
those
in
the
range
00-37
are
inter‐
preted
as
being
in
the
21st
cen‐
tury
(20xx)
(all
ranges
inclu‐
sive).
day_of_year
is
an
optional
field;
the
cur‐
rent
date
is
used
as
a
default.
The
spec‐
i‐
fi‐
ca‐
tion
includes
those
records
start‐
ing
from
the
res‐
o‐
lu‐
tion
of
time
given.
For
exam‐
ple,
if
the
time_of_day
for
is
spec‐
i‐
fied
as
10:08:00,
all
times
before
that,
from
10:07:59.999999
and
ear‐
lier,
are
excluded
from
the
for‐
mat‐
ted
out‐
put.
Records
with
times
of
10:08:00.000000
and
later
are
included
in
the
for‐
mat‐
ted
out‐
put.
Sim‐
i‐
larly,
the
spec‐
i‐
fi‐
ca‐
tion
includes
up
to
the
res‐
o‐
lu‐
tion
of
time
given.
For
exam‐
ple,
if
the
time_of_day
for
is
spec‐
i‐
fied
as
10:08:00,
all
records
with
times
after
that,
from
10:08:00.000001
onward,
are
excluded
from
the
for‐
mat‐
ted
out‐
put.
Sub‐
sys‐
tem
Fil‐
ter‐
ing
Global
fil‐
ter‐
ing
described
above
takes
prece‐
dence
over
indi‐
vid‐
ual
sub‐
sys‐
tem
trac‐
ing
and
log‐
ging
fil‐
ter‐
ing
described
below.
Sub‐
sys‐
tem
fil‐
ters
are
pro‐
vided
to
allow
fil‐
ter‐
ing
of
data
for
indi‐
vid‐
ual
sub‐
sys‐
tems
or
groups
of
sub‐
sys‐
tems.
Their
behav‐
ior
varies
among
indi‐
vid‐
ual
sub‐
sys‐
tems.
Sub‐
sys‐
tem
fil‐
ters
are
valid
only
when
the
cor‐
re‐
spond‐
ing
sub‐
sys‐
tems
have
been
installed
and
con‐
fig‐
ured
on
the
sys‐
tem.
See
the
sub‐
sys‐
tem
doc‐
u‐
men‐
ta‐
tion
for
a
descrip‐
tion
of
sup‐
ported
sub‐
sys‐
tem
fil‐
ters
and
their
behav‐
ior.
Sub‐
sys‐
tem
fil‐
ter‐
ing
com‐
mands
start
with
the
name
of
the
sub‐
sys‐
tem
fol‐
lowed
by
the
sub‐
sys‐
tem
fil‐
ter
key‐
words.
How‐
ever,
to
pro‐
vide
con‐
ve‐
nience
and
back‐
wards
com‐
pat‐
i‐
bil‐
ity,
sev‐
eral
other
fil‐
ter
key‐
words
are
pro‐
vided
for
the
group
of
LAN
sub‐
sys‐
tems:
Cur‐
rently,
four
types
of
sub‐
sys‐
tem
fil‐
ters
are
pro‐
vided:
LAN,
X25,
STREAMS,
and
OTS.
The
col‐
lec‐
tion
of
LAN
sub‐
sys‐
tems
use
the
sub‐
sys‐
tem
fil‐
ters
iden‐
ti‐
fied
by
the
and
key‐
words
and
the
col‐
lec‐
tion
of
OTS
sub‐
sys‐
tems
use
the
sub‐
sys‐
tem
fil‐
ters
with
the
key‐
word.
The
col‐
lec‐
tion
of
X25
sub‐
sys‐
tems
start
their
fil‐
ter
com‐
mands
with
the
X25
sub‐
sys‐
tem
names.
LAN
Nam‐
ing
and
Fil‐
ter‐
ing
LAN
nam‐
ing
can
be
used
to
sym‐
bol‐
i‐
cally
rep‐
re‐
sent
num‐
bers
with
more
rec‐
og‐
niz‐
able
labels.
node‐
name
is
a
char‐
ac‐
ter
string
to
be
dis‐
played
in
place
of
all
occur‐
rences
of
value.
value
is
a
(IEEE802.3/Eth‐
er‐
net)
hard‐
ware
address
con‐
sist‐
ing
of
6
bytes
spec‐
i‐
fied
in
hexa‐
dec‐
i‐
mal
(with‐
out
lead‐
ing
"0x"),
option‐
ally
sep‐
a‐
rated
by
sub‐
sti‐
tutes
all
occur‐
rences
of
value
with
node‐
name
in
the
for‐
mat‐
ted
out‐
put.
