1 ANALYZE The ANALYZE commands invoke utilities to examine various components of an OpenVMS system. They perform the following functions: o Invoke the Audit Analysis Utility to extract selective information from the system security audit journal (see /AUDIT). o Invoke the System Dump Analyzer (SDA) to examine the specified dump file (see /CRASH_DUMP). o Invoke the Analyze/Disk_Structure Utility to examine disk volumes (see /DISK_STRUCTURE). o Invoke the Errorlog Report Formatter to selectively report the contents of an error log file (see /ERROR_LOG). o Describe the contents of an image file or shareable image file (see /IMAGE). o Invoke the Bad Utility to find disk blocks that cannot be used to store data (see /MEDIA). o Describe the contents of an object file (see /OBJECT). o Invoke the OpenVMS Debugger for analysis of a process dump file (see /PROCESS_DUMP). o Analyze the internal structure of an RMS file (see /RMS_FILE). o Invoke the SDA to examine the running system (see /SYSTEM). The default analyze function is to examine object modules (ANALYZE/OBJECT). 2 /AUDIT The Audit Analysis utility (ANALYZE/AUDIT) processes event messages in security audit log files to produce reports of security-related events on the system. Format ANALYZE/AUDIT [file-spec[,...]] file-spec[,...] Specifies one or more security audit log files as input to ANALYZE/AUDIT. If you specify more than one file name, separate the names with commas. If you omit the file-spec parameter, the utility searches for the default audit log file SECURITY.AUDIT$JOURNAL. The default audit log file is created in the SYS$COMMON:[SYSMGR] directory. To use the file, specify SYS$MANAGER on the ANALYZE /AUDIT command line. If you do not specify a directory, the utility searches for the file in the current directory. You can include wildcard characters, such as the asterisk (*) or percent sign (%), in the file specification. The audit log file can be located in any directory. To display the current location, use the DCL command SHOW AUDIT/ALL. 3 Qualifiers Qualifier Description /BEFORE Controls whether records dated earlier than the specified time are selected /BINARY Controls whether output is a binary file /BRIEF Controls whether a brief, single-line record format is used in ASCII displays /EVENT_TYPE Selects the classes of events to be extracted from the security log file /FULL Controls whether a full format is used in ASCII displays /IGNORE Excludes records from the report that match the specified criteria /INTERACTIVE Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked /OUTPUT Specifies where to direct output from ANALYZE /AUDIT /PAUSE Specifies the length of time each record is displayed in a full format display /SELECT Specifies the criteria for selecting records /SINCE Indicates that the utility must operate on records dated with the specified time or after the specified time /SUMMARY Specifies that a summary of the selected records be produced after all records are processed 3 /BEFORE Controls whether records dated earlier than the specified time are selected. Format /BEFORE[=time] /NOBEFORE time Specifies the time used to select records. Records dated earlier than the specified time are selected. You can specify an absolute time, delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual. 4 Examples 1.$ ANALYZE/AUDIT /BEFORE=25-NOV-2000 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records dated earlier than November 25, 2000. 2.$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records generated between noon and 2 P.M. today. 3 /BINARY Controls whether output is a binary file. Format /BINARY /NOBINARY 4 Example $ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25DEC00.AUDIT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all audit records generated today and writes the records in binary format to 25DEC00.AUDIT. 3 /BRIEF Controls whether a brief, single-line record format is used in ASCII displays. Format /BRIEF (default) 4 Example $ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example produces an ASCII file in brief format by default. The report is written to the AUDIT.LIS file. 3 /EVENT_TYPE Selects the classes of events to be extracted from the security log file. If you omit the qualifier or specify the ALL keyword, the utility includes all enabled event classes in the report. Format /EVENT_TYPE=(event-type[,...]) event type[,...] Specifies the classes of events used to select records. You can specify any of the following event types: [NO]ACCESS Access to an object, such as a file [NO]ALL All event types [NO]AUDIT Use of the SET AUDIT command [NO]AUTHORIZATION Change to the authorization database (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT) [NO]BREAKIN Break-in detection [NO]CONNECTION Establishment of a network connection through the System Management utility (SYSMAN), DECwindows, or interprocess communication (IPC) software or DECnet Phase IV (VAX only) [NO]CREATE Creation of an object [NO]DEACCESS Completion of access to an object [NO]DELETE Deletion of an object [NO]INSTALL Modification of the known file list with the Install utility (INSTALL) [NO]LOGFAIL Unsuccessful login attempt [NO]LOGIN Successful login [NO]LOGOUT Successful logout [NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT [NO]NCP Modification of the DECnet network configuration databases [NO]NETPROXY Modification of the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT) [NO]PRIVILEGE Privilege auditing [NO]PROCESS Use of one or more of the process control system services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID, $GETJPI, $FORCEX, $SETPRI [NO]RIGHTSDB Modification of the rights database (RIGHTSLIST.DAT) [NO]SYSGEN Modification of system parameters through the System Generation utility (SYSGEN) or AUTOGEN [NO]SYSUAF Modification of the system user authorization file (SYSUAF.DAT) [NO]TIME Change in system or cluster time Specifying the negated form of an event class (for example, NOLOGFAIL) excludes the specified event class from the audit report. 4 Examples 1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example extracts all records of unsuccessful login attempts, which match the LOGFAIL class, and compiles a brief report. 2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example builds a report in brief format of all audit records except those in the LOGIN and LOGOUT event classes. 3 /FULL Controls whether a full format is used in ASCII displays. If you specify /NOFULL or omit the qualifier, records are displayed in the brief format. Format /FULL /NOFULL (default) 4 Example $ ANALYZE/AUDIT /FULL SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example displays the full contents of each selected record. 3 /IGNORE Excludes records from the report that match the specified criteria. Format /IGNORE=criteria[,...] criteria[,...] Specifies that all records are selected except those matching any of the specified exclusion criteria. See the /SELECT qualifier description for a list of the possible criteria to use with the /IGNORE qualifier. 3 /INTERACTIVE Controls whether interactive command mode is enabled when ANALYZE /AUDIT is invoked. Format /INTERACTIVE (default) /NOINTERACTIVE 4 Examples 1.$ ANALYZE/AUDIT/FULL SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example produces a full format display of the selected records. New records are displayed every 3 seconds. (See the /PAUSE qualifier description to find how to modify the duration of each record display.) Press Ctrl/C to interrupt the display and to enter interactive commands. 2.$ ANALYZE/AUDIT/FULL/NOINTERACTIVE - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example invokes the utility in noninteractive mode. It displays the first record selected and prompts you to press Return to display each additional selected record. Control returns to the DCL command level when all selected records have been displayed. 3 /OUTPUT Specifies where to direct output from ANALYZE/AUDIT. If you omit the qualifier, the report is sent to SYS$OUTPUT. Format /OUTPUT[=file-spec] /NOOUTPUT file-spec[,...] Specifies the name of the file that is to contain the selected records. If you omit the device and directory specification, the utility uses the current device and directory specification. If you omit the file name and type, the default file name AUDIT.LIS is used. If the output is binary (/BINARY) and you omit the /OUTPUT qualifier, the binary information is written to the file AUDIT.AUDIT$JOURNAL. 4 Example $ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects audit records from the system audit log file and writes them to the binary file BIN122588.DAT. 3 /PAUSE Specifies the length of time each record is displayed in a full- format display. Format /PAUSE=seconds seconds Specifies the duration (in seconds) of the full-screen display. A value of 0 specifies that the system should not pause before displaying the next record. By default, the utility displays a record for 3 seconds. 4 Example $ ANALYZE/AUDIT /FULL/PAUSE=1 SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example displays a selected record in full format every second. You can interrupt the display and enter interactive commands at any time by pressing Ctrl/C. 3 /SELECT Specifies the criteria for selecting records from the audit log file. See the OpenVMS Guide to System Security for a description of how to generate audit records. Format /SELECT=criteria[,...] /NOSELECT criteria[,...] Specifies the criteria for selecting records. For each specified criterion, ANALYZE/AUDIT has two selection requirements: o The packet corresponding to the criterion must be present in the record. o One of the specified values must match the value in that packet. For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as the criteria, ANALYZE/AUDIT selects an event record containing the SYSTEM=DBASE packet and a USER packet with either the PUTNAM value or the WU value. If you omit the /SELECT qualifier, all event records selected through the /EVENT_TYPE qualifier are extracted from the audit log file and included in the report. You can specify any of the following criteria: 4 ACCESS ACCESS=(type,...) Specifies the type of object access upon which the selection is based. Access is object-specific and includes the following types: Associate Execute Read Control Lock Submit Create Logical Use Delete Manage Write Physical The OpenVMS Guide to System Security describes each of these types. 4 ACCOUNT ACCOUNT=(name,...) Specifies the account name upon which selection is based. You can use wildcards, such as an asterisk (*) or percent sign (%), to represent all or part of the name. 4 ALARM_NAME ALARM_NAME=(alarm-name,...) Specifies the alarm journal name on which selection is based. You can use wildcards to represent all or part of the alarm name. 4 ASSOCIATION_NAME ASSOCIATION_NAME=(IPC-name,...) Specifies the name of the interprocess communication (IPC) association. 4 AUDIT_NAME AUDIT_NAME=(journal-name,...) Specifies the audit journal name on which selection is based. You can use wildcards to represent all or part of the audit journal name. 4 COMMAND_LINE COMMAND_LINE=(command,...) Specifies the command line that the user entered. 4 CONNECTION_IDENTIFICATION CONNECTION_IDENTIFICATION=(IPC-name,...) Specifies the name for the interprocess communication (IPC) connection. 4 DECNET_LINK_IDENTIFICATION DECNET_LINK_IDENTIFICATION=(value,...) Specifies the number of the DECnet logical link. 4 DECNET_OBJECT_NAME DECNET_OBJECT_NAME=(object-name,...) Specifies the name of the DECnet object. 4 DECNET_OBJECT_NUMBER DECNET_OBJECT_NUMBER=(value,...) Specifies the number of the DECnet object. 4 DEFAULT_USERNAME DEFAULT_USERNAME=(username,...) Specifies the default local user name for incoming network proxy requests. 4 DEVICE_NAME DEVICE_NAME=(device-name,...) Specifies the name of a device in audit records that have a DEVICE_NAME packet. Note that this does not select the device name when it occurs in other packet types, such as in a file name or in the TARGET_DEVICE_NAME packet. 4 DIRECTORY_ENTRY DIRECTORY_ENTRY=(directory,...) Specifies the directory entry associated with file system operation. 