1 ANALYZE
The ANALYZE commands invoke utilities to examine various
components of an OpenVMS system. They perform the following
functions:
o Invoke the Audit Analysis Utility to extract selective
information from the system security audit journal (see /AUDIT).
o Invoke the System Dump Analyzer (SDA) to examine the specified
dump file (see /CRASH_DUMP).
o Invoke the Analyze/Disk_Structure Utility to examine disk
volumes (see /DISK_STRUCTURE).
o Invoke the Errorlog Report Formatter to selectively report the
contents of an error log file (see /ERROR_LOG).
o Describe the contents of an image file or shareable image file
(see /IMAGE).
o Invoke the Bad Utility to find disk blocks that cannot be used
to store data (see /MEDIA).
o Describe the contents of an object file (see /OBJECT).
o Invoke the OpenVMS Debugger for analysis of a process dump file
(see /PROCESS_DUMP).
o Analyze the internal structure of an RMS file (see /RMS_FILE).
o Invoke the SDA to examine the running system (see /SYSTEM).
The default analyze function is to examine object modules
(ANALYZE/OBJECT).
2 /AUDIT
The Audit Analysis utility (ANALYZE/AUDIT) processes event
messages in security audit log files to produce reports of
security-related events on the system.
Format
ANALYZE/AUDIT [file-spec[,...]]
file-spec[,...]
Specifies one or more security audit log files as input to
ANALYZE/AUDIT. If you specify more than one file name, separate
the names with commas.
If you omit the file-spec parameter, the utility searches for the
default audit log file SECURITY.AUDIT$JOURNAL.
The default audit log file is created in the SYS$COMMON:[SYSMGR]
directory. To use the file, specify SYS$MANAGER on the ANALYZE
/AUDIT command line. If you do not specify a directory, the
utility searches for the file in the current directory.
You can include wildcard characters, such as the asterisk (*) or
percent sign (%), in the file specification.
The audit log file can be located in any directory. To display
the current location, use the DCL command SHOW AUDIT/ALL.
3 Qualifiers
Qualifier Description
/BEFORE Controls whether records dated earlier than the
specified time are selected
/BINARY Controls whether output is a binary file
/BRIEF Controls whether a brief, single-line record
format is used in ASCII displays
/EVENT_TYPE Selects the classes of events to be extracted from
the security log file
/FULL Controls whether a full format is used in ASCII
displays
/IGNORE Excludes records from the report that match the
specified criteria
/INTERACTIVE Controls whether interactive command mode is
enabled when ANALYZE/AUDIT is invoked
/OUTPUT Specifies where to direct output from ANALYZE
/AUDIT
/PAUSE Specifies the length of time each record is
displayed in a full format display
/SELECT Specifies the criteria for selecting records
/SINCE Indicates that the utility must operate on
records dated with the specified time or after
the specified time
/SUMMARY Specifies that a summary of the selected records
be produced after all records are processed
3 /BEFORE
Controls whether records dated earlier than the specified time
are selected.
Format
/BEFORE[=time]
/NOBEFORE
time
Specifies the time used to select records. Records dated earlier
than the specified time are selected. You can specify an absolute
time, delta time, or a combination of the two. Observe the syntax
rules for date and time described in the OpenVMS User's Manual.
4 Examples
1.$ ANALYZE/AUDIT /BEFORE=25-NOV-2000 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records dated earlier
than November 25, 2000.
2.$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records generated
between noon and 2 P.M. today.
3 /BINARY
Controls whether output is a binary file.
Format
/BINARY
/NOBINARY
4 Example
$ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25DEC00.AUDIT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all audit records generated
today and writes the records in binary format to 25DEC00.AUDIT.
3 /BRIEF
Controls whether a brief, single-line record format is used in
ASCII displays.
Format
/BRIEF (default)
4 Example
$ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example produces an ASCII file in brief
format by default. The report is written to the AUDIT.LIS file.
3 /EVENT_TYPE
Selects the classes of events to be extracted from the security
log file. If you omit the qualifier or specify the ALL keyword,
the utility includes all enabled event classes in the report.
Format
/EVENT_TYPE=(event-type[,...])
event type[,...]
Specifies the classes of events used to select records. You can
specify any of the following event types:
[NO]ACCESS Access to an object, such as a file
[NO]ALL All event types
[NO]AUDIT Use of the SET AUDIT command
[NO]AUTHORIZATION Change to the authorization database (SYSUAF.DAT,
RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT)
[NO]BREAKIN Break-in detection
[NO]CONNECTION Establishment of a network connection through the
System Management utility (SYSMAN), DECwindows,
or interprocess communication (IPC) software or
DECnet Phase IV (VAX only)
[NO]CREATE Creation of an object
[NO]DEACCESS Completion of access to an object
[NO]DELETE Deletion of an object
[NO]INSTALL Modification of the known file list with the
Install utility (INSTALL)
[NO]LOGFAIL Unsuccessful login attempt
[NO]LOGIN Successful login
[NO]LOGOUT Successful logout
[NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT
[NO]NCP Modification of the DECnet network configuration
databases
[NO]NETPROXY Modification of the network proxy authorization
file (NETPROXY.DAT or NET$PROXY.DAT)
[NO]PRIVILEGE Privilege auditing
[NO]PROCESS Use of one or more of the process control system
services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK,
$WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID,
$GETJPI, $FORCEX, $SETPRI
[NO]RIGHTSDB Modification of the rights database (RIGHTSLIST.DAT)
[NO]SYSGEN Modification of system parameters through the
System Generation utility (SYSGEN) or AUTOGEN
[NO]SYSUAF Modification of the system user authorization
file (SYSUAF.DAT)
[NO]TIME Change in system or cluster time
Specifying the negated form of an event class (for example,
NOLOGFAIL) excludes the specified event class from the audit report.
4 Examples
1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example extracts all records of unsuccessful
login attempts, which match the LOGFAIL class, and compiles a
brief report.
2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example builds a report in brief format of
all audit records except those in the LOGIN and LOGOUT event
classes.
3 /FULL
Controls whether a full format is used in ASCII displays. If you
specify /NOFULL or omit the qualifier, records are displayed in
the brief format.
Format
/FULL
/NOFULL (default)
4 Example
$ ANALYZE/AUDIT /FULL SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example displays the full contents of each
selected record.
3 /IGNORE
Excludes records from the report that match the specified criteria.
Format
/IGNORE=criteria[,...]
criteria[,...]
Specifies that all records are selected except those matching any
of the specified exclusion criteria. See the /SELECT qualifier
description for a list of the possible criteria to use with the
/IGNORE qualifier.
3 /INTERACTIVE
Controls whether interactive command mode is enabled when ANALYZE
/AUDIT is invoked.
Format
/INTERACTIVE (default)
/NOINTERACTIVE
4 Examples
1.$ ANALYZE/AUDIT/FULL SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example produces a full format display
of the selected records. New records are displayed every 3
seconds. (See the /PAUSE qualifier description to find how to
modify the duration of each record display.) Press Ctrl/C to
interrupt the display and to enter interactive commands.
2.$ ANALYZE/AUDIT/FULL/NOINTERACTIVE -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example invokes the utility in noninteractive
mode. It displays the first record selected and prompts you to
press Return to display each additional selected record. Control
returns to the DCL command level when all selected records have
been displayed.
3 /OUTPUT
Specifies where to direct output from ANALYZE/AUDIT. If you omit
the qualifier, the report is sent to SYS$OUTPUT.
Format
/OUTPUT[=file-spec]
/NOOUTPUT
file-spec[,...]
Specifies the name of the file that is to contain the selected
records. If you omit the device and directory specification, the
utility uses the current device and directory specification. If
you omit the file name and type, the default file name AUDIT.LIS
is used. If the output is binary (/BINARY) and you omit the
/OUTPUT qualifier, the binary information is written to the file
AUDIT.AUDIT$JOURNAL.
4 Example
$ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects audit records from the
system audit log file and writes them to the binary file
BIN122588.DAT.
3 /PAUSE
Specifies the length of time each record is displayed in a full-
format display.
Format
/PAUSE=seconds
seconds
Specifies the duration (in seconds) of the full-screen display.
A value of 0 specifies that the system should not pause before
displaying the next record. By default, the utility displays a
record for 3 seconds.
4 Example
$ ANALYZE/AUDIT /FULL/PAUSE=1 SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example displays a selected record in full
format every second. You can interrupt the display and enter
interactive commands at any time by pressing Ctrl/C.
3 /SELECT
Specifies the criteria for selecting records from the audit log
file. See the OpenVMS Guide to System Security for a description
of how to generate audit records.
Format
/SELECT=criteria[,...]
/NOSELECT
criteria[,...]
Specifies the criteria for selecting records. For each specified
criterion, ANALYZE/AUDIT has two selection requirements:
o The packet corresponding to the criterion must be present in
the record.
o One of the specified values must match the value in that
packet.
For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as
the criteria, ANALYZE/AUDIT selects an event record containing
the SYSTEM=DBASE packet and a USER packet with either the PUTNAM
value or the WU value.
If you omit the /SELECT qualifier, all event records selected
through the /EVENT_TYPE qualifier are extracted from the audit
log file and included in the report.
You can specify any of the following criteria:
4 ACCESS
ACCESS=(type,...)
Specifies the type of object access upon which the selection
is based. Access is object-specific and includes the following
types:
Associate Execute Read
Control Lock Submit
Create Logical Use
Delete Manage Write
Physical
The OpenVMS Guide to System Security describes each of these
types.
4 ACCOUNT
ACCOUNT=(name,...)
Specifies the account name upon which selection is based. You can
use wildcards, such as an asterisk (*) or percent sign (%), to
represent all or part of the name.
4 ALARM_NAME
ALARM_NAME=(alarm-name,...)
Specifies the alarm journal name on which selection is based. You
can use wildcards to represent all or part of the alarm name.
4 ASSOCIATION_NAME
ASSOCIATION_NAME=(IPC-name,...)
Specifies the name of the interprocess communication (IPC)
association.
4 AUDIT_NAME
AUDIT_NAME=(journal-name,...)
Specifies the audit journal name on which selection is based.
You can use wildcards to represent all or part of the audit
journal name.
4 COMMAND_LINE
COMMAND_LINE=(command,...)
Specifies the command line that the user entered.
4 CONNECTION_IDENTIFICATION
CONNECTION_IDENTIFICATION=(IPC-name,...)
Specifies the name for the interprocess communication (IPC)
connection.
4 DECNET_LINK_IDENTIFICATION
DECNET_LINK_IDENTIFICATION=(value,...)
Specifies the number of the DECnet logical link.
4 DECNET_OBJECT_NAME
DECNET_OBJECT_NAME=(object-name,...)
Specifies the name of the DECnet object.
4 DECNET_OBJECT_NUMBER
DECNET_OBJECT_NUMBER=(value,...)
Specifies the number of the DECnet object.
4 DEFAULT_USERNAME
DEFAULT_USERNAME=(username,...)
Specifies the default local user name for incoming network proxy
requests.
4 DEVICE_NAME
DEVICE_NAME=(device-name,...)
Specifies the name of a device in audit records that have a
DEVICE_NAME packet. Note that this does not select the device
name when it occurs in other packet types, such as in a file name
or in the TARGET_DEVICE_NAME packet.
4 DIRECTORY_ENTRY
DIRECTORY_ENTRY=(directory,...)
Specifies the directory entry associated with file system
operation.
4 DIRECTORY_NAME
DIRECTORY_NAME=(directory,...)
Specifies the name of the directory file.
4 DISMOUNT_FLAGS
DISMOUNT_FLAGS=(flag-name,...)
Identifies the names of the volume dismounting flags to be used
in selecting records. Specify one or more of the following flag
names: Abort, Cluster, Nounload, and Unit.
4 EVENT_CLUSTER_NAME
EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)
Specifies the name of the event flag cluster.
4 FACILITY
FACILITY=(facility-name,...)
Specifies that only events audited by the named facility be selected.