The
map‐
ping
is
dis‐
abled
when
the
option
is
used.
This
option
applies
to
trac‐
ing
out‐
put
only.
LAN
fil‐
ter‐
ing
is
used
to
selec‐
tively
for‐
mat
pack‐
ets
from
the
input
file.
There
are
numer‐
ous
fil‐
ter
types,
each
asso‐
ci‐
ated
with
a
par‐
tic‐
u‐
lar
pro‐
to‐
col
layer:
Filter Layer Filter Type Description
───────────────────────────────────────────────────────────────────────
Layer 1 dest hardware destination address
source hardware source address
───────────────────────────────────────────────────────────────────────
Layer 2 ssap IEEE802.2 source sap
dsap IEEE802.2 destination sap
type Ethernet type
───────────────────────────────────────────────────────────────────────
Layer 3 ip_saddr IP source address
ip_daddr IP destination address
ip_proto IP protocol number
ip6_saddr IPv6 source address
ip6_daddr IPv6 destination address
ip6_proto IPv6 protocol number
───────────────────────────────────────────────────────────────────────
Layer 4 tcp_sport TCP source port
tcp_dport TCP destination port
udp_sport UDP source port
udp_dport UDP destination port
connection a level 4 (TCP, UDP) connection
connection6 a level 4 (TCP, UDP) connection for IPv6
───────────────────────────────────────────────────────────────────────
Layer 5 rpcprogram RPC program
rpcprocedure RPC procedure
rpcdirection RPC call or reply
Fil‐
ter‐
ing
occurs
at
each
of
the
five
lay‐
ers.
If
a
packet
matches
any
fil‐
ter
within
a
layer,
it
is
passed
up
to
the
next
layer.
The
packet
must
pass
every
layer
to
pass
through
the
entire
fil‐
ter.
Fil‐
ter‐
ing
starts
with
Layer
1
and
ends
with
Layer
5.
If
no
fil‐
ter
is
spec‐
i‐
fied
for
a
par‐
tic‐
u‐
lar
layer,
that
layer
is
"open"
and
all
pack‐
ets
pass
through.
For
a
packet
to
make
it
through
a
fil‐
ter
layer
which
has
a
fil‐
ter
spec‐
i‐
fied,
it
must
match
the
fil‐
ter.
Fil‐
ters
at
each
layer
are
log‐
i‐
cally
O'ed.
Fil‐
ters
between
lay‐
ers
are
log‐
i‐
cally
ANDed.
LAN
trace
and
log
fil‐
ters
use
the
fol‐
low‐
ing
for‐
mat:
is
the
key‐
word
iden‐
ti‐
fy‐
ing
the
fil‐
ter
as
a
LAN
sub‐
sys‐
tem
fil‐
ter.
The
fol‐
low‐
ing
fil‐
ters
are
avail‐
able
for
LAN
trac‐
ing.
value
takes
the
form:
where
local_addr
and
remote_addr
can
be
a
host‐
name
or
a
4-byte
Inter‐
net
address
spec‐
i‐
fied
in
dec‐
i‐
mal
dot
nota‐
tion
(see
inet(3N)
for
more
infor‐
ma‐
tion
on
Inter‐
net
addresses
and
dec‐
i‐
mal
dot
nota‐
tions).
port
can
be
a
ser‐
vice
name
or
an
inte‐
ger.
inte‐
ger
rep‐
re‐
sents
a
port
and
can
be
des‐
ig‐
nated
by
a
hexa‐
dec‐
i‐
mal
inte‐
ger
an
octal
inte‐
ger
or
base-10
inte‐
gers
(0
through
65535).
value
takes
the
form:
where
local_IPv6addr
and
remote_IPv6addr
can
be
a
host‐
name
or
a
16-byte
Inter‐
net
address
spec‐
i‐
fied
in
colon
nota‐
tion
(see
inet6(3N)
for
more
infor‐
ma‐
tion
on
IPv6
Inter‐
net
addresses
and
colon
nota‐
tions).
