LS Data Command Line Interface

LS Data Command Line Interface
The command line interface is separated by major data service contexts and uses character strings to specify options.
Top Level Help

Help command> lsdata <no arguments>
LogSmart Data Command Tool Version 2.001
Copyright (c) 2003 Network Intelligence Corp.
Usage:
lsdata -directory [options]

-events <type> [options] -time <start> <end> -devices "<devicespec>"
-events <type> [options] -eid <eventID>
-statistics <type> [options] -time <start> <end> -devices "<devicespec>"
-chartdata <type> [options] -time <start> <end> -devices "<devicespec>"
-summary <type> [options] -time <start> <end> -devices "<devicespec>"
Type "lsdata -help ?" for more information
“-help” Help
Help command> lsdata -help
-help Help
==========
Usage:
lsdata -help <context>
-help <context>
<context> type specifier for the type of help information to be displayed
format
------
directory display help for the -directory context
statistics display help for the -statistics context
chartdata display help for the -chartdata context
summary display help for the -events context
events display help for the -directory context
help display help for the -help context
time display help for specifing time range
devices display help for specifing devices
Alias Equivalents:
lsdata <no arguments> alias for "lsdata -help"

lsdata -h alias for "lsdata -help"
lsdata -? alias for "lsdata -help"
“-directory” Help
Help command> lsdata –help directory
-directory Help
===============
Usage:
lsdata [-c "uid=<user>;pwd=<password>;eng=<servername[:port]>"] -directory
Alias Equivalents:
lsdata -l alias for "lsdata -directory"
Copyright 1996 - 2003, Network Intelligence™ Corporation. All rights reserved. 1

“-events” Help
Help command> lsdata –help events
-events Help
================
Usage:
lsdata -events <type> [options] -time <start> <end> -devices "<devicespec>" "<devicespec>"..."<devicespec>"
-events <type> [options] -eid <EventID>
-events <type>
<type> type specifier for the type of statistics data to be returned
format
------
Syslog Syslog {mmm dd HHmmss [Device] Event}
SyslogEx Syslog Extended {yyyy/mm/dd HHmmss.sss [Device] Event}
SyslogEid Syslog Extended {yyyy/mm/dd HHmmss.sss [EID] [Device] Event}
SyslogCsv csv {yyyymmddHHmmss.sss,EID,DeviceIP,SeverityLevel,PayLoad}
SyslogCsvUtc csv {MillisecondUTC,EID,DeviceIP,SeverityLevel,PayLoad}
ParsedCsv csv parsed data
[options]
-c <connect-string> "srv=<servername[:port]>"
-loadquery <f> Load the specified query file "f" as the input criteria
-gmt Input times are to be expressed in GMT, default is localtime
-gmtOutput Output times are to be expressed in GMT, default is localtime
-fe "regexpr" (F)ilter out matching regular (E)xpression pattern

-fs "string" (F)ilter out matching (S)tring value
-fei "regexpr" (F)ilter out matching regular (E)xpression pattern (I)gnoring case
-fsi "string" (F)ilter out matching (S)tring value (I)gnoring case
-me "regexpr" (M)atch regular (E)xpression pattern

-ms "string" (M)atch (S)tring value
-mei "regexpr" (M)atch regular (E)xpression pattern (I)gnoring case
-msi "string" (M)atch (S)tring value (I)gnoring case
Note: More than one filter can be specified for example

-fs "string1" "string1" -mei "regexp"
-level <mask> Match on a severity level pattern mask

For example; mask level 01234567
mask value 1x11xx1x match levels 0,2,3 and 6
mask value xxxx11xx match levels 4 and 5
-numEvents Output a maximum of n matching events (-n for short)

-eventsPerDevice Output a maximum of N matching events per a device specified (-N for short)
-sort Sort message data from multiple devices by time, applies only to syslog and extsyslog
types
-dns Enables DNS resolution for "ParsedCsv" events type
-suppressOutput Suppresses Output. Used for performance testing (-x for short)
-translateIp <nnn> Translated the source Ip addresses first octet value to "nnn".
-verbose display execution time information etc(stderr) (-v for short)
-eid <eventID> returns a single event based on that events EID value
-time <start> <end>
<start> starting time of returned data
<end> ending time of returned data
For more information on specifing time view the help on time

by typing lsdata -help time
-devices "<devicespec>" "<devicespec>"..."<devicespec>"