4 DIRECTORY_NAME DIRECTORY_NAME=(directory,...) Specifies the name of the directory file. 4 DISMOUNT_FLAGS DISMOUNT_FLAGS=(flag-name,...) Identifies the names of the volume dismounting flags to be used in selecting records. Specify one or more of the following flag names: Abort, Cluster, Nounload, and Unit. 4 EVENT_CLUSTER_NAME EVENT_CLUSTER_NAME=(event-flag-cluster-name,...) Specifies the name of the event flag cluster. 4 FACILITY FACILITY=(facility-name,...) Specifies that only events audited by the named facility be selected. Provide a name or a number but, in either case, the facility has to be defined through the logical AUDSERV$FACILITY_NAME as a decimal number; the system uses the number 0. 4 FIELD_NAME FIELD_NAME=(field-name,...) Specifies the name of the field that was modified. ANALYZE /AUDIT uses the FIELD_NAME criterion with packets containing the original data and the new data (specified by the NEW_DATA criterion). 4 FILE_NAME FILE_NAME=(file-name) Specifies the name of the file that caused the audit. Describes audit records for the specified file by using a slightly different display format than is provided by the /OBJECT=NAME=object-name keyword. 4 FILE_IDENTIFICATION FILE_IDENTIFICATION=(identification-value) Specifies the value of the file's identification. To calculate the value, start with the value listed for File ID when you use the FILE_NAME keyword. For example, the display lists the File ID as: File ID: (3024,5,0) Use the following formula to calculate the value: ((0 * 65536) + 5 * 65536) + 3024 = 330704 4 FLAGS FLAGS=(flag-name,...) Identifies the names of the audit event flags associated with the audited event. These names should be used in selecting records. Specify one or more of the following flags: ACL, Alarm, Audit, Flush, Foreign, Internal, and Mandatory. 4 HOLDER HOLDER=keyword(,...) Specifies the characteristics of the identifier holder to be used when selecting event records. Choose from the following keywords: NAME=username Specifies the name of the holder. You can represent all or part of the name with a wildcard. OWNER=uic Specifies the user identification code (UIC) of the holder. 4 IDENTIFIER IDENTIFIER=keyword(,...) Identifies which attributes of an identifier should be used when selecting event records. Choose from the following keywords: ATTRIBUTES=name Specifies the name of the particular attribute. Valid attribute names are as follows: Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem. NAME=identifier Specifies the original name of the identifier. You can represent all or part of the name with a wildcard. NEW_NAME=identifier Specifies the new name of the identifier. You can represent all or part of the name with a wildcard. NEW_ATTRIBUTES=name Specifies the name of the new attribute. Valid attribute names are Dynamic, Holder_Hidden, Name_Hidden, NoAccess, Resource, and Subsystem. VALUE=value Specifies the original value of the identifier. NEW_VALUE=value Specifies the new value of the identifier. 4 IDENTIFIERS_MISSING IDENTIFIERS_MISSING=(identifier,...) Specifies the identifiers missing in a failure to access an object. 4 IDENTIFIERS_USED IDENTIFIERS_USED=(identifier,...) Specifies the identifiers used to gain access to an object. An event record matches if the specified list is a subset of the identifiers recorded in the event record. 4 IMAGE_NAME IMAGE_NAME=(image-name,...) Identifies the name of the image to be used when selecting event records. You can represent all or part of the image name with a wildcard. 4 INSTALL INSTALL=keyword(,...) Specifies that installation event packets are to be considered when selecting event records. Choose from the following keywords: FILE=filename Specifies the name of the installed file. You can represent all or part of the name with a wildcard. Note that on Alpha systems prior to Version 6.1 and on VAX systems prior to Version 6.0, audit log files record the installed file name within an object name packet. To select the installed file, you must use the expression OBJECT=(NAME=object-name) instead of FILE=filename. FLAGS=flag-name Specifies the names of the flags, which correspond to qualifiers of the Install utility (INSTALL); for example, OPEN corresponds to /OPEN. PRIVILEGES=privilege- Specifies the names of the privileges with name which the file was installed. 4 LNM_PARENT_NAME LNM_PARENT_NAME=(table-name,...) Specifies the name of the parent logical name table. 4 LNM_TABLE_NAME LNM_TABLE_NAME=(table-name,...) Specifies the name of the logical name table. 4 LOCAL LOCAL=(characteristic,...) Specifies the characteristics of the local (proxy) account to be used when selecting event records. The following characteristic is supported: USERNAME=username Specifies the name of the local account. You can represent all or part of the name with a wildcard. 4 LOGICAL_NAME LOGICAL_NAME=(logical-name,...) Specifies the logical name of the mounted (or dismounted) volume upon which selection is based. You can represent all or part of the logical name with a wildcard. 4 MAILBOX_UNIT MAILBOX_UNIT=(number,...) Specifies the number of the mailbox unit. 4 MOUNT_FLAGS MOUNT_FLAGS=(flag-name,...) Specifies the names of the volume mounting flags upon which selection is based. Possible flag names include the following: CACHE=(NONE,WRITETHROUGH) CDROM CLUSTER COMPACTION DATACHECK=(READ,WRITE) DSI FOREIGN GROUP INCLUDE INITIALIZATION=(ALLOCATE,CONTINUATION) MESSAGE NOASSIST NOAUTOMATIC NOCOMPACTION NOCOPY NOHDR3 NOJOURNAL NOLABEL NOMOUNT_VERIFICATION NOQUOTA NOREBUILD NOUNLOAD NOWRITE { ACCESSIBILITY } { EXPIRATION } { IDENTIFICATION } { } { LIMITED_SEARCH } OVERRIDE=(options[,...]) { LOCK } { NO_FORCED_ERROR } { } { OWNER_IDENTIFIER } { SECURITY } { SETID } { } QUOTA SHARE SUBSYSTEM SYSTEM TAPE_DATA_WRITE XAR The names NOLABEL and FOREIGN each point to the FOREIGN flag. The reason for this is that the MOUNT/NOLABEL and MOUNT/FOREIGN commands each set the FOREIGN flag. Therefore, if you used MOUNT /NOLABEL, and you use ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will display the FOREIGN flag. 4 NEW_DATA NEW_DATA=(value,...) Specifies the value to use after the event occurs. Use this criterion with the FIELD_NAME criterion. 4 NEW_IMAGE_NAME NEW_IMAGE_NAME=(image-name,...) Specifies the name of the image to be activated in the newly created process, as supplied to the $CREPRC system service. 4 NEW_OWNER NEW_OWNER=(uic,...) Specifies the user identification code (UIC) to be assigned to the created process, as supplied to the $CREPRC system service. 4 OBJECT OBJECT=keyword(,...) Specifies which characteristics of an object should be used when selecting event records. Choose any of the following keywords: CLASS=class-name Specifies the general object class as one of the following: Capability Device Event_cluster File Group_global_section Logical_name_table Queue Resource_domain Security_class System_global_section Volume You must enter the full class name (for example, CLASS=logical_name_table) or use wildcard characters to supply a portion of the class name (for example, CLASS=log*). NAME=object-name Specifies the name of the object. You can represent all or part of the name with a wildcard. If you do not use a wildcard, specify the full object name (for example, BOSTON$DUA0:[RWOODS]MEMO.MEM;1). OWNER=value Specifies the UIC or general identifier of the object. TYPE=type Specifies the general object class (type of object). The available classes are as follows: Capability Device File Group_global_section Logical_name_table Queue System_global_section The CLASS keyword supersedes the TYPE keyword. However, TYPE is required to select audit records in files created prior to OpenVMS Alpha Version 6.1 and OpenVMS VAX Version 6.0. 4 PARENT PARENT=keyword(,...) Specifies which characteristics of the parent process are used when selecting event records generated by a subprocess. Choose from the following keywords: IDENTIFICATION=value Specifies the process identifier (PID) of the parent process. NAME=process-name Specifies the name of the parent process. You can represent all or part of the name with a wildcard. OWNER=value Specifies the owner (identifier value) of the parent process. USERNAME=username Specifies the user name of the parent process. You can represent all or part of the name with a wildcard. 4 PASSWORD PASSWORD=(password,...) Specifies the password used when the system detected a break-in attempt. 4 PRIVILEGES_MISSING PRIVILEGES_MISSING=(privilege-name,...) Specifies privileges the caller needed to perform the operation successfully. Specify any of the system privileges, as described in the OpenVMS Guide to System Security. 4 PRIVILEGES_USED PRIVILEGES_USED=(privilege-name,...) Specifies the privileges of the process to be used when selecting event records. Specify any of the system privileges, as described in the OpenVMS Guide to System Security. Also include the STATUS keyword in the selection criteria so the report can demonstrate whether the privilege was involved in a successful or an unsuccessful operation. 4 PROCESS PROCESS=(characteristic,...) Specifies the characteristics of the process to be used when selecting event records. Choose from the following characteristics: IDENTIFICATION=value Specifies the PID of the process. NAME=process-name Specifies the name of the process. You can represent all or part of the name with a wildcard. 4 REMOTE REMOTE=keyword(,...) Specifies that some characteristic of the network request is to be used when selecting event records. Choose from the following keywords: ASSOCIATION_NAME=IPC-name Specifies the interprocess communication (IPC) association name. LINK_IDENTIFICATION=value Specifies the number of the DECnet logical link. IDENTIFICATION=value Specifies the DECnet node address. NODENAME=node-name Specifies the DECnet node name. You can represent all or part of the name with a wildcard. USERNAME=username Specifies the remote user name. You can represent all or part of the remote user name with a wildcard. 4 REQUEST_NUMBER REQUEST_NUMBER=(value,...) Specifies the request number associated with the DCL command REQUEST/REPLY. 4 SECTION_NAME SECTION_NAME=(global-section-name,...) Specifies the name of the global section. 4 STATUS STATUS=type(,...) Specifies the type of success status to be used when selecting event records. Choose from the following status types: SUCCESSFUL Specifies any success status. FAILURE Specifies any failure status. CODE=(value,...) Specifies a specific completion status. 4 SUBJECT_OWNER SUBJECT_OWNER=(uic,...) Specifies the owner (UIC) of the process causing the event. 