Provide a name or a number but, in either case, the facility has to
be defined through the logical AUDSERV$FACILITY_NAME as a decimal
number; the system uses the number 0.
4 FIELD_NAME
FIELD_NAME=(field-name,...)
Specifies the name of the field that was modified. ANALYZE
/AUDIT uses the FIELD_NAME criterion with packets containing
the original data and the new data (specified by the NEW_DATA
criterion).
4 FILE_NAME
FILE_NAME=(file-name)
Specifies the name of the file that caused the audit. Describes
audit records for the specified file by using a slightly different
display format than is provided by the /OBJECT=NAME=object-name
keyword.
4 FILE_IDENTIFICATION
FILE_IDENTIFICATION=(identification-value)
Specifies the value of the file's identification. To calculate
the value, start with the value listed for File ID when you use
the FILE_NAME keyword. For example, the display lists the File ID
as:
File ID: (3024,5,0)
Use the following formula to calculate the value:
((0 * 65536) + 5 * 65536) + 3024 = 330704
4 FLAGS
FLAGS=(flag-name,...)
Identifies the names of the audit event flags associated with the
audited event. These names should be used in selecting records.
Specify one or more of the following flags: ACL, Alarm, Audit,
Flush, Foreign, Internal, and Mandatory.
4 HOLDER
HOLDER=keyword(,...)
Specifies the characteristics of the identifier holder to be used
when selecting event records. Choose from the following keywords:
NAME=username Specifies the name of the holder. You can
represent all or part of the name with a
wildcard.
OWNER=uic Specifies the user identification code
(UIC) of the holder.
4 IDENTIFIER
IDENTIFIER=keyword(,...)
Identifies which attributes of an identifier should be used when
selecting event records. Choose from the following keywords:
ATTRIBUTES=name Specifies the name of the particular
attribute. Valid attribute names are as
follows: Dynamic, Holder_Hidden, Name_Hidden,
NoAccess, Resource, and Subsystem.
NAME=identifier Specifies the original name of the identifier.
You can represent all or part of the name with
a wildcard.
NEW_NAME=identifier Specifies the new name of the identifier. You
can represent all or part of the name with a
wildcard.
NEW_ATTRIBUTES=name Specifies the name of the new attribute. Valid
attribute names are Dynamic, Holder_Hidden,
Name_Hidden, NoAccess, Resource, and
Subsystem.
VALUE=value Specifies the original value of the
identifier.
NEW_VALUE=value Specifies the new value of the identifier.
4 IDENTIFIERS_MISSING
IDENTIFIERS_MISSING=(identifier,...)
Specifies the identifiers missing in a failure to access an
object.
4 IDENTIFIERS_USED
IDENTIFIERS_USED=(identifier,...)
Specifies the identifiers used to gain access to an object. An
event record matches if the specified list is a subset of the
identifiers recorded in the event record.
4 IMAGE_NAME
IMAGE_NAME=(image-name,...)
Identifies the name of the image to be used when selecting event
records. You can represent all or part of the image name with a
wildcard.
4 INSTALL
INSTALL=keyword(,...)
Specifies that installation event packets are to be considered
when selecting event records. Choose from the following keywords:
FILE=filename Specifies the name of the installed file.
You can represent all or part of the name
with a wildcard.
Note that on Alpha systems prior to
Version 6.1 and on VAX systems prior to
Version 6.0, audit log files record the
installed file name within an object
name packet. To select the installed
file, you must use the expression
OBJECT=(NAME=object-name) instead of
FILE=filename.
FLAGS=flag-name Specifies the names of the flags, which
correspond to qualifiers of the Install
utility (INSTALL); for example, OPEN
corresponds to /OPEN.
PRIVILEGES=privilege- Specifies the names of the privileges with
name which the file was installed.
4 LNM_PARENT_NAME
LNM_PARENT_NAME=(table-name,...)
Specifies the name of the parent logical name table.
4 LNM_TABLE_NAME
LNM_TABLE_NAME=(table-name,...)
Specifies the name of the logical name table.
4 LOCAL
LOCAL=(characteristic,...)
Specifies the characteristics of the local (proxy) account to be
used when selecting event records. The following characteristic
is supported:
USERNAME=username Specifies the name of the local account.
You can represent all or part of the name
with a wildcard.
4 LOGICAL_NAME
LOGICAL_NAME=(logical-name,...)
Specifies the logical name of the mounted (or dismounted) volume
upon which selection is based. You can represent all or part of
the logical name with a wildcard.
4 MAILBOX_UNIT
MAILBOX_UNIT=(number,...)
Specifies the number of the mailbox unit.
4 MOUNT_FLAGS
MOUNT_FLAGS=(flag-name,...)
Specifies the names of the volume mounting flags upon which
selection is based. Possible flag names include the following:
CACHE=(NONE,WRITETHROUGH)
CDROM
CLUSTER
COMPACTION
DATACHECK=(READ,WRITE)
DSI
FOREIGN
GROUP
INCLUDE
INITIALIZATION=(ALLOCATE,CONTINUATION)
MESSAGE
NOASSIST
NOAUTOMATIC
NOCOMPACTION
NOCOPY
NOHDR3
NOJOURNAL
NOLABEL
NOMOUNT_VERIFICATION
NOQUOTA
NOREBUILD
NOUNLOAD
NOWRITE
{ ACCESSIBILITY }
{ EXPIRATION }
{ IDENTIFICATION }
{ }
{ LIMITED_SEARCH }
OVERRIDE=(options[,...]) { LOCK }
{ NO_FORCED_ERROR }
{ }
{ OWNER_IDENTIFIER }
{ SECURITY }
{ SETID }
{ }
QUOTA
SHARE
SUBSYSTEM
SYSTEM
TAPE_DATA_WRITE
XAR
The names NOLABEL and FOREIGN each point to the FOREIGN flag.
The reason for this is that the MOUNT/NOLABEL and MOUNT/FOREIGN
commands each set the FOREIGN flag. Therefore, if you used MOUNT
/NOLABEL, and you use ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL,
the audit record will display the FOREIGN flag.
4 NEW_DATA
NEW_DATA=(value,...)
Specifies the value to use after the event occurs. Use this
criterion with the FIELD_NAME criterion.
4 NEW_IMAGE_NAME
NEW_IMAGE_NAME=(image-name,...)
Specifies the name of the image to be activated in the newly
created process, as supplied to the $CREPRC system service.
4 NEW_OWNER
NEW_OWNER=(uic,...)
Specifies the user identification code (UIC) to be assigned to
the created process, as supplied to the $CREPRC system service.
4 OBJECT
OBJECT=keyword(,...)
Specifies which characteristics of an object should be used when
selecting event records. Choose any of the following keywords:
CLASS=class-name Specifies the general object class as one
of the following:
Capability
Device
Event_cluster
File
Group_global_section
Logical_name_table
Queue
Resource_domain
Security_class
System_global_section
Volume
You must enter the full class name (for
example, CLASS=logical_name_table) or use
wildcard characters to supply a portion of
the class name (for example, CLASS=log*).
NAME=object-name Specifies the name of the object. You can
represent all or part of the name with a
wildcard. If you do not use a wildcard,
specify the full object name (for example,
BOSTON$DUA0:[RWOODS]MEMO.MEM;1).
OWNER=value Specifies the UIC or general identifier of
the object.
TYPE=type Specifies the general object class (type
of object). The available classes are as
follows:
Capability
Device
File
Group_global_section
Logical_name_table
Queue
System_global_section
The CLASS keyword supersedes the TYPE
keyword. However, TYPE is required to
select audit records in files created
prior to OpenVMS Alpha Version 6.1 and
OpenVMS VAX Version 6.0.
4 PARENT
PARENT=keyword(,...)
Specifies which characteristics of the parent process are used
when selecting event records generated by a subprocess. Choose
from the following keywords:
IDENTIFICATION=value Specifies the process identifier (PID) of
the parent process.
NAME=process-name Specifies the name of the parent process.
You can represent all or part of the name
with a wildcard.
OWNER=value Specifies the owner (identifier value) of
the parent process.
USERNAME=username Specifies the user name of the parent
process. You can represent all or part of
the name with a wildcard.
4 PASSWORD
PASSWORD=(password,...)
Specifies the password used when the system detected a break-in
attempt.
4 PRIVILEGES_MISSING
PRIVILEGES_MISSING=(privilege-name,...)
Specifies privileges the caller needed to perform the operation
successfully. Specify any of the system privileges, as described
in the OpenVMS Guide to System Security.
4 PRIVILEGES_USED
PRIVILEGES_USED=(privilege-name,...)
Specifies the privileges of the process to be used when selecting
event records. Specify any of the system privileges, as described
in the OpenVMS Guide to System Security. Also include the
STATUS keyword in the selection criteria so the report can
demonstrate whether the privilege was involved in a successful
or an unsuccessful operation.
4 PROCESS
PROCESS=(characteristic,...)
Specifies the characteristics of the process to be used
when selecting event records. Choose from the following
characteristics:
IDENTIFICATION=value Specifies the PID of the process.
NAME=process-name Specifies the name of the process. You can
represent all or part of the name with a
wildcard.
4 REMOTE
REMOTE=keyword(,...)
Specifies that some characteristic of the network request is to
be used when selecting event records. Choose from the following
keywords:
ASSOCIATION_NAME=IPC-name Specifies the interprocess
communication (IPC) association name.
LINK_IDENTIFICATION=value Specifies the number of the DECnet
logical link.
IDENTIFICATION=value Specifies the DECnet node address.
NODENAME=node-name Specifies the DECnet node name. You
can represent all or part of the name
with a wildcard.
USERNAME=username Specifies the remote user name. You
can represent all or part of the
remote user name with a wildcard.
4 REQUEST_NUMBER
REQUEST_NUMBER=(value,...)
Specifies the request number associated with the DCL command
REQUEST/REPLY.
4 SECTION_NAME
SECTION_NAME=(global-section-name,...)
Specifies the name of the global section.
4 STATUS
STATUS=type(,...)
Specifies the type of success status to be used when selecting
event records. Choose from the following status types:
SUCCESSFUL Specifies any success status.
FAILURE Specifies any failure status.
CODE=(value,...) Specifies a specific completion status.
4 SUBJECT_OWNER
SUBJECT_OWNER=(uic,...)
Specifies the owner (UIC) of the process causing the event.
4 SUBTYPE
SUBTYPE=(subtype,...)
Specifies that the criteria be limited to the value or values
specified as a subtype. The following table lists events and
their related subtypes. After SUBTYPE, enter the subtypes as they
appear in the list; for example, SUBTYPE=ALARM_STATE. (In other
words, do not enter a prefix.)