port
can
be
a
ser‐
vice
name
or
an
inte‐
ger.
inte‐
ger
rep‐
re‐
sents
a
port
and
can
be
des‐
ig‐
nated
by
a
hexa‐
dec‐
i‐
mal
inte‐
ger
an
octal
inte‐
ger
or
base-10
inte‐
gers
(0
through
65535).
value
is
a
hard‐
ware
address
con‐
sist‐
ing
of
6
bytes
spec‐
i‐
fied
in
hexa‐
dec‐
i‐
mal
(with‐
out
lead‐
ing
option‐
ally
sep‐
a‐
rated
by
value
is
a
hexa‐
dec‐
i‐
mal
inte‐
ger
of
the
form:
an
octal
inte‐
ger
of
the
form:
or
a
base-
ten
inte‐
ger,
0
through
255.
value
is
a
host‐
name
or
a
4-byte
Inter‐
net
address
spec‐
i‐
fied
in
dec‐
i‐
mal
dot
nota‐
tion
(see
inet(3N)
for
more
infor‐
ma‐
tion
on
Inter‐
net
addresses
and
dec‐
i‐
mal
dot
nota‐
tions).
value
is
a
host‐
name
or
a
16-byte
Inter‐
net
address
spec‐
i‐
fied
in
colon
nota‐
tion
(see
inet6(3N)
for
more
infor‐
ma‐
tion
on
Inter‐
net
addresses
and
colon
nota‐
tions).
value
is
a
hexa‐
dec‐
i‐
mal
inte‐
ger
of
the
form:
an
octal
inte‐
ger
of
the
form:
or
a
base-
ten
inte‐
ger,
0
through
255
(see
pro‐
to‐
cols(4)
for
more
infor‐
ma‐
tion
on
pro‐
to‐
col
num‐
bers).
value
is
a
port
num‐
ber
des‐
ig‐
nated
as
a
2-byte
inte‐
ger
value
or
a
ser‐
vice
name.
The
inte‐
ger
value
can
be
des‐
ig‐
nated
by
a
hexa‐
dec‐
i‐
mal
inte‐
ger
an
octal
inte‐
ger
or
a
base-10
inte‐
ger
(0
through
65535).
value
is
a
RPC
pro‐
gram
name
or
an
inte‐
ger
RPC
pro‐
gram
num‐
ber
(see
rpc(4)
for
more
infor‐
ma‐
tion
on
RPC
pro‐
gram
names).
The
inte‐
ger
value
can
be
des‐
ig‐
nated
by
a
hexa‐
dec‐
i‐
mal
inte‐
ger
an
octal
inte‐
ger
or
a
base-10
inte‐
ger
(0
through
65535).
value
is
an
inte‐
ger
RPC
pro‐
ce‐
dure
num‐
ber.
The
inte‐
ger
value
can
be
des‐
ig‐
nated
by
a
hexa‐
dec‐
i‐
mal
inte‐
ger
an
octal
inte‐
ger
or
a
base-10
inte‐
ger
(0
through
65535).
value
can
be
either
value
is
a
hexa‐
dec‐
i‐
mal
inte‐
ger
of
the
form:
an
octal
inte‐
ger
of
the
form:
or
a
base-
ten
inte‐
ger
(0
through
65535).
LAN
log
fil‐
ter‐
ing
com‐
mand
has
the
fol‐
low‐
ing
form:
value takes
the
form:
where
sub‐
sys_name
is
a
sub‐
sys‐
tem
name
obtained
using
the
com‐
mand
or
one
of
the
fol‐
low‐
ing
abbre‐
vi‐
a‐
tions:
event_list
takes
the
form:
where
event_spec
takes
one
of
the
three
forms:
inte‐
ger
is
an
inte‐
ger
in
hexa‐
dec‐
i‐
mal
(lead‐
ing
octal
(lead‐
ing
or
dec‐
i‐
mal,
which
spec‐
i‐
fies
a
log
event
for
the
sub‐
sys‐
tem
indi‐
cated.
range
takes
the
form
,
and
indi‐
cates
an
inclu‐
sive
set
of
events.