4 SUBTYPE SUBTYPE=(subtype,...) Specifies that the criteria be limited to the value or values specified as a subtype. The following table lists events and their related subtypes. After SUBTYPE, enter the subtypes as they appear in the list; for example, SUBTYPE=ALARM_STATE. (In other words, do not enter a prefix.) Symbols for Event Types and Subtypes Meaning NSA$C_MSG_AUDIT Systemwide change to auditing ALARM_STATE Events enabled as alarms AUDIT_DISABLED Audit events disabled AUDIT_ENABLED Audit events enabled AUDIT_INITIATE Audit server startup AUDIT_LOG_FIRST First entry in audit log (backward link) AUDIT_LOG_FINAL Final entry in audit log (forward link) AUDIT_STATE Events enabled as audits AUDIT_TERMINATE Audit server shutdown NSA$C_MSG_BREAKIN Break-in attempt detected BATCH Batch process DETACHED Detached process DIALUP Dialup interactive process LOCAL Local interactive process NETWORK Network server task REMOTE Interactive process from another network node SUBPROCESS Subprocess NSA$C_MSG_CONNECTION Logical link connection or termination CNX_ABORT Connection aborted CNX_ACCEPT Connection accepted CNX_DECNET_CREATE DECnet logical link created CNX_DECNET_DELETE DECnet logical link disconnected CNX_DISCONNECT Connection disconnected CNX_INC_ABORT Incoming connection request aborted CNX_INC_ACCEPT Incoming connection request accepted CNX_INC_DISCONNECT Incoming connection disconnected CNX_INC_REJECT Incoming connection request rejected CNX_INC_REQUEST Incoming connection request CNX_IPC_CLOSE Interprocess communication association closed CNX_IPC_OPEN Interprocess communication association opened CNX_REJECT Connection rejected CNX_REQUEST Connection requested NSA$C_MSG_INSTALL Use of the Install utility (INSTALL) INSTALL_ADD Known image installed INSTALL_REMOVE Known image deleted NSA$C_MSG_LOGFAIL Login failure See subtypes for NSA$C_MSG_BREAKIN NSA$C_MSG_LOGIN Successful login See subtypes for NSA$C_MSG_BREAKIN NSA$C_MSG_LOGOUT Successful logout See subtypes for NSA$C_MSG_BREAKIN NSA$C_MSG_MOUNT Volume mount or dismount VOL_DISMOUNT Volume dismount VOL_MOUNT Volume mount NSA$C_MSG_NCP Modification to network configuration database NCP_COMMAND Network Control Program (NCP) command issued NSA$C_MSG_NETPROXY Modification to network proxy database NETPROXY_ADD Record added to network proxy authorization file NETPROXY_DELETE Record removed from network proxy authorization file NETPROXY_MODIFY Record modified in network proxy authorization file NSA$C_MSG_OBJ_ACCESS Object access attempted OBJ_ACCESS Access attempted to create, delete, or deaccess an object NSA$C_MSG_OBJ_CREATE Object creation attempted OBJ_CREATE Access attempted to create an object NSA$C_MSG_OBJ_DEACCESS Object deaccessed OBJ_DEACCESS Attempt to complete access to an object NSA$C_MSG_OBJ_DELETE Object deletion attempted OBJ_DELETE Object deletion attempted NSA$C_MSG_PROCESS Process controlled through a system service PRC_CANWAK Process wakeup canceled PRC_CREPRC Process created PRC_DELPRC Process deleted PRC_FORCEX Process exit forced PRC_GETJPI Process information gathered PRC_GRANTID Process identifier granted PRC_RESUME Process resumed PRC_REVOKID Process identifier revoked PRC_SCHDWK Process wakeup scheduled PRC_SETPRI Process priority altered PRC_SIGPRC Process exception issued PRC_SUSPND Process suspended PRC_TERM Process termination notification requested PRC_WAKE Process wakeup issued NSA$C_MSG_PRVAUD Use of privilege PRVAUD_FAILURE Unsuccessful use of privilege PRVAUD_SUCCESS Successful use of privilege NSA$C_MSG_RIGHTSDB Modification to the rights database RDB_ADD_ID Identifier added to rights database RDB_CREATE Rights database created RDB_GRANT_ID Identifier granted to user RDB_MOD_HOLDER List of identifier holders modified RDB_MOD_ID Identifier name or attributes modified RDB_REM_ID Identifier removed from rights database RDB_REVOKE_ID Identifier taken away from user NSA$C_MSG_SYSGEN Use of the System Generation utility (SYSGEN) SYSGEN_SET System parameter modified NSA$C_MSG_SYSTIME Modification to system time SYSTIM_SET System time set SYSTIM_CAL System time calibrated NSA$C_MSG_SYSUAF Modification to system user authorization file (SYSUAF) SYSUAF_ADD Record added to system user authorization file SYSUAF_COPY Record added to system user authorization file SYSUAF_DELETE Record deleted from system user authorization file SYSUAF_MODIFY Record modified in system user authorization file SYSUAF_RENAME Record renamed in system user authorization file 4 SYSTEM SYSTEM=keyword(,...) Specifies the characteristics of the system to be used when selecting event records. Choose from the following keywords: IDENTIFICATION=value Specifies the numeric identification of the system. NAME=nodename Specifies the node name of the system. 4 SYSTEM_SERVICE_NAME SYSTEM_SERVICE_NAME=(service-name,...) Specifies the name of the system service associated with the event. 4 TARGET_DEVICE_NAME TARGET_DEVICE_NAME=(device-name,...) Specifies the target device name used by a process control system service. 4 TARGET_PROCESS_IDENTIFICATION TARGET_PROCESS_IDENTIFICATION=(value,...) Specifies the target process identifier (PID) used by a process control system service. 4 TARGET_PROCESS_NAME TARGET_PROCESS_NAME=(process-name,...) Specifies the target process name used by a process control system service. 4 TARGET_PROCESS_OWNER TARGET_PROCESS_OWNER=(uic,...) Specifies the target process owner (UIC) used by a process control system service. 4 TARGET_USERNAME TARGET_USERNAME=(username,...) Specifies the target user name used by a process control system service. 4 TERMINAL TERMINAL=(device-name,...) Specifies the name of the terminal to be used when selecting event records. You can represent all or part of the terminal name with a wildcard. 4 TRANSPORT_NAME TRANSPORT_NAME=(transport-name,...) Specifies the name of the transport: interprocess communication (IPC) or System Management Integrator (SMI), which handles requests from the System Management utility. On VAX systems, it also can specify the DECnet transport name (NSP). 4 USERNAME USERNAME=(username,...) Specifies the user name to be used when selecting event records. You can represent all or part of the user name with a wildcard. 4 VOLUME_NAME VOLUME_NAME=(volume-name,...) Specifies the name of the mounted (or dismounted) volume to be used when selecting event records. You can represent all or part of the volume name with a wildcard. 4 VOLUME_SET_NAME VOLUME_SET_NAME=(volume-set-name,...) Specifies the name of the mounted (or dismounted) volume set to be used when selecting event records. You can represent all or part of the volume set name with a wildcard. 4 Examples 1.$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records written to the security audit log file that were generated by user JOHNSON. 2.$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,- _$ BYPASS) SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records written to the security audit log file that were generated by events through the use of either SYSPRV or BYPASS privilege. 3 /SINCE Indicates the utility must operate on records dated with the specified time or after the specified time. Format /SINCE[=time] /NOSINCE time Specifies the time used to select records. Records dated the same or later than the specified time are selected. You can specify an absolute time, a delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual. If you specify /SINCE without the time, the utility uses the beginning of the current day. 4 Examples 1.$ ANALYZE/AUDIT /SINCE=25-NOV-2000 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects records dated later than November 25, 2000. 2.$ ANALYZE/AUDIT /SINCE=25-NOV-2000:15:00 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects records written after 3 P.M. on November 25, 2000. 3 /SUMMARY Specifies that a summary of the selected records be produced after all records are processed. You can use the /SUMMARY qualifier alone or in combination with the /BRIEF, the /BINARY, or the /FULL qualifier. Format /SUMMARY=presentation /NOSUMMARY presentation Specifies the presentation of the summary. If you do not specify a presentation criterion, ANALYZE/AUDIT summarizes the number of audits. You can specify either of the following presentations: COUNT Lists the total number of audit messages for each class of security event that have been extracted from the security audit log file. This is the default. PLOT Displays a plot showing the class of the audit event, the time of day when the audit was generated, and the name of the system where the audit was generated. 4 Examples 1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example generates a summary report of all records processed. Total records read: 9701 Records selected: 9701 Record buffer size: 1031 Successful logins: 542 Object creates: 1278 Successful logouts: 531 Object accesses: 3761 Login failures: 35 Object deaccesses: 2901 Breakin attempts: 2 Object deletes: 301 System UAF changes: 10 Volume (dis)mounts: 50 Rights db changes: 8 System time changes: 0 Netproxy changes: 5 Server messages: 0 Audit changes: 7 Connections: 0 Installed db changes: 50 Process control audits: 0 Sysgen changes: 9 Privilege audits: 91 NCP command lines: 120 2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example generates a full format listing of all logged audit messages that match the break-in or log failure event classes. A summary report is included at the end of the listing. 3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL This command generates a histogram that you can display on a character-cell terminal. 2 /CRASH_DUMP Invokes the System Dump Analyzer (SDA) utility to analyze a specified dump file. You can use SDA to help determine the causes of system failures. This utility is also useful for examining the running system by using the DCL command ANALYZE/SYSTEM. On Alpha systems, the format is as follows: Format ANALYZE {/CRASH_DUMP [/RELEASE][/OVERRIDE] filespec | /SYSTEM} [/SYMBOL=system-symbol-table] On VAX systems, the format is as follows: Format ANALYZE {/CRASH_DUMP [/RELEASE] filespec | /SYSTEM} [/SYMBOL=system-symbol-table] filespec Name of the crash dump file to be analyzed. The default file specification is: SYS$DISK:[default-dir]SYSDUMP.DMP SYS$DISK and [default-dir] represent the disk and directory specified in your last SET DEFAULT command. If you do not specify filespec, SDA prompts you for it. You cannot specify the /SYSTEM qualifier when you include the /CRASH_DUMP qualifier in the ANALYZE command. 3 /OVERRIDE On Alpha systems, when used with the /CRASH_DUMP qualifier, invokes SDA to analyze the specified dump file if a corruption or other problem prevents normal invocation of SDA with an ANALYZE/CRASH_DUMP command. Format ANALYZE/CRASH_DUMP/OVERRIDE filespec filespec Name of the crash dump file to be analyzed. The default file specification is: SYS$DISK:[default-dir]SYSDUMP.DMP SYS$DISK and [default-dir] represent the disk and directory specified in your last SET DEFAULT command. If you do not specify filespec, SDA prompts you for it. 4 Description Commands that can be used when SDA is invoked with /OVERRIDE are as follows: o Output control commands such as SET OUTPUT and SET LOG o Dump file related commands such as SHOW DUMP and CLUE ERRLOG Commands that cannot be used are as follows: o Commands that access memory addresses within the dump file such as EXAMINE and SHOW SUMMARY o You cannot specify the /RELEASE qualifier when you include the /OVERRIDE qualifier in the ANALYZE/CRASH_DUMP command. 4 Examples $ ANALYZE/CRASH_DUMP/OVERRIDE SYS$SYSTEM:SYSDUMP.DMP $ ANALYZE/CRASH SYS$SYSTEM These commands invoke SDA to analyze the crash dump stored in SYS$SYSTEM:SYSDUMP.DMP. 3 /RELEASE Invokes SDA to release those blocks in the specified system paging file occupied by a crash dump. Format ANALYZE/CRASH_DUMP/RELEASE filespec filespec Name of the system paging file (SYS$SYSTEM:PAGEFILE.SYS). The default file specification is: SYS$DISK:[default-dir]SYSDUMP.DMP Because the default file specification is SYS$DISK and [default-dir] you must identify the page file explicitly. SYS$DISK and [default-dir] represent the disk and directory specified in your last DCL command SET DEFAULT. If you do not specify filespec, SDA prompts you for it. 4 Description Use the /RELEASE qualifier to release from the system paging file those blocks occupied by a crash dump. Be aware that when you use the /RELEASE qualifier, SDA immediately deletes the dump from the paging file and allows you no opportunity to analyze its contents. When you specify the /RELEASE qualifier in the ANALYZE command, do the following: 1. Use the /CRASH_DUMP qualifier. 