Symbols for Event Types
and Subtypes Meaning
NSA$C_MSG_AUDIT Systemwide change to auditing
ALARM_STATE Events enabled as alarms
AUDIT_DISABLED Audit events disabled
AUDIT_ENABLED Audit events enabled
AUDIT_INITIATE Audit server startup
AUDIT_LOG_FIRST First entry in audit log (backward link)
AUDIT_LOG_FINAL Final entry in audit log (forward link)
AUDIT_STATE Events enabled as audits
AUDIT_TERMINATE Audit server shutdown
NSA$C_MSG_BREAKIN Break-in attempt detected
BATCH Batch process
DETACHED Detached process
DIALUP Dialup interactive process
LOCAL Local interactive process
NETWORK Network server task
REMOTE Interactive process from another network
node
SUBPROCESS Subprocess
NSA$C_MSG_CONNECTION Logical link connection or termination
CNX_ABORT Connection aborted
CNX_ACCEPT Connection accepted
CNX_DECNET_CREATE DECnet logical link created
CNX_DECNET_DELETE DECnet logical link disconnected
CNX_DISCONNECT Connection disconnected
CNX_INC_ABORT Incoming connection request aborted
CNX_INC_ACCEPT Incoming connection request accepted
CNX_INC_DISCONNECT Incoming connection disconnected
CNX_INC_REJECT Incoming connection request rejected
CNX_INC_REQUEST Incoming connection request
CNX_IPC_CLOSE Interprocess communication association
closed
CNX_IPC_OPEN Interprocess communication association
opened
CNX_REJECT Connection rejected
CNX_REQUEST Connection requested
NSA$C_MSG_INSTALL Use of the Install utility (INSTALL)
INSTALL_ADD Known image installed
INSTALL_REMOVE Known image deleted
NSA$C_MSG_LOGFAIL Login failure
See subtypes for NSA$C_MSG_BREAKIN
NSA$C_MSG_LOGIN Successful login
See subtypes for NSA$C_MSG_BREAKIN
NSA$C_MSG_LOGOUT Successful logout
See subtypes for NSA$C_MSG_BREAKIN
NSA$C_MSG_MOUNT Volume mount or dismount
VOL_DISMOUNT Volume dismount
VOL_MOUNT Volume mount
NSA$C_MSG_NCP Modification to network configuration
database
NCP_COMMAND Network Control Program (NCP) command
issued
NSA$C_MSG_NETPROXY Modification to network proxy database
NETPROXY_ADD Record added to network proxy
authorization file
NETPROXY_DELETE Record removed from network proxy
authorization file
NETPROXY_MODIFY Record modified in network proxy
authorization file
NSA$C_MSG_OBJ_ACCESS Object access attempted
OBJ_ACCESS Access attempted to create, delete, or
deaccess an object
NSA$C_MSG_OBJ_CREATE Object creation attempted
OBJ_CREATE Access attempted to create an object
NSA$C_MSG_OBJ_DEACCESS Object deaccessed
OBJ_DEACCESS Attempt to complete access to an object
NSA$C_MSG_OBJ_DELETE Object deletion attempted
OBJ_DELETE Object deletion attempted
NSA$C_MSG_PROCESS Process controlled through a system service
PRC_CANWAK Process wakeup canceled
PRC_CREPRC Process created
PRC_DELPRC Process deleted
PRC_FORCEX Process exit forced
PRC_GETJPI Process information gathered
PRC_GRANTID Process identifier granted
PRC_RESUME Process resumed
PRC_REVOKID Process identifier revoked
PRC_SCHDWK Process wakeup scheduled
PRC_SETPRI Process priority altered
PRC_SIGPRC Process exception issued
PRC_SUSPND Process suspended
PRC_TERM Process termination notification requested
PRC_WAKE Process wakeup issued
NSA$C_MSG_PRVAUD Use of privilege
PRVAUD_FAILURE Unsuccessful use of privilege
PRVAUD_SUCCESS Successful use of privilege
NSA$C_MSG_RIGHTSDB Modification to the rights database
RDB_ADD_ID Identifier added to rights database
RDB_CREATE Rights database created
RDB_GRANT_ID Identifier granted to user
RDB_MOD_HOLDER List of identifier holders modified
RDB_MOD_ID Identifier name or attributes modified
RDB_REM_ID Identifier removed from rights database
RDB_REVOKE_ID Identifier taken away from user
NSA$C_MSG_SYSGEN Use of the System Generation utility
(SYSGEN)
SYSGEN_SET System parameter modified
NSA$C_MSG_SYSTIME Modification to system time
SYSTIM_SET System time set
SYSTIM_CAL System time calibrated
NSA$C_MSG_SYSUAF Modification to system user
authorization file (SYSUAF)
SYSUAF_ADD Record added to system user
authorization file
SYSUAF_COPY Record added to system user
authorization file
SYSUAF_DELETE Record deleted from system user
authorization file
SYSUAF_MODIFY Record modified in system user
authorization file
SYSUAF_RENAME Record renamed in system user
authorization file
4 SYSTEM
SYSTEM=keyword(,...)
Specifies the characteristics of the system to be used when
selecting event records. Choose from the following keywords:
IDENTIFICATION=value Specifies the numeric identification of
the system.
NAME=nodename Specifies the node name of the system.
4 SYSTEM_SERVICE_NAME
SYSTEM_SERVICE_NAME=(service-name,...)
Specifies the name of the system service associated with the
event.
4 TARGET_DEVICE_NAME
TARGET_DEVICE_NAME=(device-name,...)
Specifies the target device name used by a process control system
service.
4 TARGET_PROCESS_IDENTIFICATION
TARGET_PROCESS_IDENTIFICATION=(value,...)
Specifies the target process identifier (PID) used by a process
control system service.
4 TARGET_PROCESS_NAME
TARGET_PROCESS_NAME=(process-name,...)
Specifies the target process name used by a process control
system service.
4 TARGET_PROCESS_OWNER
TARGET_PROCESS_OWNER=(uic,...)
Specifies the target process owner (UIC) used by a process
control system service.
4 TARGET_USERNAME
TARGET_USERNAME=(username,...)
Specifies the target user name used by a process control system
service.
4 TERMINAL
TERMINAL=(device-name,...)
Specifies the name of the terminal to be used when selecting
event records. You can represent all or part of the terminal
name with a wildcard.
4 TRANSPORT_NAME
TRANSPORT_NAME=(transport-name,...)
Specifies the name of the transport: interprocess communication
(IPC) or System Management Integrator (SMI), which handles
requests from the System Management utility.
On VAX systems, it also can specify the DECnet transport name (NSP).
4 USERNAME
USERNAME=(username,...)
Specifies the user name to be used when selecting event records.
You can represent all or part of the user name with a wildcard.
4 VOLUME_NAME
VOLUME_NAME=(volume-name,...)
Specifies the name of the mounted (or dismounted) volume to be
used when selecting event records. You can represent all or part
of the volume name with a wildcard.
4 VOLUME_SET_NAME
VOLUME_SET_NAME=(volume-set-name,...)
Specifies the name of the mounted (or dismounted) volume set to
be used when selecting event records. You can represent all or
part of the volume set name with a wildcard.
4 Examples
1.$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records written to the
security audit log file that were generated by user JOHNSON.
2.$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,-
_$ BYPASS) SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records written to the
security audit log file that were generated by events through
the use of either SYSPRV or BYPASS privilege.
3 /SINCE
Indicates the utility must operate on records dated with the
specified time or after the specified time.
Format
/SINCE[=time]
/NOSINCE
time
Specifies the time used to select records. Records dated the
same or later than the specified time are selected. You can
specify an absolute time, a delta time, or a combination of the
two. Observe the syntax rules for date and time described in the
OpenVMS User's Manual.
If you specify /SINCE without the time, the utility uses the
beginning of the current day.
4 Examples
1.$ ANALYZE/AUDIT /SINCE=25-NOV-2000 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects records dated later than
November 25, 2000.
2.$ ANALYZE/AUDIT /SINCE=25-NOV-2000:15:00 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects records written after 3
P.M. on November 25, 2000.
3 /SUMMARY
Specifies that a summary of the selected records be produced
after all records are processed.
You can use the /SUMMARY qualifier alone or in combination with
the /BRIEF, the /BINARY, or the /FULL qualifier.
Format
/SUMMARY=presentation
/NOSUMMARY
presentation
Specifies the presentation of the summary. If you do not specify
a presentation criterion, ANALYZE/AUDIT summarizes the number of
audits.
You can specify either of the following presentations:
COUNT
Lists the total number of audit messages for each class of
security event that have been extracted from the security audit
log file. This is the default.
PLOT
Displays a plot showing the class of the audit event, the time
of day when the audit was generated, and the name of the system
where the audit was generated.
4 Examples
1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example generates a summary report of all
records processed.
Total records read: 9701 Records selected: 9701
Record buffer size: 1031
Successful logins: 542 Object creates: 1278
Successful logouts: 531 Object accesses: 3761
Login failures: 35 Object deaccesses: 2901
Breakin attempts: 2 Object deletes: 301
System UAF changes: 10 Volume (dis)mounts: 50
Rights db changes: 8 System time changes: 0
Netproxy changes: 5 Server messages: 0
Audit changes: 7 Connections: 0
Installed db changes: 50 Process control audits: 0
Sysgen changes: 9 Privilege audits: 91
NCP command lines: 120
2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example generates a full format listing
of all logged audit messages that match the break-in or log
failure event classes. A summary report is included at the end
of the listing.
3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
This command generates a histogram that you can display on a
character-cell terminal.
2 /CRASH_DUMP
Invokes the System Dump Analyzer (SDA) utility to analyze a
specified dump file.
You can use SDA to help determine the causes of system failures.
This utility is also useful for examining the running system by
using the DCL command ANALYZE/SYSTEM.
On Alpha systems, the format is as follows:
Format
ANALYZE {/CRASH_DUMP [/RELEASE][/OVERRIDE] filespec | /SYSTEM}
[/SYMBOL=system-symbol-table]
On VAX systems, the format is as follows:
Format
ANALYZE {/CRASH_DUMP [/RELEASE] filespec | /SYSTEM}
[/SYMBOL=system-symbol-table]
filespec
Name of the crash dump file to be analyzed. The default file
specification is:
SYS$DISK:[default-dir]SYSDUMP.DMP
SYS$DISK and [default-dir] represent the disk and directory
specified in your last SET DEFAULT command. If you do not
specify filespec, SDA prompts you for it.
You cannot specify the /SYSTEM qualifier when you include the
/CRASH_DUMP qualifier in the ANALYZE command.
3 /OVERRIDE
On Alpha systems, when used with the /CRASH_DUMP qualifier,
invokes SDA to analyze the specified dump file if a corruption
or other problem prevents normal invocation of SDA with an
ANALYZE/CRASH_DUMP command.
Format
ANALYZE/CRASH_DUMP/OVERRIDE filespec
filespec
Name of the crash dump file to be analyzed. The default file
specification is:
SYS$DISK:[default-dir]SYSDUMP.DMP
SYS$DISK and [default-dir] represent the disk and directory
specified in your last SET DEFAULT command. If you do not
specify filespec, SDA prompts you for it.
4 Description
Commands that can be used when SDA is invoked with /OVERRIDE are
as follows:
o Output control commands such as SET OUTPUT and SET LOG
o Dump file related commands such as SHOW DUMP and CLUE ERRLOG
Commands that cannot be used are as follows:
o Commands that access memory addresses within the dump file such
as EXAMINE and SHOW SUMMARY
o You cannot specify the /RELEASE qualifier when you include the
/OVERRIDE qualifier in the ANALYZE/CRASH_DUMP command.
4 Examples
$ ANALYZE/CRASH_DUMP/OVERRIDE SYS$SYSTEM:SYSDUMP.DMP
$ ANALYZE/CRASH SYS$SYSTEM
These commands invoke SDA to analyze the crash dump stored in
SYS$SYSTEM:SYSDUMP.DMP.
3 /RELEASE
Invokes SDA to release those blocks in the specified system
paging file occupied by a crash dump.
Format
ANALYZE/CRASH_DUMP/RELEASE filespec
filespec
Name of the system paging file (SYS$SYSTEM:PAGEFILE.SYS).
The default file specification is:
SYS$DISK:[default-dir]SYSDUMP.DMP
Because the default file specification is SYS$DISK and [default-dir]
you must identify the page file explicitly. SYS$DISK and [default-dir]
represent the disk and directory specified in your last DCL command
SET DEFAULT. If you do not specify filespec, SDA prompts you for it.
4 Description
Use the /RELEASE qualifier to release from the system paging file
those blocks occupied by a crash dump. Be aware that when you use
the /RELEASE qualifier, SDA immediately deletes the dump from the
paging file and allows you no opportunity to analyze its contents.
When you specify the /RELEASE qualifier in the ANALYZE command,
do the following:
1. Use the /CRASH_DUMP qualifier.
2. Include the name of the system paging file
(SYS$SYSTEM:PAGEFILE.SYS) as the filespec.