X25
Nam‐
ing
and
Fil‐
ter‐
ing
The
X25
prod‐
uct
pro‐
vides
capa‐
bil‐
i‐
ties
to
assign
sym‐
bolic
names
to
impor‐
tant
num‐
bers
and
to
fil‐
ter
log
events
and
trace
mes‐
sages.
See
x25log(1M)
and
x25trace(1M)
for
more
infor‐
ma‐
tion
about
X25
nam‐
ing
and
fil‐
ter‐
ing.
OTS
Fil‐
ter‐
ing
The
OTS
sub‐
sys‐
tem
fil‐
ter
allows
fil‐
ter‐
ing
of
the
mes‐
sage
ID
num‐
bers
that
are
typ‐
i‐
cally
found
in
the
data
por‐
tion
of
an
OTS
sub‐
sys‐
tem's
log
or
trace
record.
The
OTS
sub‐
sys‐
tem
fil‐
ter
is
effec‐
tive
for
any
sub‐
sys‐
tem
that
is
a
mem‐
ber
of
the
OTS
sub‐
sys‐
tem
group.
OTS
trace
fil‐
ter‐
ing
con‐
fig‐
u‐
ra‐
tion
com‐
mands
have
the
fol‐
low‐
ing
form
in
con‐
fig_file:
Key‐
words
and
argu‐
ments
are
inter‐
preted
as
fol‐
lows:
Iden‐
ti‐
fies
the
fil‐
ter
as
an OTS
sub‐
sys‐
tem
fil‐
ter.
sub‐
sys‐
tem One
of
the
fol‐
low‐
ing
group
of
OTS
sub‐
sys‐
tems:
The
absence
of
sub‐
sys‐
tem
implies
that
the
fil‐
ter
applies
to
all
OTS
sub‐
sys‐
tems.
mes‐
sage_ID is
the
value
of
the
mes‐
sage
ID
to
fil‐
ter.
A
mes‐
sage
ID
is
used
by
OTS
sub‐
sys‐
tems
to
iden‐
tify
sim‐
i‐
lar
types
of
infor‐
ma‐
tion.
It
can
be
rec‐
og‐
nized
as
a
4
digit
num‐
ber
con‐
tained
in
brack‐
ets
at
the
begin‐
ning
of
an
OTS
sub‐
sys‐
tem's
trace
or
log
record.
Ini‐
tially
all
mes‐
sage_IDs
are
enabled
for
for‐
mat‐
ting.
To
for‐
mat
records
with
spe‐
cific
mes‐
sage_IDs,
turn
off
all
mes‐
sage
IDs
using
the
oper‐
a‐
tor,
then
selec‐
tively
enable
the
desired
mes‐
sage
IDs.
Only
one
mes‐
sage_ID
is
allowed
on
each
line.
Mul‐
ti‐
ple
lines
are
ORed
together.
STREAMS
Fil‐
ter‐
ing
The
STREAMS
sub‐
sys‐
tem
fil‐
ter
allows
fil‐
ter‐
ing
on
some
fields
of
the
mes‐
sages
logged
by
STREAMS
mod‐
ules
and
driv‐
ers.
See
str‐
log(7)
for
more
infor‐
ma‐
tion.
EXTER‐
NAL
INFLU‐
ENCES
Inter‐
na‐
tional
Code
Set
Sup‐
port
Sin‐
gle-
and
multi-
byte
char‐
ac‐
ter
code
sets
are
sup‐
ported
in
data.
Sin‐
gle-
byte
char‐
ac‐
ter
code‐
sets
are
sup‐
ported
in
file‐
names.
DEPEN‐
DEN‐
CIES
only
rec‐
og‐
nizes
sub‐
sys‐
tems
and
fil‐
ters
from
prod‐
ucts
which
have
been
installed
and
con‐
fig‐
ured.
WARN‐
INGS
The
syn‐
tax
that
was
used
for
the
obso‐
lete
LAN
trace
and
log
options
has
been
mixed
with
the
syn‐
tax
for
the
com‐
mand
such
that
any
old
options
files
can
be
used
with‐
out
any
changes.
The
com‐
bi‐
na‐
tion
of
syn‐
tax
intro‐
duces
some
redun‐
dancy
and
pos‐
si‐
ble
con‐
fu‐
sion.
