Where ADE stores information
ADE creates a summary of the Linux log which it processes and stores the summary of the Linux logs in multiple places.
ADE writes the xml results (output) to the file system. The xml results are written to different directories organized by system name and time period (day).
To find the results for a specific date (period) - helpful when you are unsure as to when the problem started
- Go to the output directory you specified in setup.props
- Go to the system name which contains the systems of interest
- Go to the date of interest
- Select the index.xml file and examine the results using a web browser
To find the results for a specific hour (interval)
- Go to the output directory you specified in setup.props ade.analysisOutputPath
- Go to the system name which contains the systems of interest
- Go to the date of interest
- Go to sub directory intervals
- Determine which interval_nnn.xml to use with the following formula ( convert the time to 24 hour clock, multiply the hours time 60 and add the minutes, divide the result by 10 and subtract 1 from the results to get the correct nnn value)
- Select the interval_nnn.xml file and examine the results using a web browser
For more details see
How the ADE output is organization - Directory Structure
ADE
stores control information and summaries of the logs in a JDBC
compliant network database which is defined in the setup.props file by ade.databaseUrl.
The tables are defined in org.openmainframe.ade.impl.dataStore.Sql.java .
The following information is stored in the database
| Table Name | Information Stored in Table |
| MESSAGE_IDS | key to link similar messages together for analysis |
| COMPONENT_IDS | component name extracted from log ADE uses component id to partition the populate of message strings into smaller groups the message string from a component is compared with other message strings from that same component to find similar messages that should be assigned the same message id |
| TEXT_CLUSTERS | contains the message strings which have been group together and is used to determine what message id a new message string should have |
| SOURCES | contains the name of the Linux system extracted from the Linux log |
| GROUPS | contains the name of the model group to which different Linux systems have been assigned |
| RULES | contains the rules which are used to assign a Linux system to a model group |
| MODELS | describes the model created during training includes when the model was created and the time period included in the model points to the file stored in the file system that contains the details of system behavior identified during training |
| PERIODS | contains information about a time period - usually a day defines the start and end time for period |
| PERIOD_SUMMARIES | contains information about the type of information available (summary_type_interval) specified in flowlayout.xml |
| INTERVALS | contains information about an interval - time slice within a period defines the start and end time for the interval |
| MESSAGE_SUMMARIES | contains a summary that describes each message id issued during an interval |
| ANALYSIS_RESULTS | contains a summary of each interval analyzed |
There are two types of expected behavior stored in the filesystem:
- A summary of the expected behavior of a model group is stored in a .bin file in the models subdirectory. For the default flowlayout.xml, the .bin files are stored in output/model/event_log_model_n.bin.
- A summary of the periodicity of the monitored Linux system is stored in a .ser file with the output from analyze. The file is created during analyze to track when messages are issued. This information is used to determine if messages are periodic.