If you do not specify the system paging file or the specified
paging file does not contain a dump, SDA displays one of the
following messages:
%SDA-E-BLKSNRLSD, no dump blocks in page file to release,
or no page file
%SDA-E-NOTPAGFIL, specified file is not the page file
4 Examples
$ ANALYZE/CRASH_DUMP/RELEASE SYS$SYSTEM:PAGEFILE.SYS
$ ANALYZE/CRASH/RELEASE PAGEFILE.SYS
These commands invoke SDA to release to the page file those
blocks in SYS$SYSTEM:PAGEFILE.SYS occupied by a crash dump.
3 /SYMBOL
Specifies an alternate system symbol table for SDA to use.
Format
ANALYZE/CRASH_DUMP/SYMBOL=system-symbol-table
system-symbol-table
On Alpha systems, file specification of the OpenVMS Alpha SDA
system symbol table required by SDA to analyze a system dump.
The specified system-symbol-table must contain those symbols
required by SDA to find certain locations in the executive image.
On Alpha systems, if you do not specify the /SYMBOL qualifier,
SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols
into the SDA symbol table. When you specify the /SYMBOL qualifier,
SDA assumes the default disk and directory to be SYS$DISK and
[default-dir]; that is, the disk and directory specified in your
last SET DEFAULT command. If no device and directory are given
in the file name and the file is not found in the current default
directory, SDA attempts to open the file SDA$READ_DIR:filename.type.
If no type has been given in the file name, SDA assumes .EXE.
If you specify a file for this parameter that is not a system symbol
table, SDA halts with a fatal error.
On VAX systems, file specification of the SDA system symbol
table required by SDA to analyze a system dump. The specified
system-symbol-table must contain those symbols required by SDA
to find certain locations in the executive image.
On VAX systems, if you do not specify the /SYMBOL qualifier, SDA
uses SYS$SYSTEM:SYS.STB by default. When you do specify the
/SYMBOL qualifier, SDA assumes the default disk and directory to be
SYS$DISK; that is, the disk and directory specified in your last
SET DEFAULT command. If you specify a file for this parameter
that is not a system symbol table, SDA halts with a fatal error.
4 Description
On Alpha systems, the /SYMBOL qualifier allows you to specify a
system symbol table other than SDA$READ_DIR:SYS$BASE_IMAGE.EXE to
load into the SDA symbol table. You can use the /SYMBOL qualifier
whether you are analyzing a system dump or a running system.
On Alpha systems, the /SYMBOL qualifier can be used with the
/CRASH_DUMP and /SYSTEM qualifiers. It is ignored when
/OVERRIDE or /RELEASE is specified.
On VAX systems, the /SYMBOL qualifier allows you to specify a
system symbol table other than SYS$SYSTEM:SYS.STB to load into
the SDA symbol table. This might be necessary, for instance,
to analyze a crash dump taken on a processor running a different
version of OpenVMS.
On VAX systems, you can use the /SYMBOL qualifier whether you are
analyzing a system dump or a running system.
4 Examples
On Alpha systems:
$ ANALYZE/CRASH_DUMP/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM
This command invokes SDA to analyze the crash dump stored in
SYS$SYSTEM:SYSDUMP.DMP, using the base image in SDA$READ_DIR.
On VAX systems:
$ ANALYZE/CRASH_DUMP/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM
This command invokes SDA to analyze the crash dump stored
in SYS$SYSTEM:SYSDUMP.DMP, using the system symbol table at
SYS$CRASH:SYS.STB.
3 Examples
On Alpha systems:
$ ANALYZE/CRASH_DUMP SYS$SYSTEM:SYSDUMP.DMP
$ ANALYZE/CRASH SYS$SYSTEM
These commands invoke SDA to analyze the crash dump stored
in SYS$SYSTEM:SYSDUMP.DMP
On VAX systems:
$ ANALYZE/CRASH_DUMP SYS$SYSTEM:CRASHDUMP.DMP.
This command invokes SDA to analyze the crash dump stored
in SYS$SYSTEM:CRASHDUMP.DMP
On Alpha and VAX systems:
$ ANALYZE/CRASH SYS$SYSTEM:PAGEFILE.SYS
This command invokes SDA to analyze a crash dump stored in
the system page file.
2 /DISK_STRUCTURE
The Analyze/Disk_Structure utility checks the readability and
validity of Files-11 Structure Level 1 and Structure Level 2 disk
volumes, and reports errors and inconsistencies.
You can detect most classes of errors by invoking the utility
once and using its defaults.
Format
ANALYZE/DISK_STRUCTURE device-name:[/qualifier]
device-name
Specifies the disk volume or volume set to be verified. If
you specify a volume set, all volumes of the volume set must
be mounted as Files-11 volumes. For information on the Mount
utility, refer to the OpenVMS System Management Utilities
Reference Manual.
3 Qualifiers
Qualifier Description
/CONFIRM Determines whether ANALYZE/DISK_STRUCTURE
prompts you to confirm each repair
/HOMEBLOCKS Erases damaged home blocks on an initialized
volume.
/LIST[=filespec] Determines whether ANALYZE/DISK_STRUCTURE
produces a listing of the index file
/OUTPUT[=filespec] Specifies the output file to which ANALYZE
/DISK_STRUCTURE writes the disk structure errors
/READ_CHECK Determines whether ANALYZE/DISK_STRUCTURE
performs a read check of all allocated blocks
on the specified disk
/RECORD_ATTRIBUTES Determines whether ANALYZE/DISK_STRUCTURE
repairs files containing erroneous settings
in the record attributes section of their
associated file attribute block (FAT)
/REPAIR Determines whether ANALYZE/DISK_STRUCTURE
repairs errors that are detected in the file
structure of the specified device
/USAGE[=filespec] Specifies that a disk usage accounting file
should be produced, in addition to the other
specified functions of ANALYZE/DISK_STRUCTURE
3 /CONFIRM
Determines whether the Analyze/Disk_Structure utility prompts you
to confirm each repair. If you respond with Y or YES, the utility
performs the repair. Otherwise, the repair is not performed.
Format
/CONFIRM
/NOCONFIRM
3 /HOMEBLOCKS
Erases home blocks from a volume whose home blocks were not
deleted during previous initialization operations.
Format
/HOMEBLOCKS
3 /LIST
Determines whether the Analyze/Disk_Structure utility produces a
listing of the index file.
Format
/LIST[=filespec]
/NOLIST
3 /OUTPUT
Specifies the output file to which the Analyze/Disk_Structure
utility is to write the disk structure errors.
Format
/OUTPUT[=filespec]
/[NO]OUTPUT[=filespec]
3 /READ_CHECK
Determines whether the Analyze/Disk_Structure utility performs
a read check of all allocated blocks on the specified disk.
When the Analyze/Disk_Structure utility performs a read check,
it reads the disk twice; this ensures that it reads the disk
correctly. The default is /NOREAD_CHECK.
Format
/READ_CHECK
/NOREAD_CHECK
3 /RECORD_ATTRIBUTES
Determines whether the Analyze/Disk_Structure utility repairs
files containing erroneous settings in the record attributes
section of their associated file attribute block (FAT).
Format
/RECORD_ATTRIBUTES
3 /REPAIR
Determines whether the Analyze/Disk_Structure utility repairs
errors that are detected in the file structure of the specified
device.
Format
/REPAIR
/NOREPAIR
3 /STATISTICS
Produces statistical information about the volume under
verification and creates a file, STATS.DAT, which contains per-
volume statistics.
Format
/STATISTICS
3 /USAGE
Specifies that a disk usage accounting file should be produced
in addition to the other specified functions of the Analyze/Disk_
Structure utility.
Format
/USAGE[=filespec]
2 /ERROR_LOG
The Error Log utility (ERROR LOG) selectively reports the
contents of an error log file.
Starting with OpenVMS Version 7.2, before using the Error
Log utility, you need to translate error log files using the
Binary Error Log Translation utility, which is part of
DECevent. For more information, refer to DECevent
documentation, which is included in the DECevent kit.
Format
ANALYZE/ERROR_LOG [/qualifier(s)] [file-spec[,...]]
3 Qualifiers
/BEFORE
/BEFORE[=date-time]
Specifies that only those entries dated earlier than the stated
date and time are to be selected for the error report. If you do
not specify a date or time, all entries are processed.
/BINARY
/BINARY[=file-spec]
/NOBINARY
Controls whether the binary error log records are converted to
ASCII text or copied to the specified output file.
Do not use /BINARY with the /FULL, /BRIEF, /OUTPUT, or /REGISTER_
DUMP qualifiers. These qualifiers generate an ASCII report;
/BINARY generates a binary file.
/BRIEF
Generates a brief report. Do not use /BRIEF with the /BINARY
qualifier.
/ENTRY
/ENTRY[=(START:decimal-value[,END:decimal-value])]
Generates an error log report that includes the specified entry
range or starts at the specified entry number. If you specify
/ENTRY without the entry range or omit the qualifier, the entry
range defaults to START:1,END:end-of-file.
/EXCLUDE
/EXCLUDE=
{ device-class }
( { device-name } [,...])
{ entry-type }
{ }
Excludes errors generated by the specified device class, device
name, or error log entry type from the error log report. If you
specify more than one keyword, you must specify a comma-separated
list of values that is enclosed in parentheses.
You can specify one or more devices by device class or name. The
following keywords and name constructs are valid for specifying
devices:
Device Class Keywords:
ADAPTER
BUSES
CACHE
DISKS
INFORMATIONAL
LINE_PRINTER
REALTIME
SYNC_COMMUNICATIONS
TAPES
VECTOR
WORKSTATION
Device Name Constructs:
DB Group of devices
DBA1 Specific device/unit number
(DBA1,HSC1$DUA1,DYA0) List of devices
(DB,DR,XF) List of device groups
You can specify one or more of the following keywords that
identify entry types:
ATTENTIONS Exclude device attention entries from the
report.
BUGCHECKS Exclude all types of bugcheck entries from
the report.
CONFIGURATION Exclude system configuration entries from
the report.
CONTROL_ENTRIES Exclude control entries from the report.
Control entries include the following
entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to
send messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Exclude CPU-related entries from the
report. CPU entries include the following
entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ERRORS Exclude device error entries from the report.
ENVIRONMENTAL_ENTRIES Exclude environmental entries from the report.
MACHINE_CHECKS Exclude machine check entries from the report.
MEMORY Exclude memory errors from the report.
SYNDROME Exclude console-generated entries that
describe a symptom set used by Compaq
support personnel to identify problems.
TIMEOUTS Exclude device timeout entries from the report.
UNKNOWN_ENTRIES Exclude any entry that had either an
unknown entry type or an unknown device
type or class.
UNSOLICITED_MSCP Exclude unsolicited MSCP entries from the
output report.
VOLUME_CHANGES Exclude volume mount and dismount entries
from the report.
/FULL
/FULL (D)
/NOFULL
Generates a full report that provides all available information
for an error log entry. Do not use /FULL with the /BINARY
qualifier.
/INCLUDE
/INCLUDE=
{ device-class }
( { device-name } [,...])
{ entry-type }
{ }
Includes errors generated by the specified device class, device
name, or error log entry type in the error log report. If you
specify more than one keyword, you must specify a comma-separated
list of values that is enclosed in parentheses.
You can specify one or more devices by device class or name. The
following keywords and name constructs are valid for specifying
devices:
Device Class Keywords:
ADAPTER
BUSES
CACHE
DISKS
INFORMATIONAL
LINE_PRINTER
REALTIME
SYNC_COMMUNICATIONS
TAPES
VECTOR
WORKSTATION
Device Name Constructs:
DB Group of devices
DBA1 Specific device/unit number
(DBA1,HSC1$DUA1,DYA0) List of devices
(DB,DR,XF) List of device groups
You can specify one or more of the following keywords that
identify entry types:
ATTENTIONS Include device attention entries in the
report.
BUGCHECKS Include all types of bugcheck errors in
the report.
CONFIGURATION Include system configuration entries in
the report.
CONTROL_ENTRIES Include control entries in the report.
Control entries include the following
entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to
send messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Include CPU-related entries in the report.
CPU entries include the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ERRORS Include device errors in the report.