The
global
fil‐
ter‐
ing
options
have
the
string
as
the
first
two
fields,
while
the
LAN
fil‐
ter‐
ing
options
merely
have
the
string
as
the
first
field.
It
is
expected
that
the
older
LAN
fil‐
ter‐
ing
options
may
change
to
become
more
con‐
gru‐
ent
with
the
global
fil‐
ter‐
ing
syn‐
tax
in
future
releases.
The
and
com‐
mands
read
the
file
each
time
they
are
exe‐
cuted.
These
com‐
mands
will
not
oper‐
ate
if
the
file
becomes
cor‐
rupted
(see
nettl(1M)
and
netfmt(1M)).
DIAG‐
NOS‐
TICS
Mes‐
sages
describe
ille‐
gal
use
of
com‐
mand
and
unex‐
pected
EOF
encoun‐
tered.
EXAM‐
PLES
The
first
group
of
exam‐
ples
show
how
to
use
com‐
mand
line
options.
1. For‐
mat
the
last
50
records
in
file
(the
default
log
file):
2. Use
the
fol‐
low
option
to
send
all
log
mes‐
sages
to
the
con‐
sole
(nor‐
mally,
only
log
mes‐
sages
are
sent
to
the
con‐
sole
in
con‐
sole
form):
3. Mon‐
i‐
tor
all
log
mes‐
sages
in
a
win‐
dow:
4. Read
file
for
binary
data
and
use
as
the
fil‐
ter
con‐
fig‐
u‐
ra‐
tion
file:
The
remain‐
ing
exam‐
ples
show
how
to
spec‐
ify
entries
in
the
fil‐
ter
con‐
fig‐
u‐
ra‐
tion
file
used
with
the
option.
1. Tell
to
for‐
mat
only
log
mes‐
sages
com‐
ing
from
the
sub‐
sys‐
tem
between
10:31:53
and
10:41:00
on
23
No‐
vem‐
ber
1993.
2. Map
hard‐
ware
address
to
name(LAN):
3. For‐
mat
only
pack‐
ets
from
either
of
the
above
hard‐
ware
addresses:
4. For‐
mat
all
pack‐
ets
trans‐
mit‐
ted
from
the
local
node,
to
the
remote
node,
which
ref‐
er‐
ence
local
TCP
ser‐
vice
ports
or
or
remote
UDP
port
5. For‐
mat
a
TCP
con‐
nec‐
tion
from
local
node
to
which
uses
ser‐
vice
port
and
remote
port
6. For‐
mat
all
logged
events
for
sub‐
sys‐
tem
No
other
events
are
for‐
mat‐
ted.
(By
default,
all
events
are
for‐
mat‐
ted):
7. For‐
mat
only
event
for
sub‐
sys‐
tem
For‐
mat
all
events
except
for
sub‐
sys‐
tem
No
other
events
are
for‐
mat‐
ted.
8. For‐
mat
only
events
and
for
sub‐
sys‐
tem
For‐
mat
all
events
except
events
and
for
sub‐
sys‐
tem
No
other
events
are
for‐
mat‐
ted:
9. For‐
mat
only
those
records
con‐
tain‐
ing
mes‐
sage
IDs
and
for
sub‐
sys‐
tem
and
those
not
con‐
tain‐
ing
mes‐
sage
ID
for
sub‐
sys‐
tem
All
records
from
other
sub‐
sys‐
tems
are
for‐
mat‐
ted:
10. Com‐
bine
LAN
and
gen‐
eral
fil‐
ter‐
ing
options
into
one
con‐
fig‐
u‐
ra‐
tion
file.
For‐
mat
15
min‐
utes
of
pduin
and
pdu‐
out
data
start‐
ing
at
3:00
PM
on
2
April
1990.
AUTHOR
was
devel‐
oped
by
HP.
FILES
default
sub‐
sys‐
tem
con‐
fig‐
u‐
ra‐
tion
file
default
con‐
sole
log‐
ging
options
fil‐
ter
file
default
fil‐
ter
con‐
fig‐
u‐
ra‐
tion
file
if
the option
is
not
used
on
the
com‐
mand
line.
SEE
ALSO
nettl(1M),
net‐
tl‐
conf(1M),
net‐
tl‐
gen.conf(4),
str‐
log(7).
netfmt(1M)