2. Include the name of the system paging file (SYS$SYSTEM:PAGEFILE.SYS) as the filespec. If you do not specify the system paging file or the specified paging file does not contain a dump, SDA displays one of the following messages: %SDA-E-BLKSNRLSD, no dump blocks in page file to release, or no page file %SDA-E-NOTPAGFIL, specified file is not the page file 4 Examples $ ANALYZE/CRASH_DUMP/RELEASE SYS$SYSTEM:PAGEFILE.SYS $ ANALYZE/CRASH/RELEASE PAGEFILE.SYS These commands invoke SDA to release to the page file those blocks in SYS$SYSTEM:PAGEFILE.SYS occupied by a crash dump. 3 /SYMBOL Specifies an alternate system symbol table for SDA to use. Format ANALYZE/CRASH_DUMP/SYMBOL=system-symbol-table system-symbol-table On Alpha systems, file specification of the OpenVMS Alpha SDA system symbol table required by SDA to analyze a system dump. The specified system-symbol-table must contain those symbols required by SDA to find certain locations in the executive image. On Alpha systems, if you do not specify the /SYMBOL qualifier, SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the SDA symbol table. When you specify the /SYMBOL qualifier, SDA assumes the default disk and directory to be SYS$DISK and [default-dir]; that is, the disk and directory specified in your last SET DEFAULT command. If no device and directory are given in the file name and the file is not found in the current default directory, SDA attempts to open the file SDA$READ_DIR:filename.type. If no type has been given in the file name, SDA assumes .EXE. If you specify a file for this parameter that is not a system symbol table, SDA halts with a fatal error. On VAX systems, file specification of the SDA system symbol table required by SDA to analyze a system dump. The specified system-symbol-table must contain those symbols required by SDA to find certain locations in the executive image. On VAX systems, if you do not specify the /SYMBOL qualifier, SDA uses SYS$SYSTEM:SYS.STB by default. When you do specify the /SYMBOL qualifier, SDA assumes the default disk and directory to be SYS$DISK; that is, the disk and directory specified in your last SET DEFAULT command. If you specify a file for this parameter that is not a system symbol table, SDA halts with a fatal error. 4 Description On Alpha systems, the /SYMBOL qualifier allows you to specify a system symbol table other than SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load into the SDA symbol table. You can use the /SYMBOL qualifier whether you are analyzing a system dump or a running system. On Alpha systems, the /SYMBOL qualifier can be used with the /CRASH_DUMP and /SYSTEM qualifiers. It is ignored when /OVERRIDE or /RELEASE is specified. On VAX systems, the /SYMBOL qualifier allows you to specify a system symbol table other than SYS$SYSTEM:SYS.STB to load into the SDA symbol table. This might be necessary, for instance, to analyze a crash dump taken on a processor running a different version of OpenVMS. On VAX systems, you can use the /SYMBOL qualifier whether you are analyzing a system dump or a running system. 4 Examples On Alpha systems: $ ANALYZE/CRASH_DUMP/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM This command invokes SDA to analyze the crash dump stored in SYS$SYSTEM:SYSDUMP.DMP, using the base image in SDA$READ_DIR. On VAX systems: $ ANALYZE/CRASH_DUMP/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM This command invokes SDA to analyze the crash dump stored in SYS$SYSTEM:SYSDUMP.DMP, using the system symbol table at SYS$CRASH:SYS.STB. 3 Examples On Alpha systems: $ ANALYZE/CRASH_DUMP SYS$SYSTEM:SYSDUMP.DMP $ ANALYZE/CRASH SYS$SYSTEM These commands invoke SDA to analyze the crash dump stored in SYS$SYSTEM:SYSDUMP.DMP On VAX systems: $ ANALYZE/CRASH_DUMP SYS$SYSTEM:CRASHDUMP.DMP. This command invokes SDA to analyze the crash dump stored in SYS$SYSTEM:CRASHDUMP.DMP On Alpha and VAX systems: $ ANALYZE/CRASH SYS$SYSTEM:PAGEFILE.SYS This command invokes SDA to analyze a crash dump stored in the system page file. 2 /DISK_STRUCTURE The Analyze/Disk_Structure utility checks the readability and validity of Files-11 Structure Level 1 and Structure Level 2 disk volumes, and reports errors and inconsistencies. You can detect most classes of errors by invoking the utility once and using its defaults. Format ANALYZE/DISK_STRUCTURE device-name:[/qualifier] device-name Specifies the disk volume or volume set to be verified. If you specify a volume set, all volumes of the volume set must be mounted as Files-11 volumes. For information on the Mount utility, refer to the OpenVMS System Management Utilities Reference Manual. 3 Qualifiers Qualifier Description /CONFIRM Determines whether ANALYZE/DISK_STRUCTURE prompts you to confirm each repair /HOMEBLOCKS Erases damaged home blocks on an initialized volume. /LIST[=filespec] Determines whether ANALYZE/DISK_STRUCTURE produces a listing of the index file /OUTPUT[=filespec] Specifies the output file to which ANALYZE /DISK_STRUCTURE writes the disk structure errors /READ_CHECK Determines whether ANALYZE/DISK_STRUCTURE performs a read check of all allocated blocks on the specified disk /RECORD_ATTRIBUTES Determines whether ANALYZE/DISK_STRUCTURE repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT) /REPAIR Determines whether ANALYZE/DISK_STRUCTURE repairs errors that are detected in the file structure of the specified device /USAGE[=filespec] Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of ANALYZE/DISK_STRUCTURE 3 /CONFIRM Determines whether the Analyze/Disk_Structure utility prompts you to confirm each repair. If you respond with Y or YES, the utility performs the repair. Otherwise, the repair is not performed. Format /CONFIRM /NOCONFIRM 3 /HOMEBLOCKS Erases home blocks from a volume whose home blocks were not deleted during previous initialization operations. Format /HOMEBLOCKS 3 /LIST Determines whether the Analyze/Disk_Structure utility produces a listing of the index file. Format /LIST[=filespec] /NOLIST 3 /OUTPUT Specifies the output file to which the Analyze/Disk_Structure utility is to write the disk structure errors. Format /OUTPUT[=filespec] /[NO]OUTPUT[=filespec] 3 /READ_CHECK Determines whether the Analyze/Disk_Structure utility performs a read check of all allocated blocks on the specified disk. When the Analyze/Disk_Structure utility performs a read check, it reads the disk twice; this ensures that it reads the disk correctly. The default is /NOREAD_CHECK. Format /READ_CHECK /NOREAD_CHECK 3 /RECORD_ATTRIBUTES Determines whether the Analyze/Disk_Structure utility repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT). Format /RECORD_ATTRIBUTES 3 /REPAIR Determines whether the Analyze/Disk_Structure utility repairs errors that are detected in the file structure of the specified device. Format /REPAIR /NOREPAIR 3 /STATISTICS Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per- volume statistics. Format /STATISTICS 3 /USAGE Specifies that a disk usage accounting file should be produced in addition to the other specified functions of the Analyze/Disk_ Structure utility. Format /USAGE[=filespec] 2 /ERROR_LOG The Error Log utility (ERROR LOG) selectively reports the contents of an error log file. Starting with OpenVMS Version 7.2, before using the Error Log utility, you need to translate error log files using the Binary Error Log Translation utility, which is part of DECevent. For more information, refer to DECevent documentation, which is included in the DECevent kit. Format ANALYZE/ERROR_LOG [/qualifier(s)] [file-spec[,...]] 3 Qualifiers /BEFORE /BEFORE[=date-time] Specifies that only those entries dated earlier than the stated date and time are to be selected for the error report. If you do not specify a date or time, all entries are processed. /BINARY /BINARY[=file-spec] /NOBINARY Controls whether the binary error log records are converted to ASCII text or copied to the specified output file. Do not use /BINARY with the /FULL, /BRIEF, /OUTPUT, or /REGISTER_ DUMP qualifiers. These qualifiers generate an ASCII report; /BINARY generates a binary file. /BRIEF Generates a brief report. Do not use /BRIEF with the /BINARY qualifier. /ENTRY /ENTRY[=(START:decimal-value[,END:decimal-value])] Generates an error log report that includes the specified entry range or starts at the specified entry number. If you specify /ENTRY without the entry range or omit the qualifier, the entry range defaults to START:1,END:end-of-file. /EXCLUDE /EXCLUDE= { device-class } ( { device-name } [,...]) { entry-type } { } Excludes errors generated by the specified device class, device name, or error log entry type from the error log report. If you specify more than one keyword, you must specify a comma-separated list of values that is enclosed in parentheses. You can specify one or more devices by device class or name. The following keywords and name constructs are valid for specifying devices: Device Class Keywords: ADAPTER BUSES CACHE DISKS INFORMATIONAL LINE_PRINTER REALTIME SYNC_COMMUNICATIONS TAPES VECTOR WORKSTATION Device Name Constructs: DB Group of devices DBA1 Specific device/unit number (DBA1,HSC1$DUA1,DYA0) List of devices (DB,DR,XF) List of device groups You can specify one or more of the following keywords that identify entry types: ATTENTIONS Exclude device attention entries from the report. BUGCHECKS Exclude all types of bugcheck entries from the report. CONFIGURATION Exclude system configuration entries from the report. CONTROL_ENTRIES Exclude control entries from the report. Control entries include the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Exclude CPU-related entries from the report. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ERRORS Exclude device error entries from the report. ENVIRONMENTAL_ENTRIES Exclude environmental entries from the report. MACHINE_CHECKS Exclude machine check entries from the report. MEMORY Exclude memory errors from the report. SYNDROME Exclude console-generated entries that describe a symptom set used by Compaq support personnel to identify problems. TIMEOUTS Exclude device timeout entries from the report. UNKNOWN_ENTRIES Exclude any entry that had either an unknown entry type or an unknown device type or class. UNSOLICITED_MSCP Exclude unsolicited MSCP entries from the output report. VOLUME_CHANGES Exclude volume mount and dismount entries from the report. /FULL /FULL (D) /NOFULL Generates a full report that provides all available information for an error log entry. Do not use /FULL with the /BINARY qualifier. /INCLUDE /INCLUDE= { device-class } ( { device-name } [,...]) { entry-type } { } Includes errors generated by the specified device class, device name, or error log entry type in the error log report. If you specify more than one keyword, you must specify a comma-separated list of values that is enclosed in parentheses. You can specify one or more devices by device class or name. The following keywords and name constructs are valid for specifying devices: Device Class Keywords: ADAPTER BUSES CACHE DISKS INFORMATIONAL LINE_PRINTER REALTIME SYNC_COMMUNICATIONS TAPES VECTOR WORKSTATION Device Name Constructs: DB Group of devices DBA1 Specific device/unit number (DBA1,HSC1$DUA1,DYA0) List of devices (DB,DR,XF) List of device groups You can specify one or more of the following keywords that identify entry types: ATTENTIONS Include device attention entries in the report. BUGCHECKS Include all types of bugcheck errors in the report. CONFIGURATION Include system configuration entries in the report. CONTROL_ENTRIES Include control entries in the report. Control entries include the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Include CPU-related entries in the report. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ERRORS Include device errors in the report. ENVIRONMENTAL_ENTRIES Include environmental entries in the report. MACHINE_CHECKS Include machine check errors in the report. MEMORY Include memory errors in the report. SYNDROME Include console-generated entries that describe a symptom set used by Compaq support personnel to identify problems. TIMEOUTS Include device timeout errors in the report. UNKNOWN_ENTRIES Include any entry that had either an unknown entry type or an unknown device type or class. UNSOLICITED_MSCP Include unsolicited MSCP entries in the output report. VOLUME_CHANGES Include volume mount and dismount entries in the report. /LOG /LOG /NOLOG (D) Controls whether informational messages that specify the number of entries selected and rejected for each input file are sent to SYS$OUTPUT. /MODEL /MODEL=(hexadecimal-value[,...]) Generates a report consisting of event log entries that occurred on the specified CPU. If you specify more than one hexadecimal value, you must specify a comma-separated list of values that is enclosed in parentheses. (Alpha only) /NODE /NODE=(node-name[,...]) Generates a report consisting of error log entries for specific nodes in an OpenVMS Cluster system. If you specify more than one node name, you must specify a comma-separated list of values that is enclosed in parentheses. /OUTPUT /OUTPUT[=file-spec] Specifies the output file for the error log report. If you omit the output file specification, output is directed to SYS$OUTPUT. Do not use /OUTPUT with the /BINARY qualifier. /REGISTER_DUMP Used in conjunction with the /INCLUDE qualifier to generate, in a hexadecimal longword format, a report that consists of device register information. Do not use /REGISTER_DUMP with the /BINARY qualifier. /REJECTED /REJECTED[=file-spec] Allows you to specify the name of a file that will contain binary records for rejected entries. If you do not specify an output file, the data are written to the file ERRLOG.REJ in your current directory. /SID_REGISTER /SID_REGISTER=(hexadecimal-value[,...]) Generates a report consisting of error log entries that occurred on the specified CPU. If you specify more than one hexadecimal value, you must specify a comma-separated list of values that is enclosed in parentheses. (VAX only) /SINCE /SINCE[=date-time] Specifies that only those entries dated later than the stated date and time are to be selected for the report. If you specify /SINCE without a date and time, the default is TODAY. If you omit the /SINCE qualifier, all entries are processed. /STATISTICS Generates run-time statistical information. 