ENVIRONMENTAL_ENTRIES Include environmental entries in the report.
MACHINE_CHECKS Include machine check errors in the report.
MEMORY Include memory errors in the report.
SYNDROME Include console-generated entries that
describe a symptom set used by Compaq
support personnel to identify problems.
TIMEOUTS Include device timeout errors in the report.
UNKNOWN_ENTRIES Include any entry that had either an
unknown entry type or an unknown device
type or class.
UNSOLICITED_MSCP Include unsolicited MSCP entries in the
output report.
VOLUME_CHANGES Include volume mount and dismount entries
in the report.
/LOG
/LOG
/NOLOG (D)
Controls whether informational messages that specify the number
of entries selected and rejected for each input file are sent to
SYS$OUTPUT.
/MODEL
/MODEL=(hexadecimal-value[,...])
Generates a report consisting of event log entries that occurred
on the specified CPU. If you specify more than one hexadecimal
value, you must specify a comma-separated list of values that is
enclosed in parentheses. (Alpha only)
/NODE
/NODE=(node-name[,...])
Generates a report consisting of error log entries for specific
nodes in an OpenVMS Cluster system. If you specify more than one
node name, you must specify a comma-separated list of values that
is enclosed in parentheses.
/OUTPUT
/OUTPUT[=file-spec]
Specifies the output file for the error log report. If you omit
the output file specification, output is directed to SYS$OUTPUT.
Do not use /OUTPUT with the /BINARY qualifier.
/REGISTER_DUMP
Used in conjunction with the /INCLUDE qualifier to generate, in
a hexadecimal longword format, a report that consists of device
register information. Do not use /REGISTER_DUMP with the /BINARY
qualifier.
/REJECTED
/REJECTED[=file-spec]
Allows you to specify the name of a file that will contain binary
records for rejected entries. If you do not specify an output
file, the data are written to the file ERRLOG.REJ in your current
directory.
/SID_REGISTER
/SID_REGISTER=(hexadecimal-value[,...])
Generates a report consisting of error log entries that occurred
on the specified CPU. If you specify more than one hexadecimal
value, you must specify a comma-separated list of values that is
enclosed in parentheses. (VAX only)
/SINCE
/SINCE[=date-time]
Specifies that only those entries dated later than the stated
date and time are to be selected for the report. If you specify
/SINCE without a date and time, the default is TODAY. If you omit
the /SINCE qualifier, all entries are processed.
/STATISTICS
Generates run-time statistical information.
3 Examples
1. $ ANALYZE/ERROR_LOG/BEFORE=19-APR-2000:10:00 ERRLOG.OLD;5
In this example, the error log report generated for ERRLOG.OLD;5
contains entries that were logged before 10:00 a.m on April 19, 2000.
2. $ ANALYZE/ERROR_LOG/INCLUDE=DBA1/BINARY=DBA1_ERR.DAT ERRLOG.OLD;5
In this example, the output file DBA1_ERR.DAT contains image
copies of the entries that apply to DBA1.
3. $ ANALYZE/ERROR_LOG/BRIEF ERRLOG.OLD;97
In this example, the error log report generated from
ERRLOG.OLD;97 contains minimal information.
4. $ ANALYZE/ERROR_LOG/ENTRY=(START:1,END:18) ERRLOG.SYS
In this example, the entry range for the error log report
generated from file ERRLOG.SYS is limited to entry numbers 1
through 18.
5. $ ANALYZE/ERROR_LOG/EXCLUDE=MTA0
In this example, the error log entries for the device MTA0 are
excluded from the error log report for the file ERRLOG.SYS.
6. $ ANALYZE/ERROR_LOG/EXCLUDE=(MTA0,DRA5) ERRLOG.OLD
In this example, the devices MTA0 and DRA5 are excluded from the
error log report for the file ERRLOG.OLD.
7. $ ANALYZE/ERROR_LOG/EXCLUDE=TAPES/INCLUDE=MTA0
In this example, the device MTA0 is included in the error log
report for the file ERRLOG.SYS. All other magnetic tape devices
are excluded from the report.
8. $ ANALYZE/ERROR_LOG/INCLUDE=(DISK,VOLUME_CHANGES, -)
_$ DEVICE_ERROR,BUGCHECK
In this example, the report consists of error log entries for
volume and device error information on disks, and bugcheck
errors. These entries are in the default error log file
ERRLOG.SYS.
9. $ ANALYZE/ERROR_LOG/MODEL=415 ERRLOG.SYS
In this example, the output consists of only those entries
that were logged for the system with a model type of 00000415
(hexadecimal).
10. $ ANALYZE/ERROR_LOG/NODE=(ORANGE,NASSAU) -
_$ SYS$SYSROOT:[SYS*.SYSERR]ERRLOG.SYS
In this example, the OpenVMS Cluster system consists of members
BROOME, NASSAU, ORANGE, and PUTNAM. The output contains only
those entries that were logged for nodes NASSAU and ORANGE.
11. $ ANALYZE/ERROR_LOG/INCLUDE=DB/REGISTER_DUMP ERRLOG.OLD;72
In this example, the output is in the format of a REGISTER_DUMP
report containing entries that apply only to the DB device.
12. $ ANALYZE/ERROR_LOG/INCLUDE=MTA0 -
_$ /REJECTED=REAL_ERRS.DAT ERRLOG.OLD;5
In this example, the output file REAL_ERRS.DAT contains image
copies of all entries from ERRLOG.OLD;5, with the exception of
those entries that apply to the MTA0 device.
13. $ ANALYZE/ERROR_LOG/SID_REGISTER=02006148 ERRLOG.OLD;72
The /SID_REGISTER qualifier is for VAX only. In this example,
the output consists of only those entries that were logged for
the system with an ID of 02006148 (hexadecimal).
14. $ ANALYZE/ERROR_LOG/STATISTICS ERRLOG.OLD;4
In this example, the output generated by this command consists
of a full report of all entries in ERRLOG.OLD;4 and the run-time
statistics for the execution of the command.
15. $ ANALYZE/ERROR_LOG/INCLUDE=DBA4/NOFULL/SUMMARY ERRLOG.OLD;5
The /SUMMARY qualifier is for VAX only. The output generated
by the command in this example includes the summary report. The
report contains the entries that apply to the DBA4 device: device
error, device timeout, and device attention.
3 /SINCE
Specifies that only those entries dated later than the stated
date and time are to be selected for the report.
Format
/SINCE [=date-time]
date-time
Limits the error report to those entries dated later than the
specified time. If you specify /SINCE without a date and time,
the default is TODAY. If you omit the /SINCE qualifier, all
entries are processed.
4 Description
Only absolute date and time specifications are valid. See the
OpenVMS User's Manual for details on specifying times.
4 Example
$ ANALYZE/ERROR_LOG/SINCE=19-APR-2000:15:00 ERRLOG.OLD;56
In this example, the error log report generated from
ERRLOG.OLD;56 contains entries that have been logged since
15:00 on April 19, 2000.
3 /STATISTICS
Generates run-time statistical information.
Format
/STATISTICS
4 Description
Use the /STATISTICS qualifier to generate a report that consists
of the page faults, buffered I/O, direct I/O, and CPU time used
in the execution of the ANALYZE/ERROR_LOG command.
4 Example
$ ANALYZE/ERROR_LOG/STATISTICS ERRLOG.OLD;4
In this example, the output generated by this command consists
of a full report of all entries in ERRLOG.OLD;4 and the run-time
statistics for the execution of the command.
2 /IMAGE
Analyzes the contents of an executable image file or a shareable
image file on Alpha systems, VAX systems, and translated VAX images
and checks for obvious errors in the image file. The /IMAGE
qualifier is required. For general information about image files,
see the description of the linker in the OpenVMS Linker Utility
Manual. (Use the ANALYZE/OBJECT command to analyze the contents
of an object file.)
Format
ANALYZE/IMAGE filespec[,...]
3 Parameter
filespec[,...]
Specifies the name of one or more image files that you want
analyzed. You must specify at least one file name. If you specify
more than one file, separate the file specifications with either
commas (,) or plus signs (+). The default file type is EXE.
The asterisk (*) and the percent sign (%) wildcard characters
are allowed in the file specification.
3 Description
The ANALYZE/IMAGE command provides a description of the
components of an executable image file or shareable image file.
It also verifies that the structure of the major parts of the
image file is correct. However, the ANALYZE/IMAGE command cannot
ensure that program execution is error free.
If errors are found, the first error of the worst severity is
returned. For example, if a warning (A) and two errors (B and
C) are found, the first error (B) is returned as the image exit
status. The image exit status is placed in the DCL symbol $STATUS
at image exit.
The ANALYZE/IMAGE command distinguishes Alpha system image files
from VAX system image files by examining the extended image
header (EIHD).
The ANALYZE/IMAGE command provides the following information:
o Image type - Identifies whether the image is executable or
shareable.
o Image transfer addresses - Identify the addresses to which
control is passed at image execution time.
o Image version - Identifies the revision level (major ID and
minor ID) of the image.
o Location and size of the image's symbol vector (Alpha only)
o Location of the debugger symbol table (DST) - Identifies the
location of the DST in the image file. DST information is
present only in executable images that have been linked with
the /DEBUG or the /TRACEBACK command qualifier.
o Location of the global symbol table (GST) - Identifies the
location of the GST in the image file. GST information is
present only in shareable image files.
o Patch information - Indicates whether the image has been patched
(changed without having been recompiled or reassembled and
relinked). If a patch is present, the actual patch code can be
displayed.
o Image section descriptors (ISD) - Identify portions of the image
binary contents that are grouped in OpenVMS Cluster systems
according to their attributes. An ISD contains information
that the image activator needs when it initializes the address
space for an image. For example, an ISD tells whether the ISD
is shareable, whether it is readable or writable, whether it
is based or position independent, and how much memory should
be allocated.
o Fixup vectors - Contain information that the image activator
needs to ensure the position independence of shareable image
references.
o System version categories - For an image that is linked against
the executive (the system shareable image on Alpha or the
system symbol table on VAX), displays both the values of the
system version categories for which the image was linked
originally and the values for the system that is currently
running. You can use these values to identify changes in the
system since the image was linked last.
The ANALYZE/IMAGE command has command qualifiers and positional
qualifiers. By default, if you do not specify any positional
qualifiers (for example, /GST or /HEADER), the entire image is
analyzed. If you do specify a positional qualifier, the analysis
excludes all other positional qualifiers except the /HEADER
qualifier (which is always enabled) and any qualifier that you
request explicitly.
3 Qualifiers
/FIXUP_SECTION
Positional qualifier.
Specifies that the analysis should include all information in the
fixup section of the image.
If you specify the /FIXUP_SECTION qualifier after the ANALYZE
/IMAGE command, the fixup section of each image file in the
parameter list is analyzed.
If you specify the /FIXUP_SECTION qualifier after a file
specification, only the information in the fixup section of that
image file is analyzed.
/GST
Positional qualifier.
Specifies that the analysis should include all global symbol
table records. This qualifier is valid only for shareable images.
If you specify the /GST qualifier after the ANALYZE/IMAGE
command, the global symbol table records of each image file
in the parameter list are analyzed.
If you specify the /GST qualifier after a file specification,
only the global symbol table records of that file are analyzed.
/HEADER
Positional qualifier.
Specifies that the analysis should include all header items and
image section descriptions. The image header items are always
analyzed.
/INTERACTIVE
/INTERACTIVE
/NOINTERACTIVE (default)
Specifies whether the analysis is interactive. In interactive
mode, as each item is analyzed, the results are displayed on
the screen and you are asked whether you want to continue.
/OUTPUT
/OUTPUT=filespec
Identifies the output file for storing the results of the image
analysis. The asterisk (*) and the percent sign (%) wildcard
characters are not allowed in the file specification. If you
specify a file type and omit the file name, the default file
name ANALYZE is used. The default file type is ANL. If you omit
the qualifier, the results are output to the current SYS$OUTPUT
device.