<devicespec> specification for device(s)
double quoted to prevent cmd shell from handling special charaters
format
------
[[<site>:]<deviceset>:]<device>[<eventspec>]
<site> name of the site where the data is located
<deviceset> name of the device set assoicated with the device(s)
<device> ip, alias, or filter of the device(s)

filter can consist of "[n]" or "*" characters
<eventspec> event type specification

eventtypes separated by "|" character
For more information on specifing devices view the help on devices

by typing lsdata -help devices
Alias Equivalents:
lsdata -d 0 alias for "lsdata -events Syslog"

lsdata -d 1 alias for "lsdata -events SyslogEx"
lsdata -d 2 alias for "lsdata -events ParsedCsv"

“-statistics” Help
Help command> lsdata –help statistics
-statistics Help
================
Usage:
lsdata -statistics <type> [options] -time <start> <end> -devices "<devicespec>"

"<devicespec>"..."<devicespec>"
-statistics <type>
format
------
totalsOnly display total count and size information (default value)
byType display statistics information by event types
byDevice display statistics information by event types
byNicCategory display statistics information by nic category
byEventCategory display statistics information by event category
[options]
-c <connect-string> "host=<hostname[:port]>"
-verbose display execution time information etc(stderr)
-time <start> <end>
For more information on specifying time view the help on time


format
------



Alias Equivalents:
lsdata -i alias for "lsdata -statistics types"

lsdata -I alias for "lsdata -statistics total"

“-chartdata” Help
Help command> lsdata –help chartdata
-chartdata Help
================
Usage:
lsdata -chartdata <type> [options] -time <start> <end> -devices "<devicespec>"

"<devicespec>"..."<devicespec>"
-chartdata <type>
format
------
byType display chartdata information by event types
byDevice display chartdata information by event types
byNicCategory display chartdata information by nic category
byEventCategory display chartdata information by event category
[options]
-c <connect-string> "host=<hostname[:port]>"
-csv Format output in csv instead of readable format
-time <start> <end>


format
------



Alias Equivalents:
none

“-summary” Help
Help command> lsdata –help summary
-summary Help
================
Usage:
lsdata -summary <type> [options] -time <start> <end> -devices "<devicespec>" "<devicespec>"..."<devicespec>"
-summary <type>
<type> type specifier for the type of summary data to be returned
format
------
ALLSUMMARY
ACCTPORTSUM
ACCTIPSUM
BYTESUM
SECIPSUM
SECPORTSUM
URLTRACSUM
SUMBYTES
SUMCONNADDR
SUMCONNPORT
SUMHTTP
SUMCOUNT
WINSUM
CATCOUNT
GENCONNADDR
GENCONNPORT
GENCONNHTTP
[options]
-c <connect-string> "srv=<servername[:port]>"
-dns Enables DNS resolution
-suppressOutput Suppresses Output. Used for performance testing (-x for short)
-time <start> <end>


format
------



Alias Equivalents:
lsdata -s <type> alias for "lsdata -summary <type>"
“-time” Help
Help command> lsdata –help time
-time Help
==========
-time <start> <end>
format
------
YYYYMMDD starting time to the day
YYYYMMDDhh starting time to the hour
YYYYMMDDhhmm starting time to the minute
YYYYMMDDhhmmss starting time to the second
YYYYMMDDhhmmss.sss starting time to the millisecond
now starting time is now
hour starting time is the current hour
day starting time is the current day
month starting time is the current month
start starting time is the start of existing data
format
------
YYYYMMDD ending time to the day
YYYYMMDDhh ending time to the hour
YYYYMMDDhhmm ending time to the minute
YYYYMMDDhhmmss ending time to the second
continuous ending time is infinity
now ending time is now
hour ending time is one hour beyond the starting time
day ending time is one day beyond the starting time
month ending time is end of month beyond the starting time
end ending time is the end of existing data