3 Examples 1. $ ANALYZE/ERROR_LOG/BEFORE=19-APR-2000:10:00 ERRLOG.OLD;5 In this example, the error log report generated for ERRLOG.OLD;5 contains entries that were logged before 10:00 a.m on April 19, 2000. 2. $ ANALYZE/ERROR_LOG/INCLUDE=DBA1/BINARY=DBA1_ERR.DAT ERRLOG.OLD;5 In this example, the output file DBA1_ERR.DAT contains image copies of the entries that apply to DBA1. 3. $ ANALYZE/ERROR_LOG/BRIEF ERRLOG.OLD;97 In this example, the error log report generated from ERRLOG.OLD;97 contains minimal information. 4. $ ANALYZE/ERROR_LOG/ENTRY=(START:1,END:18) ERRLOG.SYS In this example, the entry range for the error log report generated from file ERRLOG.SYS is limited to entry numbers 1 through 18. 5. $ ANALYZE/ERROR_LOG/EXCLUDE=MTA0 In this example, the error log entries for the device MTA0 are excluded from the error log report for the file ERRLOG.SYS. 6. $ ANALYZE/ERROR_LOG/EXCLUDE=(MTA0,DRA5) ERRLOG.OLD In this example, the devices MTA0 and DRA5 are excluded from the error log report for the file ERRLOG.OLD. 7. $ ANALYZE/ERROR_LOG/EXCLUDE=TAPES/INCLUDE=MTA0 In this example, the device MTA0 is included in the error log report for the file ERRLOG.SYS. All other magnetic tape devices are excluded from the report. 8. $ ANALYZE/ERROR_LOG/INCLUDE=(DISK,VOLUME_CHANGES, -) _$ DEVICE_ERROR,BUGCHECK In this example, the report consists of error log entries for volume and device error information on disks, and bugcheck errors. These entries are in the default error log file ERRLOG.SYS. 9. $ ANALYZE/ERROR_LOG/MODEL=415 ERRLOG.SYS In this example, the output consists of only those entries that were logged for the system with a model type of 00000415 (hexadecimal). 10. $ ANALYZE/ERROR_LOG/NODE=(ORANGE,NASSAU) - _$ SYS$SYSROOT:[SYS*.SYSERR]ERRLOG.SYS In this example, the OpenVMS Cluster system consists of members BROOME, NASSAU, ORANGE, and PUTNAM. The output contains only those entries that were logged for nodes NASSAU and ORANGE. 11. $ ANALYZE/ERROR_LOG/INCLUDE=DB/REGISTER_DUMP ERRLOG.OLD;72 In this example, the output is in the format of a REGISTER_DUMP report containing entries that apply only to the DB device. 12. $ ANALYZE/ERROR_LOG/INCLUDE=MTA0 - _$ /REJECTED=REAL_ERRS.DAT ERRLOG.OLD;5 In this example, the output file REAL_ERRS.DAT contains image copies of all entries from ERRLOG.OLD;5, with the exception of those entries that apply to the MTA0 device. 13. $ ANALYZE/ERROR_LOG/SID_REGISTER=02006148 ERRLOG.OLD;72 The /SID_REGISTER qualifier is for VAX only. In this example, the output consists of only those entries that were logged for the system with an ID of 02006148 (hexadecimal). 14. $ ANALYZE/ERROR_LOG/STATISTICS ERRLOG.OLD;4 In this example, the output generated by this command consists of a full report of all entries in ERRLOG.OLD;4 and the run-time statistics for the execution of the command. 15. $ ANALYZE/ERROR_LOG/INCLUDE=DBA4/NOFULL/SUMMARY ERRLOG.OLD;5 The /SUMMARY qualifier is for VAX only. The output generated by the command in this example includes the summary report. The report contains the entries that apply to the DBA4 device: device error, device timeout, and device attention. 3 /SINCE Specifies that only those entries dated later than the stated date and time are to be selected for the report. Format /SINCE [=date-time] date-time Limits the error report to those entries dated later than the specified time. If you specify /SINCE without a date and time, the default is TODAY. If you omit the /SINCE qualifier, all entries are processed. 4 Description Only absolute date and time specifications are valid. See the OpenVMS User's Manual for details on specifying times. 4 Example $ ANALYZE/ERROR_LOG/SINCE=19-APR-2000:15:00 ERRLOG.OLD;56 In this example, the error log report generated from ERRLOG.OLD;56 contains entries that have been logged since 15:00 on April 19, 2000. 3 /STATISTICS Generates run-time statistical information. Format /STATISTICS 4 Description Use the /STATISTICS qualifier to generate a report that consists of the page faults, buffered I/O, direct I/O, and CPU time used in the execution of the ANALYZE/ERROR_LOG command. 4 Example $ ANALYZE/ERROR_LOG/STATISTICS ERRLOG.OLD;4 In this example, the output generated by this command consists of a full report of all entries in ERRLOG.OLD;4 and the run-time statistics for the execution of the command. 2 /IMAGE Analyzes the contents of an executable image file or a shareable image file on Alpha systems, VAX systems, and translated VAX images and checks for obvious errors in the image file. The /IMAGE qualifier is required. For general information about image files, see the description of the linker in the OpenVMS Linker Utility Manual. (Use the ANALYZE/OBJECT command to analyze the contents of an object file.) Format ANALYZE/IMAGE filespec[,...] 3 Parameter filespec[,...] Specifies the name of one or more image files that you want analyzed. You must specify at least one file name. If you specify more than one file, separate the file specifications with either commas (,) or plus signs (+). The default file type is EXE. The asterisk (*) and the percent sign (%) wildcard characters are allowed in the file specification. 3 Description The ANALYZE/IMAGE command provides a description of the components of an executable image file or shareable image file. It also verifies that the structure of the major parts of the image file is correct. However, the ANALYZE/IMAGE command cannot ensure that program execution is error free. If errors are found, the first error of the worst severity is returned. For example, if a warning (A) and two errors (B and C) are found, the first error (B) is returned as the image exit status. The image exit status is placed in the DCL symbol $STATUS at image exit. The ANALYZE/IMAGE command distinguishes Alpha system image files from VAX system image files by examining the extended image header (EIHD). The ANALYZE/IMAGE command provides the following information: o Image type - Identifies whether the image is executable or shareable. o Image transfer addresses - Identify the addresses to which control is passed at image execution time. o Image version - Identifies the revision level (major ID and minor ID) of the image. o Location and size of the image's symbol vector (Alpha only) o Location of the debugger symbol table (DST) - Identifies the location of the DST in the image file. DST information is present only in executable images that have been linked with the /DEBUG or the /TRACEBACK command qualifier. o Location of the global symbol table (GST) - Identifies the location of the GST in the image file. GST information is present only in shareable image files. o Patch information - Indicates whether the image has been patched (changed without having been recompiled or reassembled and relinked). If a patch is present, the actual patch code can be displayed. o Image section descriptors (ISD) - Identify portions of the image binary contents that are grouped in OpenVMS Cluster systems according to their attributes. An ISD contains information that the image activator needs when it initializes the address space for an image. For example, an ISD tells whether the ISD is shareable, whether it is readable or writable, whether it is based or position independent, and how much memory should be allocated. o Fixup vectors - Contain information that the image activator needs to ensure the position independence of shareable image references. o System version categories - For an image that is linked against the executive (the system shareable image on Alpha or the system symbol table on VAX), displays both the values of the system version categories for which the image was linked originally and the values for the system that is currently running. You can use these values to identify changes in the system since the image was linked last. The ANALYZE/IMAGE command has command qualifiers and positional qualifiers. By default, if you do not specify any positional qualifiers (for example, /GST or /HEADER), the entire image is analyzed. If you do specify a positional qualifier, the analysis excludes all other positional qualifiers except the /HEADER qualifier (which is always enabled) and any qualifier that you request explicitly. 3 Qualifiers /FIXUP_SECTION Positional qualifier. Specifies that the analysis should include all information in the fixup section of the image. If you specify the /FIXUP_SECTION qualifier after the ANALYZE /IMAGE command, the fixup section of each image file in the parameter list is analyzed. If you specify the /FIXUP_SECTION qualifier after a file specification, only the information in the fixup section of that image file is analyzed. /GST Positional qualifier. Specifies that the analysis should include all global symbol table records. This qualifier is valid only for shareable images. If you specify the /GST qualifier after the ANALYZE/IMAGE command, the global symbol table records of each image file in the parameter list are analyzed. If you specify the /GST qualifier after a file specification, only the global symbol table records of that file are analyzed. /HEADER Positional qualifier. Specifies that the analysis should include all header items and image section descriptions. The image header items are always analyzed. /INTERACTIVE /INTERACTIVE /NOINTERACTIVE (default) Specifies whether the analysis is interactive. In interactive mode, as each item is analyzed, the results are displayed on the screen and you are asked whether you want to continue. /OUTPUT /OUTPUT=filespec Identifies the output file for storing the results of the image analysis. The asterisk (*) and the percent sign (%) wildcard characters are not allowed in the file specification. If you specify a file type and omit the file name, the default file name ANALYZE is used. The default file type is ANL. If you omit the qualifier, the results are output to the current SYS$OUTPUT device. /PATCH_TEXT Positional qualifier. Specifies that the analysis include all patch text records. If you specify the /PATCH_TEXT qualifier after the ANALYZE /IMAGE command, the patch text records of each image file in the parameter list are analyzed. If you specify the /PATCH_TEXT qualifier after a file specification, only the patch text records of that file are analyzed. /SELECT /SELECT=(keyword[,...]) Allows for the collection of specific image or object file information and displays the selected keyword items in the order specified. The keywords are as follows: Keyword Description ARCHITECTURE Returns "OpenVMS Alpha" if the file is either an OpenVMS Alpha image or object file. Returns "OpenVMS VAX" if the file is either an OpenVMS VAX image or object file. Otherwise, returns "Unknown". BUILD_ For OpenVMS Alpha image files, returns the image build IDENTIFICATION identification stored in the image header, enclosed in quotation marks. For OpenVMS VAX image files, the null string that is represented by adjacent quotation marks is returned. Otherwise, returns "Unknown". FILE_TYPE Returns "Image" if the file is an OpenVMS VAX or Alpha image file. Returns "Object" if the file is an OpenVMS VAX or Alpha object file. Otherwise, returns "Unknown". IDENTIFICATION For both OpenVMS Alpha and VAX image files, returns the image identification that is stored in the image header, enclosed in quotation marks. Otherwise, returns "Unknown". IMAGE_TYPE Returns "Shareable" if the file is either an OpenVMS Alpha or OpenVMS VAX sharable image file. Returns "Executable" if the file is either an OpenVMS Alpha or OpenVMS VAX executable (nonsharable) image file. Otherwise, returns "Unknown". LINK_TIME For both OpenVMS Alpha and VAX image files, returns the image link time that is stored in the image header, enclosed in quotation marks. Otherwise, returns "Unknown". NAME For both OpenVMS Alpha and VAX image files, returns the image name that is stored in the image header, enclosed in quotation marks. Otherwise, returns "Unknown". 