/PATCH_TEXT
Positional qualifier.
Specifies that the analysis include all patch text records.
If you specify the /PATCH_TEXT qualifier after the ANALYZE
/IMAGE command, the patch text records of each image file in
the parameter list are analyzed.
If you specify the /PATCH_TEXT qualifier after a file
specification, only the patch text records of that file are
analyzed.
/SELECT
/SELECT=(keyword[,...])
Allows for the collection of specific image or object file
information and displays the selected keyword items in the
order specified.
The keywords are as follows:
Keyword Description
ARCHITECTURE Returns "OpenVMS Alpha" if the file is either
an OpenVMS Alpha image or object file. Returns
"OpenVMS VAX" if the file is either an OpenVMS VAX
image or object file. Otherwise, returns "Unknown".
BUILD_ For OpenVMS Alpha image files, returns the image build
IDENTIFICATION identification stored in the image header, enclosed in
quotation marks. For OpenVMS VAX image files, the null
string that is represented by adjacent quotation marks
is returned. Otherwise, returns "Unknown".
FILE_TYPE Returns "Image" if the file is an OpenVMS VAX or
Alpha image file. Returns "Object" if the file
is an OpenVMS VAX or Alpha object file. Otherwise,
returns "Unknown".
IDENTIFICATION For both OpenVMS Alpha and VAX image files, returns the
image identification that is stored in the image header,
enclosed in quotation marks. Otherwise, returns
"Unknown".
IMAGE_TYPE Returns "Shareable" if the file is either an OpenVMS
Alpha or OpenVMS VAX sharable image file. Returns
"Executable" if the file is either an OpenVMS Alpha
or OpenVMS VAX executable (nonsharable) image file.
Otherwise, returns "Unknown".
LINK_TIME For both OpenVMS Alpha and VAX image files, returns
the image link time that is stored in the image header,
enclosed in quotation marks. Otherwise, returns
"Unknown".
NAME For both OpenVMS Alpha and VAX image files, returns
the image name that is stored in the image header,
enclosed in quotation marks. Otherwise, returns
"Unknown".
3 Examples
1.$ ANALYZE/IMAGE LINEDT
The ANALYZE/IMAGE command in this example produces a
description and an error analysis of the image LINEDT.EXE.
Output is sent to the current SYS$OUTPUT device. By default,
the entire image is analyzed.
2.$ ANALYZE/IMAGE/OUTPUT=LIALPHEX/FIXUP_SECTION/PATCH_TEXT LINEDT,ALPRIN
The ANALYZE/IMAGE command in this example produces a
description and an error analysis of the fixup sections
and patch text records of LINEDT.EXE and ALPRIN.EXE in file
LIALPHEX.ANL. Output is sent to the file LIALPHEX.ANL.
3.$ ANALYZE/IMAGE/SELECT=(ARCH,FILE,NAME,IDENT,BUILD,LINK) *.EXE
DISK:[DIRECTORY]ALPHA.EXE;1
OpenVMS ALPHA
Image
"Test image ALPHA"
"A11-27"
"X5SC-SSB-0000"
13-APR-2000 07:16:19.24
DISK:[DIRECTORY]NO_HEADER.EXE;1
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
DISK:[DIRECTORY]VAX.EXE;1
OpenVMS VAX
Image
"Test image VAX"
"V11-27"
""
4-NOV-2000 13:18:40:70
This example displays the information requested about the executable
file, ALPHA.EXE, the unknown file, NO_HEADER.EXE, and the executable
file, VAX.EXE.
2 /MEDIA
Invokes the bad block locator utility (bad), which analyzes
block-addressable devices and records the location of blocks that
cannot reliably store data. The /MEDIA qualifier is required. For
a complete description of BAD, including information about the
ANALYZE/MEDIA command and its qualifiers, see the OpenVMS Bad Block
Locator Utility Manual.
Format
ANALYZE/MEDIA device
device
Specifies the device that bad will analyze. The device has the form:
ddcu: or logical-name
3 Qualifiers
/BAD_BLOCKS
/BAD_BLOCKS[=LIST]
Adds the specified bad blocks to the detected bad block file
(DBBF). If the /BAD_BLOCK qualifier is specified along with the
/EXERCISE qualifier, the medium is tested once the bad blocks are
added to the DBBF.
If you do not specify a value for the /BAD_BLOCK qualifier, you are
prompted as follows:
BAD_BLOCKS =
In prompt mode, BAD reports any duplicate bad blocks.
Qualifier Value
List
Specifies the bad block locations to be added to the DBBF. Valid
codes for specifying bad block locations are:
Code Meaning
LBN Specifies the logical block number (LBN)
of a single bad block.
LBN:count Specifies a range of contiguous bad blocks
starting at the logical block number (LBN)
and continuing for "count" blocks.
SEC.TRK.CYL Specifies the physical disk address (sector,
track, and cylinder) of a single bad
sector. This code is valid only for last
track devices.
SEC.TRK.CYL:count Specifies a range of bad sectors starting
at the specified physical disk address
(sector, track, and cylinder) and continuing
for "count" sectors. This code is valid
only for last track devices.
You can specify these formats in any
integer combination or radix combination.
Note
The term "block" denotes a standard unit of 512
bytes, whereas the term "sector" denotes the
physical size of the device sector, which is not
always the same for all devices. For example, an
RL02 has a sector size of 256 bytes, while an RK07
has a standard sector size of 512 bytes.
/EXERCISE
/EXERCISE=(FULL,[NO]KEEP,PATTERN)
/NOEXERCISE (default)
Controls whether the media should actually be tested. You can
update the DBBF without erasing the contents of the volume by
using the /NOEXERCISE qualifier along with the /BAD_BLOCKS
qualifier.
Qualifier Keywords
FULL
Causes BAD to test the media using three test patterns (0s,
1s, and "worst case") instead of the default single "worst
case" pattern. The FULL keyword can be used only with
/EXERCISE. Note that the "worst case" test pattern always
remains on media tested with the /EXERCISE qualifier.
KEEP
Ensures the preservation of the current software detected bad
block file (SDBBF). The keep keyword is the default when
/NOEXERCISE is specified.
NOKEEP
Causes BAD to create a new SDBBF. The NOKEEP keyword is the
default when /EXERCISE is specified. This keyword cannot be
used with the /NOEXERCISE qualifier.
PATTERN=(value[,...])
Allows users to specify the value of a test pattern to be
used as "worst case". Up to an octaword of test pattern
data may be specified in decimal (%D), hexadecimal (%X),
or octal (%O) radixes. The default radix is decimal.
The pattern is specified in longwords. If two or more
longwords are specified, they must be enclosed in
parentheses and separated by commas.
/LOG
/LOG
/NOLOG (default)
Specifies whether a message is sent to the current SYS$OUTPUT
device and SYS$ERROR, indicating the total number of bad blocks
detected by BAD.
/OUTPUT
/OUTPUT[=filespec]
Specifies whether the contents of the DBBF are written to the
specified file. If you omit the /OUTPUT qualifier, no output
is generated.
If you specify /OUTPUT but omit the filespec, the contents of
the DBBF are written to the current SYS$OUTPUT device.
When you specify /OUTPUT, the /SHOW=AFTER qualifier is implied.
Qualifier Value
filespec
Identifies the output file for storing the results of the
medium analysis. If you specify a file type and omit the
file name, the default file name ANALYZE is used. The default
file type is ANL. If you omit the filespec, the results are
output to the current SYS$OUTPUT device.
No wildcard characters are allowed in the file specification.
/RETRY
/RETRY
/NORETRY (default)
Enables the device driver to retry soft errors.
/SHOW
/SHOW[=(keyword[,...])]
Lists the contents of the DBBF before or after (or both) the
medium is exercised or modified.
Qualifier Keywords
[NO]BEFORE,[NO]AFTER
Specifies whether the contents of the DBBF are listed before or
after (or both) the medium is exercised. After is the default.
3 Examples
In examples 1 and 2, the contents of the data region on the medium
are not altered or destroyed; in examples 3, 4, and 5, all the data
on the medium is destroyed.
1. $ ANALYZE/MEDIA/BAD_BLOCKS=(4.4.4:3) DBA1:
The /BAD_BLOCKS qualifier in this example specifies a range of 3
bad blocks beginning at the physical disk address sector 4, track
4, cylinder 4. This range is added to the DBBF.
2. $ ANALYZE/MEDIA/LOG DBB1:
DEVICE DBB1: CONTAINS A TOTAL OF 340670 BLOCKS; 11 DEFECTIVE
BLOCKS DETECTED.
The command in this example requests BAD to report the total
number of bad blocks recorded in DBBFs for the disk mounted on
DBB1:. The medium is not exercised or altered in any way.
3. $ ANALYZE/MEDIA/EXERCISE/BAD_BLOCKS=(2) DBB1:
The command in this example adds the bad block specification to
the DBBF and then tests the media. The bad block in this example
is located at logical block number (LBN) 2.
4. $ ANALYZE/MEDIA/EXERCISE=KEEP DBA1:
This command tests the media while preserving the current SDBBF.
5. $ ANALYZE/MEDIA/EXERCISE/RETRY DBB1:
The command in this example directs the device driver to retry soft
errors.
2 /OBJECT
Analyzes the contents of an object file. Also checks for any obvious
errors. The /OBJECT qualifier is required. (Use the ANALYZE/IMAGE
command to analyze the contents of an image file.)
Format
ANALYZE/OBJECT filespec[,...]
filespec[,...]
Specifies the object files or object module libraries you want
analyzed (the default file type is OBJ). Use commas (,) or plus
signs (+) to separate file specifications. The asterisk (*) and
percent sign (%) wildcard characters are allowed in the file
specification.
3 Description
The ANALYZE/OBJECT command describes the contents of one or more
object modules contained in one or more files. It also performs
a partial error analysis. This analysis determines whether all
records in an object module conform in content, format, and
sequence to the specifications of the Alpha or VAX object language.
The ANALYZE/OBJECT command automatically distinguishes Alpha
objects from VAX objects by examining the format of the extended
object modules header (EOMH).
ANALYZE/OBJECT is intended primarily for programmers of compilers,
debuggers, or other software involving the operating system's
object modules. It checks that the object language records
generated by the object modules are acceptable to the Linker
utility, and it identifies certain errors in the file. It also
provides a description of the records in the object file or
object module library. For more information on the linker and on
the Alpha and VAX object languages, refer to the OpenVMS Linker
Utility Manual.
The ANALYZE/OBJECT command analyzes the object modules in order,
record by record, from the first to the last record in the object
module. Fields in each record are analyzed in order from the
first to the last field in the record. After the object module
is analyzed, you should compare the content and format of each
type of record to the required content and format of that record
as described by the OpenVMS Alpha or OpenVMS VAX object language.
This comparison is particularly important if the analysis output
contains a diagnostic message.
Linking an object module differs from analyzing an object module.
Object language commands are not executed in an analysis, but
they are executed in a linking operation. As a result, even if
the analysis is error free, the linking operation may not be. In
particular, the analysis does not check the following:
o That data arguments in TIR commands are in the correct format.
o That "Store Data" TIR commands are storing within legal
address limits.
Therefore, as a final check, you should still link an object
module whose analysis is error free.
If an error is found, however, the first error of the worst
severity that is discovered is returned. For example, if a
warning (A) and two errors (B and C) are signaled, then the first
error (B) is returned as the image exit status, which is placed
in the DCL symbol $STATUS at image exit.
ANALYZE/OBJECT uses positional qualifiers; that is, qualifiers
whose function depends on their position in the command line.
When a positional qualifier precedes all of the input files in
a command line, it affects all input files. For example, the
following command line requests that the analysis include the
global symbol directory records in files A, B, and C:
$ ANALYZE/OBJECT/GSD A,B,C
Conversely, when a positional qualifier is associated with only
one file in the parameter list, only that file is affected. For
example, the following command line requests that the analysis
include the global symbol directory records in file B only:
$ ANALYZE/OBJECT A,B/GSD,C
Typically, all records in an object module are analyzed. However,
when the /DBG, /EOM, /GSD, /LNK, /MHD, /TBT, or /TIR qualifier is
specified, only the record types indicated by the qualifiers are
analyzed. All other record types are ignored.