“-devices” Help
Help command> lsdata –help devices
-devices Help
=============

format
------
[<site>:][<deviceset>:]<device>[<eventspec>]
<site> name of the site assoicated with the device(s)
<device> ip, devicetype, or filter of the device(s)

examples
--------
192.168.1.202 ipaddress
* all devices
192.168.1.[1]* all devices within the 192.168.1.100 to 192.168.1.199 range
10.1[01].* all devices with an starting address of 10.10 or 10.11
*.*.5.* all devices with third octet value of 5
ciscopix all devices that are of type ciscopix
netscreen all devices that are of type netscreen

examples
--------
106006|302006 include event types 106006 and 302006
<devicespec> examples
---------------------
ciscopix,netscreen,ds1:* All ciscopix,netscreen, and all devices in the ds1
deviceset
ds1:ciscopix,ds2:ip3 IP with DeviceSet name
ip1(et1|et2),ds2:ciscopix(et4|et5) IP with event type criteria
ciscopix|ds2:ip2|ip3(et1|et2),toplayer(et4|et5) IP with event type criteria

LS Data Command Line Interface

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

LS Data Command Line Interface

Hochgeladen von

Copyright:

Verfügbare Formate

LS Data Command Line Interface

Top Level Help

lsdata -directory [options]

lsdata -help <context>

<context> type specifier for the type of help information to be displayed

lsdata <no arguments> alias for "lsdata -help"

lsdata [-c "uid=<user>;pwd=<password>;eng=<servername[:port]>"] -directory

lsdata -l alias for "lsdata -directory"

Copyright 1996 - 2003, Network Intelligence™ Corporation. All rights reserved. 1

-events <type> [options] -eid <EventID>

<type> type specifier for the type of statistics data to be returned

-fe "regexpr" (F)ilter out matching regular (E)xpression pattern

-me "regexpr" (M)atch regular (E)xpression pattern

Note: More than one filter can be specified for example

-level <mask> Match on a severity level pattern mask

-numEvents Output a maximum of n matching events (-n for short)

-time <start> <end>

<start> starting time of returned data

<end> ending time of returned data

For more information on specifing time view the help on time

-devices "<devicespec>" "<devicespec>"..."<devicespec>"

Copyright 1996 - 2003, Network Intelligence™ Corporation. All rights reserved. 2

<site> name of the site where the data is located

<deviceset> name of the device set assoicated with the device(s)

<device> ip, alias, or filter of the device(s)

<eventspec> event type specification

For more information on specifing devices view the help on devices

lsdata -d 0 alias for "lsdata -events Syslog"

Copyright 1996 - 2003, Network Intelligence™ Corporation. All rights reserved. 3

lsdata -statistics <type> [options] -time <start> <end> -devices "<devicespec>"

<type> type specifier for the type of statistics data to be returned

-time <start> <end>

<start> starting time of returned data

<end> ending time of returned data

For more information on specifying time view the help on time

-devices "<devicespec>" "<devicespec>"..."<devicespec>"

<devicespec> specification for device(s)

<site> name of the site where the data is located

<deviceset> name of the device set assoicated with the device(s)

<device> ip, alias, or filter of the device(s)

<eventspec> event type specification

For more information on specifing devices view the help on devices

lsdata -i alias for "lsdata -statistics types"

Copyright 1996 - 2003, Network Intelligence™ Corporation. All rights reserved. 4

lsdata -chartdata <type> [options] -time <start> <end> -devices "<devicespec>"

<type> type specifier for the type of statistics data to be returned

-time <start> <end>

<start> starting time of returned data

<end> ending time of returned data

For more information on specifing time view the help on time

-devices "<devicespec>" "<devicespec>"..."<devicespec>"

<devicespec> specification for device(s)

<site> name of the site where the data is located

<deviceset> name of the device set assoicated with the device(s)

<device> ip, alias, or filter of the device(s)

<eventspec> event type specification

For more information on specifing devices view the help on devices

Copyright 1996 - 2003, Network Intelligence™ Corporation. All rights reserved. 5

<type> type specifier for the type of summary data to be returned

-time <start> <end>

<start> starting time of returned data

<end> ending time of returned data

For more information on specifing time view the help on time