3 Examples 1.$ ANALYZE/IMAGE LINEDT The ANALYZE/IMAGE command in this example produces a description and an error analysis of the image LINEDT.EXE. Output is sent to the current SYS$OUTPUT device. By default, the entire image is analyzed. 2.$ ANALYZE/IMAGE/OUTPUT=LIALPHEX/FIXUP_SECTION/PATCH_TEXT LINEDT,ALPRIN The ANALYZE/IMAGE command in this example produces a description and an error analysis of the fixup sections and patch text records of LINEDT.EXE and ALPRIN.EXE in file LIALPHEX.ANL. Output is sent to the file LIALPHEX.ANL. 3.$ ANALYZE/IMAGE/SELECT=(ARCH,FILE,NAME,IDENT,BUILD,LINK) *.EXE DISK:[DIRECTORY]ALPHA.EXE;1 OpenVMS ALPHA Image "Test image ALPHA" "A11-27" "X5SC-SSB-0000" 13-APR-2000 07:16:19.24 DISK:[DIRECTORY]NO_HEADER.EXE;1 Unknown Unknown Unknown Unknown Unknown Unknown DISK:[DIRECTORY]VAX.EXE;1 OpenVMS VAX Image "Test image VAX" "V11-27" "" 4-NOV-2000 13:18:40:70 This example displays the information requested about the executable file, ALPHA.EXE, the unknown file, NO_HEADER.EXE, and the executable file, VAX.EXE. 2 /MEDIA Invokes the bad block locator utility (bad), which analyzes block-addressable devices and records the location of blocks that cannot reliably store data. The /MEDIA qualifier is required. For a complete description of BAD, including information about the ANALYZE/MEDIA command and its qualifiers, see the OpenVMS Bad Block Locator Utility Manual. Format ANALYZE/MEDIA device device Specifies the device that bad will analyze. The device has the form: ddcu: or logical-name 3 Qualifiers /BAD_BLOCKS /BAD_BLOCKS[=LIST] Adds the specified bad blocks to the detected bad block file (DBBF). If the /BAD_BLOCK qualifier is specified along with the /EXERCISE qualifier, the medium is tested once the bad blocks are added to the DBBF. If you do not specify a value for the /BAD_BLOCK qualifier, you are prompted as follows: BAD_BLOCKS = In prompt mode, BAD reports any duplicate bad blocks. Qualifier Value List Specifies the bad block locations to be added to the DBBF. Valid codes for specifying bad block locations are: Code Meaning LBN Specifies the logical block number (LBN) of a single bad block. LBN:count Specifies a range of contiguous bad blocks starting at the logical block number (LBN) and continuing for "count" blocks. SEC.TRK.CYL Specifies the physical disk address (sector, track, and cylinder) of a single bad sector. This code is valid only for last track devices. SEC.TRK.CYL:count Specifies a range of bad sectors starting at the specified physical disk address (sector, track, and cylinder) and continuing for "count" sectors. This code is valid only for last track devices. You can specify these formats in any integer combination or radix combination. Note The term "block" denotes a standard unit of 512 bytes, whereas the term "sector" denotes the physical size of the device sector, which is not always the same for all devices. For example, an RL02 has a sector size of 256 bytes, while an RK07 has a standard sector size of 512 bytes. /EXERCISE /EXERCISE=(FULL,[NO]KEEP,PATTERN) /NOEXERCISE (default) Controls whether the media should actually be tested. You can update the DBBF without erasing the contents of the volume by using the /NOEXERCISE qualifier along with the /BAD_BLOCKS qualifier. Qualifier Keywords FULL Causes BAD to test the media using three test patterns (0s, 1s, and "worst case") instead of the default single "worst case" pattern. The FULL keyword can be used only with /EXERCISE. Note that the "worst case" test pattern always remains on media tested with the /EXERCISE qualifier. KEEP Ensures the preservation of the current software detected bad block file (SDBBF). The keep keyword is the default when /NOEXERCISE is specified. NOKEEP Causes BAD to create a new SDBBF. The NOKEEP keyword is the default when /EXERCISE is specified. This keyword cannot be used with the /NOEXERCISE qualifier. PATTERN=(value[,...]) Allows users to specify the value of a test pattern to be used as "worst case". Up to an octaword of test pattern data may be specified in decimal (%D), hexadecimal (%X), or octal (%O) radixes. The default radix is decimal. The pattern is specified in longwords. If two or more longwords are specified, they must be enclosed in parentheses and separated by commas. /LOG /LOG /NOLOG (default) Specifies whether a message is sent to the current SYS$OUTPUT device and SYS$ERROR, indicating the total number of bad blocks detected by BAD. /OUTPUT /OUTPUT[=filespec] Specifies whether the contents of the DBBF are written to the specified file. If you omit the /OUTPUT qualifier, no output is generated. If you specify /OUTPUT but omit the filespec, the contents of the DBBF are written to the current SYS$OUTPUT device. When you specify /OUTPUT, the /SHOW=AFTER qualifier is implied. Qualifier Value filespec Identifies the output file for storing the results of the medium analysis. If you specify a file type and omit the file name, the default file name ANALYZE is used. The default file type is ANL. If you omit the filespec, the results are output to the current SYS$OUTPUT device. No wildcard characters are allowed in the file specification. /RETRY /RETRY /NORETRY (default) Enables the device driver to retry soft errors. /SHOW /SHOW[=(keyword[,...])] Lists the contents of the DBBF before or after (or both) the medium is exercised or modified. Qualifier Keywords [NO]BEFORE,[NO]AFTER Specifies whether the contents of the DBBF are listed before or after (or both) the medium is exercised. After is the default. 3 Examples In examples 1 and 2, the contents of the data region on the medium are not altered or destroyed; in examples 3, 4, and 5, all the data on the medium is destroyed. 1. $ ANALYZE/MEDIA/BAD_BLOCKS=(4.4.4:3) DBA1: The /BAD_BLOCKS qualifier in this example specifies a range of 3 bad blocks beginning at the physical disk address sector 4, track 4, cylinder 4. This range is added to the DBBF. 2. $ ANALYZE/MEDIA/LOG DBB1: DEVICE DBB1: CONTAINS A TOTAL OF 340670 BLOCKS; 11 DEFECTIVE BLOCKS DETECTED. The command in this example requests BAD to report the total number of bad blocks recorded in DBBFs for the disk mounted on DBB1:. The medium is not exercised or altered in any way. 3. $ ANALYZE/MEDIA/EXERCISE/BAD_BLOCKS=(2) DBB1: The command in this example adds the bad block specification to the DBBF and then tests the media. The bad block in this example is located at logical block number (LBN) 2. 4. $ ANALYZE/MEDIA/EXERCISE=KEEP DBA1: This command tests the media while preserving the current SDBBF. 5. $ ANALYZE/MEDIA/EXERCISE/RETRY DBB1: The command in this example directs the device driver to retry soft errors. 2 /OBJECT Analyzes the contents of an object file. Also checks for any obvious errors. The /OBJECT qualifier is required. (Use the ANALYZE/IMAGE command to analyze the contents of an image file.) Format ANALYZE/OBJECT filespec[,...] filespec[,...] Specifies the object files or object module libraries you want analyzed (the default file type is OBJ). Use commas (,) or plus signs (+) to separate file specifications. The asterisk (*) and percent sign (%) wildcard characters are allowed in the file specification. 3 Description The ANALYZE/OBJECT command describes the contents of one or more object modules contained in one or more files. It also performs a partial error analysis. This analysis determines whether all records in an object module conform in content, format, and sequence to the specifications of the Alpha or VAX object language. The ANALYZE/OBJECT command automatically distinguishes Alpha objects from VAX objects by examining the format of the extended object modules header (EOMH). ANALYZE/OBJECT is intended primarily for programmers of compilers, debuggers, or other software involving the operating system's object modules. It checks that the object language records generated by the object modules are acceptable to the Linker utility, and it identifies certain errors in the file. It also provides a description of the records in the object file or object module library. For more information on the linker and on the Alpha and VAX object languages, refer to the OpenVMS Linker Utility Manual. The ANALYZE/OBJECT command analyzes the object modules in order, record by record, from the first to the last record in the object module. Fields in each record are analyzed in order from the first to the last field in the record. After the object module is analyzed, you should compare the content and format of each type of record to the required content and format of that record as described by the OpenVMS Alpha or OpenVMS VAX object language. This comparison is particularly important if the analysis output contains a diagnostic message. Linking an object module differs from analyzing an object module. Object language commands are not executed in an analysis, but they are executed in a linking operation. As a result, even if the analysis is error free, the linking operation may not be. In particular, the analysis does not check the following: o That data arguments in TIR commands are in the correct format. o That "Store Data" TIR commands are storing within legal address limits. Therefore, as a final check, you should still link an object module whose analysis is error free. If an error is found, however, the first error of the worst severity that is discovered is returned. For example, if a warning (A) and two errors (B and C) are signaled, then the first error (B) is returned as the image exit status, which is placed in the DCL symbol $STATUS at image exit. ANALYZE/OBJECT uses positional qualifiers; that is, qualifiers whose function depends on their position in the command line. When a positional qualifier precedes all of the input files in a command line, it affects all input files. For example, the following command line requests that the analysis include the global symbol directory records in files A, B, and C: $ ANALYZE/OBJECT/GSD A,B,C Conversely, when a positional qualifier is associated with only one file in the parameter list, only that file is affected. For example, the following command line requests that the analysis include the global symbol directory records in file B only: $ ANALYZE/OBJECT A,B/GSD,C Typically, all records in an object module are analyzed. However, when the /DBG, /EOM, /GSD, /LNK, /MHD, /TBT, or /TIR qualifier is specified, only the record types indicated by the qualifiers are analyzed. All other record types are ignored. By default, the analysis includes all record types unless you explicitly request a limited analysis using appropriate qualifiers. Note End-of-module (EOM) records and module header (MHD) records are always analyzed, no matter which qualifiers you specify. 