By default, the analysis includes all record types unless
you explicitly request a limited analysis using appropriate
qualifiers.
Note
End-of-module (EOM) records and module header (MHD) records
are always analyzed, no matter which qualifiers you specify.
3 Qualifiers
/DBG
/DBG
Positional qualifier.
Specifies that the analysis should include all debugger information
records. If you want the analysis to include debugger information
for all files in the parameter list, insert the /DBG qualifier
immediately following the /OBJECT qualifier. If you want the
analysis to include debugger information selectively, insert the
/DBG qualifier immediately following each of the selected file
specifications.
/EOM
/EOM
Positional qualifier.
Specifies that the analysis should be limited to MHD records, EOM
records, and records explicitly specified by the command. If you
want this to apply to all files in the parameter list, insert the
/EOM qualifier immediately following the /OBJECT qualifier.
To make the /EOM qualifier applicable selectively, insert it
immediately following each of the selected file specifications.
Note
End-of-module records can be EOM or EOMW records. See the
OpenVMS Linker Utility Manual for more information.
/GSD
/GSD
Positional qualifier.
Specifies that the analysis should include all global symbol
directory (GSD) records.
If you want the analysis to include GSD records for each file
in the parameter list, specify the /GSD qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include GSD records selectively,
insert the /GSD qualifier immediately following each of the
selected file specifications.
/INCLUDE
/INCLUDE[=(module[,...])]
When the specified file is an object module library, use this
qualifier to list selected object modules within the library for
analysis. If you omit the list or specify an asterisk (*), all
modules are analyzed. If you specify only one module, you can
omit the parentheses.
/INTERACTIVE
/INTERACTIVE
/NOINTERACTIVE (default)
Controls whether the analysis occurs interactively. In
interactive mode, as each record is analyzed, the results
are displayed on the screen, and you are asked whether you
want to continue.
/LNK
/LNK
Positional qualifier.
Specifies that the analysis should include all link option
specification (LNK) records.
If you want the analysis to include LNK records for each file
in the parameter list, specify the /LNK qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include LNK records selectively,
insert the /LNK qualifier immediately following each of the
selected file specifications.
/MHD
/MHD
Positional qualifier.
Specifies that the analysis should be limited to MHD records,
EOM records, and records explicitly specified by the command.
If you want this analysis to apply to all files in the parameter
list, insert the /MHD qualifier immediately following the /OBJECT
qualifier.
To make the /MHD qualifier applicable selectively, insert
immediately following each of the selected file specifications.
/OUTPUT
/OUTPUT[=filespec]
Directs the output of the object analysis (the default is
SYS$OUTPUT). If you specify a file type and omit the file name,
the default file name ANALYZE is used. The default file type is
ANL.
The asterisk (*) and the percent sign (%) wildcard characters are
not allowed in the file specification.
/SELECT
/SELECT=(keyword[,...])
Allows for the collection of specific image or object file information
and displays the selected keyword items in the order specified.
The keywords are as follows:
Keyword Description
ARCHITECTURE Returns "OpenVMS Alpha" if the file is either
an OpenVMS Alpha image or object file. Returns
"OpenVMS VAX" if the file is either an OpenVMS VAX
image or object file. Otherwise, returns "Unknown".
BUILD_ For OpenVMS Alpha image files, returns the image build
IDENTIFICATION identification stored in the image header, enclosed in
quotation marks. For OpenVMS VAX image files, the null
string that is represented by adjacent quotation marks
is returned. Otherwise, returns "Unknown".
FILE_TYPE Returns "Image" if the file is an OpenVMS VAX or
Alpha image file. Returns "Object" if the file
is an OpenVMS VAX or Alpha object file. Otherwise,
returns "Unknown".
IDENTIFICATION For both OpenVMS Alpha and VAX image files, returns the
image identification that is stored in the image header,
enclosed in quotation marks. Otherwise, returns
"Unknown".
IMAGE_TYPE Returns "Shareable" if the file is either an OpenVMS
Alpha or OpenVMS VAX sharable image file. Returns
"Executable" if the file is either an OpenVMS Alpha
or OpenVMS VAX executable (nonsharable) image file.
Otherwise, returns "Unknown".
LINK_TIME For both OpenVMS Alpha and VAX image files, returns the
image link time that is stored in the image header,
enclosed in quotation marks. Otherwise, returns
"Unknown".
NAME For both OpenVMS Alpha and VAX image files, returns
the image name that is stored in the image header,
enclosed in quotation marks. Otherwise, returns
"Unknown".
/TBT
/TBT
Positional qualifier.
Specifies that the analysis should include all module traceback
(TBT) records.
If you want the analysis to include TBT records for each file
in the parameter list, specify the /TBT qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include TBT records selectively,
insert the /TBT qualifier immediately following each of the
selected file specifications.
/TIR
/TIR
Positional qualifier.
Specifies that the analysis should include all text information
and relocation (TIR) records.
If you want the analysis to include TIR records for each file
in the parameter list, specify the /TIR qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include TIR records selectively,
insert the /TIR qualifier immediately following the selected
file specifications.
3 Examples
1.$ ANALYZE/OBJECT/INTERACTIVE LINEDT
In this example, the ANALYZE/OBJECT command produces a
description and a partial error analysis of the object file
LINEDT.OBJ. By default, all types of records are analyzed.
Output is to the terminal because the /INTERACTIVE qualifier
has been used. As each item is analyzed, the utility displays
the results on the screen and asks if you want to continue.
2.$ ANALYZE/OBJECT/OUTPUT=LIOBJ/DBG LINEDT
In this example, the ANALYZE/OBJECT command analyzes only the
debugger information records of the file LINEDT.OBJ. Output is
to the file LIOBJ.ANL.
3.$ ANALYZE/OBJECT/SELECT=(ARCH,FILE) *.OBJ
DISK:[DIRECTORY]ALPHA.OBJ;1
OpenVMS ALPHA
Object
DISK:[DIRECTORY]MISNAMED.OBJ;1
Unknown
Unknown
DISK:[DIRECTORY]VAX.OBJ;1
OpenVMS VAX
Object
This example displays the information requested about the object
file, ALPHA.OBJ, the unknown file, MISNAMED.OBJ, and the object
file, VAX.OBJ.
2 /PROCESS_DUMP
Invokes the OpenVMS Debugger to analyze a process dump file that
was created when an image failed during execution. (Use the /DUMP
qualifier with the RUN or the SET PROCESS command to generate a
dump file.)
Note that on Alpha systems, you can also force a process to dump by
using the DUMP/PROCESS command.
The ANALYZE/PROCESS_DUMP command can display a process dump file
for either an Alpha or a VAX image. For a complete description
of the debugger, including information about the DEBUG command,
refer to the OpenVMS Debugger Manual.
Requires read (R) access to the dump file.
Format
ANALYZE/PROCESS_DUMP dump-file
dump-file
Specifies the dump file to be analyzed with the debugger.
3 Qualifiers
/FULL
On VAX and Alpha systems, displays all known information about the
failing process.
/IMAGE
/IMAGE=image-name
/NOIMAGE
On VAX systems, specifies the image to be activated to set up the
process context for the analysis. If you use the /NOIMAGE qualifier,
the DELTA debugger will be used for the analysis.
By default, symbols are taken from the image with the same name as
the image that was running at the time of the dump.
/IMAGE_PATH
/IMAGE_PATH[=directory-spec] dump-file
/NOIMAGE_PATH
On Alpha systems, specifies the search path the debugger is to use
to find the debugger symbol table (DST) file. As in prior debuggers,
the debugger builds an image list from the saved process image list.
When you set an image (the main image is automatically set), the
debugger attempts to open that image in order to find the DST file.
If you include the /IMAGE_PATH=directory-spec qualifier, the
debugger searches for the DST file in the specified directory.
The debugger first tries to translate directory-spec as the logical
name of a directory search list. If that fails, the debugger
interprets directory-spec as a directory specification, and searches
that directory for matching .DSF or .EXE files. A .DSF file takes
precedence over an .EXE file. The name of the .DSF or .EXE file
must match the image.
If you do not include the /IMAGE_PATH=directory-spec qualifier,
the debugger looks for the DST file first in the directory that
contains the dump file. If that fails, the debugger searches
directory SYS$SHARE and then directory SYS$MESSAGE. If the debugger
fails to find a DST file for an image, the symbolic information
available to the debugger is limited to global and universal symbol
names.
Version 7.3 and later debuggers check for dumpfile image specification
and DST file link date-time mismatches and issue a warning if one is
discovered.
The dump-file parameter is the name of the process dump file to
be analyzed. Note that the process dump file file type must be .DMP
and the DST file type must be either .DSF or .EXE.
/INTERACTIVE
/INTERACTIVE
/NOINTERACTIVE (default)
On VAX systems, causes the display of information to pause when your
terminal screen is filled. Press Return to display additional
information. By default, the display is continuous.
/MISCELLANEOUS
On VAX systems, displays process information and registers at the
time of the dump. Refer to the $GETJPI system service for further
explanation of the process information displayed.
/RELOCATION
On VAX systems, displays the addresses to which data structures saved
in the dump are mapped in P0 space. (Examples of such data structures
are the stacks.) The data structures in the dump must be mapped into P0
space so that the debugger can use those data structures in P1 space.
3 Examples
1.$ ANALYZE/PROCESS/FULL ZIPLIST
R0 = 00018292 R1 = 8013DE20 R2 = 7FFE6A40 R3 = 7FFE6A98
R4 = 8013DE20 R5 = 00000000 R6 = 7FFE7B9A R7 = 0000F000
R8 = 00000000 R9 = 00000000 R10 = 00000000 R11 = 00000000
SP = 7FFAEF44 AP = 7FFAEF48 FP = 7FFAEF84
FREE_P0_VA 00001600 FREE_P1_VA 7FFAC600
Active ASTs 00 Enabled ASTs 0F
Current Privileges FFFFFF80 1010C100
Event Flags 00000000 E0000000
Buffered I/O count/limit 6/6
Direct I/O count/limit 6/6
File count/limit 27/30
Process count/limit 0/0
Timer queue count/limit 10/10
AST count/limit 6/6
Enqueue count/limit 30/30
Buffered I/O total 7 Direct I/O total 18
Link Date 27-DEC-2000 15:02:00.48 Patch Date 17-NOV-2000 00:01:53
ECO Level 0030008C 00540040 00000000 34303230
Kernel stack 00000000 pages at 00000000 moved to 00000000
Exec stack 00000000 pages at 00000000 moved to 00000000
Vector page 00000001 page at 7FFEFE00 moved to 00001600
PIO (RMS) area 00000005 pages at 7FFE1200 moved to 00001800
Image activator context 00000001 page at 7FFE3400 moved to 00002200
User writable context 0000000A pages at 7FFE1C00 moved to 00002400
Creating a subprocess
VAX DEBUG Version 5.4
DBG>
This example shows the output of the ANALYZE/PROCESS command when used
with the /FULL qualifier on a VAX system. The file specified, ZIPLIST,
contains the dump of a process that encountered a fatal error. The
DBG> prompt indicates that the debugger is ready to accept commands.
2 /RMS_FILE
Invokes the Analyze/RMS_File utility to inspect and analyze the
internal structure of an RMS file. The /RMS_FILE qualifier is
required. For a complete description of the Analyze/RMS_File
utility, including more information about the ANALYZE/RMS_FILE
command and its qualifiers, see the OpenVMS Record Management
Utilities Reference Manual.
ANALYZE/RMS_FILE filespec[,...]
3 Parameter
filespec[,...]
Specifies the data file to be analyzed. The default file type
is .DAT. You can use multiple file specifications and wildcard
characters with the /CHECK qualifier, the /RU_JOURNAL qualifier,
the /STATISTICS qualifier, and the /SUMMARY qualifier, but not
with the /FDL qualifier or the /INTERACTIVE qualifier.
3 Qualifiers
/CHECK
Checks the integrity of the file and generates a report of any
errors in its structure. The report produced by the /CHECK
qualifier includes a list of any errors and a summary of the
file's structure. If you do not specify an output file, the
report is written to the current SYS$OUTPUT device, which is
generally your terminal. You can use wildcards and multiple file
specifications. If you specify /NOOUTPUT, you only get a message
indicating whether the file has errors.
The check function is active by default when you use the ANALYZE
/RMS_FILE command without any qualifiers. The /CHECK qualifier
is not compatible with the /FDL qualifier, the /INTERACTIVE
qualifier, the /STATISTICS qualifier, or the /SUMMARY qualifier.
/FDL
Generates an FDL file describing the RMS data file being
analyzed. By default, the /FDL qualifier creates a file with the
file type .FDL and the same file name as the input data file. To
assign a different type or name to the FDL file, use the /OUTPUT
qualifier. If the data file is corrupted, the FDL file contains
the Analyze/RMS_File utility error messages.
For indexed files, the FDL file contains special analysis
sections you can use with the EDIT/FDL Optimize script to make
better design decisions when you reorganize the file.
You cannot use wildcards or multiple file specifications with
the /FDL qualifier. The /FDL qualifier is not compatible with the
/CHECK qualifier, the /INTERACTIVE qualifier, the /STATISTICS
qualifier, the /SUMMARY qualifier, or the /UPDATE_HEADER
qualifier.
/INTERACTIVE
Begins an interactive examination of the file's structure. You
cannot use wildcards or multiple file specifications. For help
with the interactive commands, enter the HELP command at the
ANALYZE> prompt.
Do not use this qualifier with the /CHECK, /FDL, /STATISTICS,
/SUMMARY, or /UPDATE_HEADER qualifiers.
/OUTPUT
/OUTPUT=filesspec
/NOOUTPUT
Identifies the destination file for the results of the analysis.
The /NOOUTPUT qualifier specifies that no output file is to be
created. In all cases, the Analyze/RMS_File utility displays a
message indicating whether the data file has errors.
/CHECK Places the integrity report in the output file.
The default file type is .ANL, and the default
file name is ANALYZE. If you omit the output-
filespec parameter, output is written to the
current SYS$OUTPUT device, which is generally
your terminal.
/FDL Places the resulting FDL specification in the
output file. The default file type is .FDL, and
the default file name is that of the input file.
/INTERACTIVE Places a transcript of the interactive session in
the output file. The default file type is .ANL,
and the default file name is ANALYZE. If you omit
the output-filespec parameter, no transcript of
your interactive session is produced.
/RU_JOURNAL Places the recovery-unit journal information in
the output file. The default file type is .ANL,
and the default file name is ANALYZE. If you
omit the output-filespec parameter, output is
written to the current SYS$OUTPUT device, which
is generally your terminal.
/STATISTICS Places the statistics report in the output file.
The default file type is .ANL, and the default
file name is ANALYZE. If you omit the output-
filespec parameter, output is written to the
current SYS$OUTPUT device, which is generally
your terminal.
/SUMMARY Places the summary report in the output file.
The default file type is .ANL, and the default
file name is ANALYZE. If you omit the output-
filespec parameter, output is written to the
current SYS$OUTPUT device, which is generally
your terminal.
/RU_JOURNAL
Provides information about recovery-unit journaling where
applicable. You can use the /RU_JOURNAL qualifier on any file,
but it is inoperative on files not marked for recovery-unit
journaling.
This qualifier provides the only way of accessing a file that
would otherwise be inaccessible because of unresolved recovery
units. This situation might be the result of an unavailable
recovery-unit journal file or of unavailable data files that
were included in the recovery unit.
To use the /RU_JOURNAL qualifier, your process must have both
CMEXEC privilege and access to the [SYSJNL] directory (either
SYSPRV privilege or access for UIC [1,4]).
This qualifier is compatible with all of the ANALYZE/RMS_FILE
qualifiers, and you can use it with wildcards and multiple file
specifications.
When you specify the /RU_JOURNAL qualifier, the Analyze/RMS_File
utility provides you with the following data for each active
recovery unit:
o The journal file specification and the journal creation date
o The recovery-unit identification, recovery-unit start time,
cluster system identification number (CSID), and process
identification (PID)
o Information about the files involved in the recovery unit,
including the file specification, the name of the volume where
the file resides, the file identification, the date and time
the file was created, and the current status of the file
o The state of the recovery unit - active, none, started,
committed, or not available (for more information, see the
RMS Journaling for OpenVMS Manual)
o An error statement
/STATISTICS
Specifies that a report is to be produced containing statistics
about the file. The /STATISTICS qualifier is used mainly on
indexed files.
By default, if you do not specify an output file with the /OUTPUT
qualifier, the statistics report is written to the current
SYS$OUTPUT device, which is generally your terminal.
The /STATISTICS qualifier is not compatible with the /CHECK
qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, or
the /SUMMARY qualifier.
/SUMMARY
Specifies that a summary report is to be produced containing
information about the file's structure and use. The /SUMMARY
qualifier generates a summary report containing information about
the file's structure and use.
If the file has no errors, the output generated from the /SUMMARY
qualifier is identical to that produced by the /CHECK qualifier.
Unlike the /CHECK qualifier, however, the /SUMMARY qualifier does
not check the structure of your file, so output is generated more
quickly.
Do not use this qualifier with the /CHECK qualifier, the /FDL
qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier,
or the /UPDATE_HEADER qualifier.
/UPDATE_HEADER
Attempts to update the following attributes in the header of
the file: longest record length (LRL) and/or file length hint
attribute.
You must use this qualifier in combination with either
/STATISTICS or /CHECK (the default).
This qualifier only applies to sequential file organizations and
is ignored for any other file organization. The /UPDATE_HEADER
qualifier attempts to update the LRL and/or file hint attribute
in the file header if the calculated value(s) differ from the
current value(s) in the file header. The /UPDATE_HEADER qualifier
applies to:
o An LRL request - if the file is sequential and has a record
format other than undefined (UDF).
o A HINT request - if the file is sequential, the record format
is either variable (VAR) or variable with fixed control (VFC),
and the file is located on an ODS-5 disk device.
It is not supported for remote accesses; requests are ignored.
The /UPDATE_HEADER qualifier requires either the STATISTICS or
CHECK (default) functions since calculating new values for the
LRL and/or file length hint presumes that all the records in the
sequential file are processed. It is not compatible with the /FDL
qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier.
Any errors returned by the file system when an attempt to update
the file header fails are ignored. If the update succeeds, the
updated values are displayed at the end of the report.
3 EXAMPLES
1.$ ANALYZE/RMS_FILE/CHECK CUSTFILE
This command checks the file CUSTFILE.DAT for errors and displays
the report on the terminal.
2.$ ANALYZE/RMS_FILE/FDL ADDRFILE
This command generates an FDL file named ADDRFILE.FDL from the
data file ADDRFILE.DAT.
3.$ ANALYZE/RMS_FILE DENVER::DB1:[PROD]RUN.DAT
This command analyzes the structure of the file RUN.DAT residing
at remote node DENVER.
4.$ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A
FILE HEADER
File Spec: DISK$REGRES:[REGRES]A.A;3
...
RMS FILE ATTRIBUTES
File Organization: sequential
Record Format: variable
Record Attributes: carriage-return
Maximum Record Size: 0
Longest Record: 52
Blocks Allocated: 4, Default Extend Size: 0
End-of-File VBN: 1, Offset: %X'008E'
File Monitoring: disabled
File Length Hint (Record Count): 6 (invalid)
File Length Hint (Data Byte Count): 42 (invalid)
Global Buffer Count: 0
The analysis uncovered NO errors.
UPDATED File Length Hint (Record Count) to: 10
UPDATED File Length Hint (Data Byte Count) to: 118
ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A
2 /SYSTEM
Invokes the System Dump Analyzer (SDA) utility to analyze a running
system.
On Alpha systems, you cannot specify the /CRASH_DUMP, /OVERRIDE, or
/RELEASE qualifier when you use the /SYSTEM qualifier with the
ANALYZE command.
On VAX systems, you cannot specify the /CRASH_DUMP or /RELEASE
qualifier when you use the /SYSTEM qualifier with the ANALYZE
command.
For a complete description of SDA, including more information about
the ANALYZE/SYSTEM command and its qualifiers, see the OpenVMS Alpha
System Dump Analyzer Utility Manual and the OpenVMS VAX System Dump
Analyzer Utility Manual.
Caution
Although the analysis of a running system might be instructive,
be aware that system context, process context, and a processor's
hardware context remain fluid during any given display. In a
multiprocessing environment, a process running SDA might be
rescheduled to a different processor frequently during analysis.
Therefore, Compaq recommends that you do not examine the hardware
state using addresses that are not mapped to physical memory
locations.
Also, when using SDA to analyze a running system, use caution in
interpreting its displays. Because system states change frequently,
it is possible that the information SDA displays might be inconsistent
with the actual, volatile state of the system at any given moment.
Format
ANALYZE/SYSTEM
3 Example
$ ANALYZE/SYSTEM
This command invokes SDA to analyze the running system.
3 /SYMBOL
Specifies an alternate system symbol table for SDA to use.
Format
ANALYZE/SYSTEM/SYMBOL=system-symbol-table
system-symbol-table
On Alpha systems, file specification of the OpenVMS Alpha SDA
system symbol table required by SDA to analyze a system dump.
The specified system-symbol-table must contain those symbols
required by SDA to find certain locations in the executive image.
On Alpha systems, if you do not specify the /SYMBOL qualifier,
SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols
into the SDA symbol table. When you specify the /SYMBOL qualifier,
SDA assumes the default disk and directory to be SYS$DISK and
[default-dir]; that is, the disk and directory specified in your
last SET DEFAULT command. If no device and directory are given
in the file name and the file is not found in the current default
directory, SDA attempts to open the file SDA$READ_DIR:filename.type.
If no type has been given in the file name, SDA assumes .EXE. If
you specify a file for this parameter that is not a system symbol
table, SDA halts with a fatal error.
On VAX systems, file specification of the SDA system symbol
table required by SDA to analyze a system dump. The specified
system-symbol-table must contain those symbols required by SDA
to find certain locations in the executive image.
On VAX systems, if you do not specify the /SYMBOL qualifier, SDA
uses SYS$SYSTEM:SYS.STB by default. When you do specify the
/SYMBOL qualifier, SDA assumes the default disk and directory to be
SYS$DISK; that is, the disk and directory specified in your last
SET DEFAULT command. If you specify a file for this parameter that
is not a system symbol table, SDA halts with a fatal error.
4 Description
On Alpha systems, the /SYMBOL qualifier allows you to specify a
system symbol table other than SDA$READ_DIR:SYS$BASE_IMAGE.EXE to
load into the SDA symbol table. You can use the /SYMBOL qualifier
whether you are analyzing a system dump or a running system.
On Alpha systems, the /SYMBOL qualifier can be used with the
/CRASH_DUMP and /SYSTEM qualifiers. It is ignored when
/OVERRIDE or /RELEASE is specified.
On VAX systems, the /SYMBOL qualifier allows you to specify a
system symbol table other than SYS$SYSTEM:SYS.STB to load into
the SDA symbol table. This might be necessary, for instance, to
analyze a crash dump taken on a processor running a different
version of OpenVMS.
On VAX systems, you can use the /SYMBOL qualifier whether you are
analyzing a system dump or a running system.
4 Examples
On Alpha systems:
$ ANALYZE/SYSTEM/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM
This command invokes SDA to analyze the running system, using
the base image in SDA$READ_DIR.
On VAX systems:
$ ANALYZE/SYSTEM/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM
This command invokes SDA to analyze the running system, using
the system symbol table at SYS$CRASH:SYS.STB.