3 Qualifiers /DBG /DBG Positional qualifier. Specifies that the analysis should include all debugger information records. If you want the analysis to include debugger information for all files in the parameter list, insert the /DBG qualifier immediately following the /OBJECT qualifier. If you want the analysis to include debugger information selectively, insert the /DBG qualifier immediately following each of the selected file specifications. /EOM /EOM Positional qualifier. Specifies that the analysis should be limited to MHD records, EOM records, and records explicitly specified by the command. If you want this to apply to all files in the parameter list, insert the /EOM qualifier immediately following the /OBJECT qualifier. To make the /EOM qualifier applicable selectively, insert it immediately following each of the selected file specifications. Note End-of-module records can be EOM or EOMW records. See the OpenVMS Linker Utility Manual for more information. /GSD /GSD Positional qualifier. Specifies that the analysis should include all global symbol directory (GSD) records. If you want the analysis to include GSD records for each file in the parameter list, specify the /GSD qualifier immediately following the /OBJECT qualifier. If you want the analysis to include GSD records selectively, insert the /GSD qualifier immediately following each of the selected file specifications. /INCLUDE /INCLUDE[=(module[,...])] When the specified file is an object module library, use this qualifier to list selected object modules within the library for analysis. If you omit the list or specify an asterisk (*), all modules are analyzed. If you specify only one module, you can omit the parentheses. /INTERACTIVE /INTERACTIVE /NOINTERACTIVE (default) Controls whether the analysis occurs interactively. In interactive mode, as each record is analyzed, the results are displayed on the screen, and you are asked whether you want to continue. /LNK /LNK Positional qualifier. Specifies that the analysis should include all link option specification (LNK) records. If you want the analysis to include LNK records for each file in the parameter list, specify the /LNK qualifier immediately following the /OBJECT qualifier. If you want the analysis to include LNK records selectively, insert the /LNK qualifier immediately following each of the selected file specifications. /MHD /MHD Positional qualifier. Specifies that the analysis should be limited to MHD records, EOM records, and records explicitly specified by the command. If you want this analysis to apply to all files in the parameter list, insert the /MHD qualifier immediately following the /OBJECT qualifier. To make the /MHD qualifier applicable selectively, insert immediately following each of the selected file specifications. /OUTPUT /OUTPUT[=filespec] Directs the output of the object analysis (the default is SYS$OUTPUT). If you specify a file type and omit the file name, the default file name ANALYZE is used. The default file type is ANL. The asterisk (*) and the percent sign (%) wildcard characters are not allowed in the file specification. /SELECT /SELECT=(keyword[,...]) Allows for the collection of specific image or object file information and displays the selected keyword items in the order specified. The keywords are as follows: Keyword Description ARCHITECTURE Returns "OpenVMS Alpha" if the file is either an OpenVMS Alpha image or object file. Returns "OpenVMS VAX" if the file is either an OpenVMS VAX image or object file. Otherwise, returns "Unknown". BUILD_ For OpenVMS Alpha image files, returns the image build IDENTIFICATION identification stored in the image header, enclosed in quotation marks. For OpenVMS VAX image files, the null string that is represented by adjacent quotation marks is returned. Otherwise, returns "Unknown". FILE_TYPE Returns "Image" if the file is an OpenVMS VAX or Alpha image file. Returns "Object" if the file is an OpenVMS VAX or Alpha object file. Otherwise, returns "Unknown". IDENTIFICATION For both OpenVMS Alpha and VAX image files, returns the image identification that is stored in the image header, enclosed in quotation marks. Otherwise, returns "Unknown". IMAGE_TYPE Returns "Shareable" if the file is either an OpenVMS Alpha or OpenVMS VAX sharable image file. Returns "Executable" if the file is either an OpenVMS Alpha or OpenVMS VAX executable (nonsharable) image file. Otherwise, returns "Unknown". LINK_TIME For both OpenVMS Alpha and VAX image files, returns the image link time that is stored in the image header, enclosed in quotation marks. Otherwise, returns "Unknown". NAME For both OpenVMS Alpha and VAX image files, returns the image name that is stored in the image header, enclosed in quotation marks. Otherwise, returns "Unknown". /TBT /TBT Positional qualifier. Specifies that the analysis should include all module traceback (TBT) records. If you want the analysis to include TBT records for each file in the parameter list, specify the /TBT qualifier immediately following the /OBJECT qualifier. If you want the analysis to include TBT records selectively, insert the /TBT qualifier immediately following each of the selected file specifications. /TIR /TIR Positional qualifier. Specifies that the analysis should include all text information and relocation (TIR) records. If you want the analysis to include TIR records for each file in the parameter list, specify the /TIR qualifier immediately following the /OBJECT qualifier. If you want the analysis to include TIR records selectively, insert the /TIR qualifier immediately following the selected file specifications. 3 Examples 1.$ ANALYZE/OBJECT/INTERACTIVE LINEDT In this example, the ANALYZE/OBJECT command produces a description and a partial error analysis of the object file LINEDT.OBJ. By default, all types of records are analyzed. Output is to the terminal because the /INTERACTIVE qualifier has been used. As each item is analyzed, the utility displays the results on the screen and asks if you want to continue. 2.$ ANALYZE/OBJECT/OUTPUT=LIOBJ/DBG LINEDT In this example, the ANALYZE/OBJECT command analyzes only the debugger information records of the file LINEDT.OBJ. Output is to the file LIOBJ.ANL. 3.$ ANALYZE/OBJECT/SELECT=(ARCH,FILE) *.OBJ DISK:[DIRECTORY]ALPHA.OBJ;1 OpenVMS ALPHA Object DISK:[DIRECTORY]MISNAMED.OBJ;1 Unknown Unknown DISK:[DIRECTORY]VAX.OBJ;1 OpenVMS VAX Object This example displays the information requested about the object file, ALPHA.OBJ, the unknown file, MISNAMED.OBJ, and the object file, VAX.OBJ. 2 /PROCESS_DUMP Invokes the OpenVMS Debugger to analyze a process dump file that was created when an image failed during execution. (Use the /DUMP qualifier with the RUN or the SET PROCESS command to generate a dump file.) Note that on Alpha systems, you can also force a process to dump by using the DUMP/PROCESS command. The ANALYZE/PROCESS_DUMP command can display a process dump file for either an Alpha or a VAX image. For a complete description of the debugger, including information about the DEBUG command, refer to the OpenVMS Debugger Manual. Requires read (R) access to the dump file. Format ANALYZE/PROCESS_DUMP dump-file dump-file Specifies the dump file to be analyzed with the debugger. 3 Qualifiers /FULL On VAX and Alpha systems, displays all known information about the failing process. /IMAGE /IMAGE=image-name /NOIMAGE On VAX systems, specifies the image to be activated to set up the process context for the analysis. If you use the /NOIMAGE qualifier, the DELTA debugger will be used for the analysis. By default, symbols are taken from the image with the same name as the image that was running at the time of the dump. /IMAGE_PATH /IMAGE_PATH[=directory-spec] dump-file /NOIMAGE_PATH On Alpha systems, specifies the search path the debugger is to use to find the debugger symbol table (DST) file. As in prior debuggers, the debugger builds an image list from the saved process image list. When you set an image (the main image is automatically set), the debugger attempts to open that image in order to find the DST file. If you include the /IMAGE_PATH=directory-spec qualifier, the debugger searches for the DST file in the specified directory. The debugger first tries to translate directory-spec as the logical name of a directory search list. If that fails, the debugger interprets directory-spec as a directory specification, and searches that directory for matching .DSF or .EXE files. A .DSF file takes precedence over an .EXE file. The name of the .DSF or .EXE file must match the image. If you do not include the /IMAGE_PATH=directory-spec qualifier, the debugger looks for the DST file first in the directory that contains the dump file. If that fails, the debugger searches directory SYS$SHARE and then directory SYS$MESSAGE. If the debugger fails to find a DST file for an image, the symbolic information available to the debugger is limited to global and universal symbol names. Version 7.3 and later debuggers check for dumpfile image specification and DST file link date-time mismatches and issue a warning if one is discovered. The dump-file parameter is the name of the process dump file to be analyzed. Note that the process dump file file type must be .DMP and the DST file type must be either .DSF or .EXE. /INTERACTIVE /INTERACTIVE /NOINTERACTIVE (default) On VAX systems, causes the display of information to pause when your terminal screen is filled. Press Return to display additional information. By default, the display is continuous. /MISCELLANEOUS On VAX systems, displays process information and registers at the time of the dump. Refer to the $GETJPI system service for further explanation of the process information displayed. /RELOCATION On VAX systems, displays the addresses to which data structures saved in the dump are mapped in P0 space. (Examples of such data structures are the stacks.) The data structures in the dump must be mapped into P0 space so that the debugger can use those data structures in P1 space. 3 Examples 1.$ ANALYZE/PROCESS/FULL ZIPLIST R0 = 00018292 R1 = 8013DE20 R2 = 7FFE6A40 R3 = 7FFE6A98 R4 = 8013DE20 R5 = 00000000 R6 = 7FFE7B9A R7 = 0000F000 R8 = 00000000 R9 = 00000000 R10 = 00000000 R11 = 00000000 SP = 7FFAEF44 AP = 7FFAEF48 FP = 7FFAEF84 FREE_P0_VA 00001600 FREE_P1_VA 7FFAC600 Active ASTs 00 Enabled ASTs 0F Current Privileges FFFFFF80 1010C100 Event Flags 00000000 E0000000 Buffered I/O count/limit 6/6 Direct I/O count/limit 6/6 File count/limit 27/30 Process count/limit 0/0 Timer queue count/limit 10/10 AST count/limit 6/6 Enqueue count/limit 30/30 Buffered I/O total 7 Direct I/O total 18 Link Date 27-DEC-2000 15:02:00.48 Patch Date 17-NOV-2000 00:01:53 ECO Level 0030008C 00540040 00000000 34303230 Kernel stack 00000000 pages at 00000000 moved to 00000000 Exec stack 00000000 pages at 00000000 moved to 00000000 Vector page 00000001 page at 7FFEFE00 moved to 00001600 PIO (RMS) area 00000005 pages at 7FFE1200 moved to 00001800 Image activator context 00000001 page at 7FFE3400 moved to 00002200 User writable context 0000000A pages at 7FFE1C00 moved to 00002400 Creating a subprocess VAX DEBUG Version 5.4 DBG> This example shows the output of the ANALYZE/PROCESS command when used with the /FULL qualifier on a VAX system. The file specified, ZIPLIST, contains the dump of a process that encountered a fatal error. The DBG> prompt indicates that the debugger is ready to accept commands. 2 /RMS_FILE Invokes the Analyze/RMS_File utility to inspect and analyze the internal structure of an RMS file. The /RMS_FILE qualifier is required. For a complete description of the Analyze/RMS_File utility, including more information about the ANALYZE/RMS_FILE command and its qualifiers, see the OpenVMS Record Management Utilities Reference Manual. ANALYZE/RMS_FILE filespec[,...] 3 Parameter filespec[,...] Specifies the data file to be analyzed. The default file type is .DAT. You can use multiple file specifications and wildcard characters with the /CHECK qualifier, the /RU_JOURNAL qualifier, the /STATISTICS qualifier, and the /SUMMARY qualifier, but not with the /FDL qualifier or the /INTERACTIVE qualifier. 3 Qualifiers /CHECK Checks the integrity of the file and generates a report of any errors in its structure. The report produced by the /CHECK qualifier includes a list of any errors and a summary of the file's structure. If you do not specify an output file, the report is written to the current SYS$OUTPUT device, which is generally your terminal. You can use wildcards and multiple file specifications. If you specify /NOOUTPUT, you only get a message indicating whether the file has errors. The check function is active by default when you use the ANALYZE /RMS_FILE command without any qualifiers. The /CHECK qualifier is not compatible with the /FDL qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier, or the /SUMMARY qualifier. /FDL Generates an FDL file describing the RMS data file being analyzed. By default, the /FDL qualifier creates a file with the file type .FDL and the same file name as the input data file. To assign a different type or name to the FDL file, use the /OUTPUT qualifier. If the data file is corrupted, the FDL file contains the Analyze/RMS_File utility error messages. For indexed files, the FDL file contains special analysis sections you can use with the EDIT/FDL Optimize script to make better design decisions when you reorganize the file. You cannot use wildcards or multiple file specifications with the /FDL qualifier. The /FDL qualifier is not compatible with the /CHECK qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier, the /SUMMARY qualifier, or the /UPDATE_HEADER qualifier. /INTERACTIVE Begins an interactive examination of the file's structure. You cannot use wildcards or multiple file specifications. For help with the interactive commands, enter the HELP command at the ANALYZE> prompt. Do not use this qualifier with the /CHECK, /FDL, /STATISTICS, /SUMMARY, or /UPDATE_HEADER qualifiers. /OUTPUT /OUTPUT=filesspec /NOOUTPUT Identifies the destination file for the results of the analysis. The /NOOUTPUT qualifier specifies that no output file is to be created. In all cases, the Analyze/RMS_File utility displays a message indicating whether the data file has errors. /CHECK Places the integrity report in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output- filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /FDL Places the resulting FDL specification in the output file. The default file type is .FDL, and the default file name is that of the input file. /INTERACTIVE Places a transcript of the interactive session in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output-filespec parameter, no transcript of your interactive session is produced. /RU_JOURNAL Places the recovery-unit journal information in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output-filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /STATISTICS Places the statistics report in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output- filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /SUMMARY Places the summary report in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output- filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /RU_JOURNAL Provides information about recovery-unit journaling where applicable. You can use the /RU_JOURNAL qualifier on any file, but it is inoperative on files not marked for recovery-unit journaling. This qualifier provides the only way of accessing a file that would otherwise be inaccessible because of unresolved recovery units. This situation might be the result of an unavailable recovery-unit journal file or of unavailable data files that were included in the recovery unit. To use the /RU_JOURNAL qualifier, your process must have both CMEXEC privilege and access to the [SYSJNL] directory (either SYSPRV privilege or access for UIC [1,4]). This qualifier is compatible with all of the ANALYZE/RMS_FILE qualifiers, and you can use it with wildcards and multiple file specifications. When you specify the /RU_JOURNAL qualifier, the Analyze/RMS_File utility provides you with the following data for each active recovery unit: o The journal file specification and the journal creation date o The recovery-unit identification, recovery-unit start time, cluster system identification number (CSID), and process identification (PID) o Information about the files involved in the recovery unit, including the file specification, the name of the volume where the file resides, the file identification, the date and time the file was created, and the current status of the file o The state of the recovery unit - active, none, started, committed, or not available (for more information, see the RMS Journaling for OpenVMS Manual) o An error statement /STATISTICS Specifies that a report is to be produced containing statistics about the file. The /STATISTICS qualifier is used mainly on indexed files. By default, if you do not specify an output file with the /OUTPUT qualifier, the statistics report is written to the current SYS$OUTPUT device, which is generally your terminal. The /STATISTICS qualifier is not compatible with the /CHECK qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier. /SUMMARY Specifies that a summary report is to be produced containing information about the file's structure and use. The /SUMMARY qualifier generates a summary report containing information about the file's structure and use. If the file has no errors, the output generated from the /SUMMARY qualifier is identical to that produced by the /CHECK qualifier. Unlike the /CHECK qualifier, however, the /SUMMARY qualifier does not check the structure of your file, so output is generated more quickly. Do not use this qualifier with the /CHECK qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier, or the /UPDATE_HEADER qualifier. /UPDATE_HEADER Attempts to update the following attributes in the header of the file: longest record length (LRL) and/or file length hint attribute. You must use this qualifier in combination with either /STATISTICS or /CHECK (the default). This qualifier only applies to sequential file organizations and is ignored for any other file organization. The /UPDATE_HEADER qualifier attempts to update the LRL and/or file hint attribute in the file header if the calculated value(s) differ from the current value(s) in the file header. The /UPDATE_HEADER qualifier applies to: o An LRL request - if the file is sequential and has a record format other than undefined (UDF). o A HINT request - if the file is sequential, the record format is either variable (VAR) or variable with fixed control (VFC), and the file is located on an ODS-5 disk device. It is not supported for remote accesses; requests are ignored. The /UPDATE_HEADER qualifier requires either the STATISTICS or CHECK (default) functions since calculating new values for the LRL and/or file length hint presumes that all the records in the sequential file are processed. It is not compatible with the /FDL qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier. Any errors returned by the file system when an attempt to update the file header fails are ignored. If the update succeeds, the updated values are displayed at the end of the report. 3 EXAMPLES 1.$ ANALYZE/RMS_FILE/CHECK CUSTFILE This command checks the file CUSTFILE.DAT for errors and displays the report on the terminal. 2.$ ANALYZE/RMS_FILE/FDL ADDRFILE This command generates an FDL file named ADDRFILE.FDL from the data file ADDRFILE.DAT. 3.$ ANALYZE/RMS_FILE DENVER::DB1:[PROD]RUN.DAT This command analyzes the structure of the file RUN.DAT residing at remote node DENVER. 4.$ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A FILE HEADER File Spec: DISK$REGRES:[REGRES]A.A;3 ... RMS FILE ATTRIBUTES File Organization: sequential Record Format: variable Record Attributes: carriage-return Maximum Record Size: 0 Longest Record: 52 Blocks Allocated: 4, Default Extend Size: 0 End-of-File VBN: 1, Offset: %X'008E' File Monitoring: disabled File Length Hint (Record Count): 6 (invalid) File Length Hint (Data Byte Count): 42 (invalid) Global Buffer Count: 0 The analysis uncovered NO errors. UPDATED File Length Hint (Record Count) to: 10 UPDATED File Length Hint (Data Byte Count) to: 118 ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A 2 /SYSTEM Invokes the System Dump Analyzer (SDA) utility to analyze a running system. On Alpha systems, you cannot specify the /CRASH_DUMP, /OVERRIDE, or /RELEASE qualifier when you use the /SYSTEM qualifier with the ANALYZE command. On VAX systems, you cannot specify the /CRASH_DUMP or /RELEASE qualifier when you use the /SYSTEM qualifier with the ANALYZE command. For a complete description of SDA, including more information about the ANALYZE/SYSTEM command and its qualifiers, see the OpenVMS Alpha System Dump Analyzer Utility Manual and the OpenVMS VAX System Dump Analyzer Utility Manual. Caution Although the analysis of a running system might be instructive, be aware that system context, process context, and a processor's hardware context remain fluid during any given display. In a multiprocessing environment, a process running SDA might be rescheduled to a different processor frequently during analysis. Therefore, Compaq recommends that you do not examine the hardware state using addresses that are not mapped to physical memory locations. Also, when using SDA to analyze a running system, use caution in interpreting its displays. Because system states change frequently, it is possible that the information SDA displays might be inconsistent with the actual, volatile state of the system at any given moment. Format ANALYZE/SYSTEM 3 Example $ ANALYZE/SYSTEM This command invokes SDA to analyze the running system. 3 /SYMBOL Specifies an alternate system symbol table for SDA to use. Format ANALYZE/SYSTEM/SYMBOL=system-symbol-table system-symbol-table On Alpha systems, file specification of the OpenVMS Alpha SDA system symbol table required by SDA to analyze a system dump. The specified system-symbol-table must contain those symbols required by SDA to find certain locations in the executive image. On Alpha systems, if you do not specify the /SYMBOL qualifier, SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the SDA symbol table. When you specify the /SYMBOL qualifier, SDA assumes the default disk and directory to be SYS$DISK and [default-dir]; that is, the disk and directory specified in your last SET DEFAULT command. If no device and directory are given in the file name and the file is not found in the current default directory, SDA attempts to open the file SDA$READ_DIR:filename.type. If no type has been given in the file name, SDA assumes .EXE. If you specify a file for this parameter that is not a system symbol table, SDA halts with a fatal error. On VAX systems, file specification of the SDA system symbol table required by SDA to analyze a system dump. The specified system-symbol-table must contain those symbols required by SDA to find certain locations in the executive image. On VAX systems, if you do not specify the /SYMBOL qualifier, SDA uses SYS$SYSTEM:SYS.STB by default. When you do specify the /SYMBOL qualifier, SDA assumes the default disk and directory to be SYS$DISK; that is, the disk and directory specified in your last SET DEFAULT command. If you specify a file for this parameter that is not a system symbol table, SDA halts with a fatal error. 4 Description On Alpha systems, the /SYMBOL qualifier allows you to specify a system symbol table other than SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load into the SDA symbol table. You can use the /SYMBOL qualifier whether you are analyzing a system dump or a running system. On Alpha systems, the /SYMBOL qualifier can be used with the /CRASH_DUMP and /SYSTEM qualifiers. It is ignored when /OVERRIDE or /RELEASE is specified. On VAX systems, the /SYMBOL qualifier allows you to specify a system symbol table other than SYS$SYSTEM:SYS.STB to load into the SDA symbol table. This might be necessary, for instance, to analyze a crash dump taken on a processor running a different version of OpenVMS. On VAX systems, you can use the /SYMBOL qualifier whether you are analyzing a system dump or a running system. 4 Examples On Alpha systems: $ ANALYZE/SYSTEM/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM This command invokes SDA to analyze the running system, using the base image in SDA$READ_DIR. On VAX systems: $ ANALYZE/SYSTEM/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM This command invokes SDA to analyze the running system, using the system symbol table at SYS$CRASH:SYS.STB.