1 ANALYZE The ANALYZE commands invoke utilities to examine various components of an OpenVMS system. They perform the following functions: o Invoke the Audit Analysis Utility to extract selective information from the system security audit journal (see /AUDIT). o Invoke the System Dump Analyzer (SDA) to examine the specified dump file (see /CRASH_DUMP). o Invoke the Analyze/Disk_Structure Utility to examine disk volumes (see /DISK_STRUCTURE). o Invoke the Error Log Viewer (ELV) to selectively report the contents of an error log file (see /ERROR_LOG/ELV). (Alpha/I64 only) o Describe the contents of an image file or shareable image file (see /IMAGE). o Invoke the Bad Block Locator (BAD) Utility to find disk blocks that cannot be used to store data (see /MEDIA). o Describe the contents of an object file (see /OBJECT). o Invoke the OpenVMS Debugger for analysis of a process dump file (see /PROCESS_DUMP). o Analyze the internal structure of an RMS file (see /RMS_FILE). o Display the data collected by the System Service Logging utility (see /SSLOG). (Alpha/I64 only) o Invoke the System Dump Analyzer (SDA) to examine the running system (see /SYSTEM). The default analyze function is to examine object modules (ANALYZE/OBJECT). 2 /AUDIT 3 Overview The Audit Analysis utility (ANALYZE/AUDIT) processes event messages in security audit log files to produce reports of security-related events on the system. Format ANALYZE/AUDIT [file-spec[,...]] file-spec[,...] Specifies one or more security audit log files as input to ANALYZE/AUDIT. If you specify more than one file name, separate the names with commas. If you omit the file-spec parameter, the utility searches for the default audit log file SECURITY.AUDIT$JOURNAL. The default audit log file is created in the SYS$COMMON:[SYSMGR] directory. To use the file, specify SYS$MANAGER on the ANALYZE/AUDIT command line. If you do not specify a directory, the utility searches for the file in the current directory. You can include wildcard characters, such as the asterisk (*) or percent sign (%), in the file specification. The audit log file can be located in any directory. To display the current location, use the DCL command SHOW AUDIT/ALL. 3 Qualifiers Qualifier Description /BEFORE Controls whether records dated earlier than the specified time are selected /BINARY Controls whether output is a binary file /BRIEF Controls whether a brief, single-line record format is used in ASCII displays /EVENT_TYPE Selects the classes of events to be extracted from the security log file /FULL Controls whether a full format is used in ASCII displays /IGNORE Excludes records from the report that match the specified criteria /INTERACTIVE Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked /OUTPUT Specifies where to direct output from ANALYZE/AUDIT /PAUSE Specifies the length of time each record is displayed in a full format display /SELECT Specifies the criteria for selecting records /SINCE Indicates that the utility must operate on records dated with the specified time or after the specified time /SUMMARY Specifies that a summary of the selected records be produced after all records are processed 3 /BEFORE Controls whether records dated earlier than the specified time are selected. Format /BEFORE[=time] /NOBEFORE time Specifies the time used to select records. Records dated earlier than the specified time are selected. You can specify an absolute time, delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual. 4 Examples 1.$ ANALYZE/AUDIT /BEFORE=25-NOV-2005 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records dated earlier than November 25, 2005. 2.$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records generated between noon and 2 P.M. today. 3 /BINARY Controls whether output is a binary file. Format /BINARY /NOBINARY 4 Example $ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT05.AUDIT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all audit records generated today and writes the records in binary format to 25OCT05.AUDIT. 3 /BRIEF Controls whether a brief, single-line record format is used in ASCII displays. Format /BRIEF (default) 4 Example $ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example produces an ASCII file in brief format by default. The report is written to the AUDIT.LIS file. 3 /EVENT_TYPE Selects the classes of events to be extracted from the security log file. If you omit the qualifier or specify the ALL keyword, the utility includes all enabled event classes in the report. Format /EVENT_TYPE=(event-type[,...]) event type[,...] Specifies the classes of events used to select records. You can specify any of the following event types: [NO]ACCESS Access to an object, such as a file [NO]ALL All event types [NO]AUDIT Use of the SET AUDIT command [NO]AUTHORIZATION Change to the authorization database (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT) [NO]BREAKIN Break-in detection [NO]CONNECTION Establishment of a network connection through the System Management utility (SYSMAN), DECwindows, or interprocess communication (IPC) software [NO]CREATE Creation of an object [NO]DEACCESS Completion of access to an object [NO]DELETE Deletion of an object [NO]INSTALL Modification of the known file list with the Install utility (INSTALL) [NO]LOGFAIL Unsuccessful login attempt [NO]LOGIN Successful login [NO]LOGOUT Successful logout [NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT [NO]NCP Modification of the DECnet network configuration databases [NO]NETPROXY Modification of the network proxy authorization file (NETPROXY.DAT or NET$PROXY.DAT) [NO]PRIVILEGE Privilege auditing [NO]PROCESS Use of one or more of the process control system services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID, $GETJPI, $FORCEX, $SETPRI [NO]RIGHTSDB Modification of the rights database (RIGHTSLIST.DAT) [NO]SYSGEN Modification of system parameters through the System Generation utility (SYSGEN) or AUTOGEN [NO]SYSUAF Modification of the system user authorization file (SYSUAF.DAT) [NO]TIME Change in system or cluster time Specifying the negated form of an event class (for example, NOLOGFAIL) excludes the specified event class from the audit report. 4 Examples 1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example extracts all records of unsuccessful login attempts, which match the LOGFAIL class, and compiles a brief report. 2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example builds a report in brief format of all audit records except those in the LOGIN and LOGOUT event classes. 3 /FULL Controls whether a full format is used in ASCII displays. If you specify /NOFULL or omit the qualifier, records are displayed in the brief format. Format /FULL /NOFULL (default) 4 Example $ ANALYZE/AUDIT /FULL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example displays the full contents of each selected record. 3 /IGNORE Excludes records from the report that match the specified criteria. Format /IGNORE=criteria[,...] criteria[,...] Specifies that all records are selected except those matching any of the specified exclusion criteria. See the /SELECT qualifier description for a list of the possible criteria to use with the /IGNORE qualifier. 3 /INTERACTIVE Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked. Format /INTERACTIVE (default) /NOINTERACTIVE 4 Examples 1.$ ANALYZE/AUDIT/FULL - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example produces a full format display of the selected records. New records are displayed every 3 seconds. (See the /PAUSE qualifier description to find how to modify the duration of each record display.) Press Ctrl/C to interrupt the display and to enter interactive commands. 2.$ ANALYZE/AUDIT/FULL/NOINTERACTIVE - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example invokes the utility in noninteractive mode. It displays the first record selected and prompts you to press the Return key to display each additional selected record. Control returns to the DCL command level when all selected records have been displayed. 3 /OUTPUT Specifies where to direct output from ANALYZE/AUDIT. If you omit the qualifier, the report is sent to SYS$OUTPUT. Format /OUTPUT[=file-spec] /NOOUTPUT file-spec[,...] Specifies the name of the file that is to contain the selected records. If you omit the device and directory specification, the utility uses the current device and directory specification. If you omit the file name and type, the default file name AUDIT.LIS is used. If the output is binary (/BINARY) and you omit the /OUTPUT qualifier, the binary information is written to the file AUDIT.AUDIT$JOURNAL. 4 Example $ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects audit records from the system audit log file and writes them to the binary file BIN122588.DAT. 3 /PAUSE Specifies the length of time each record is displayed in a full- format display. Format /PAUSE=seconds seconds Specifies the duration (in seconds) of the full-screen display. A value of 0 specifies that the system should not pause before displaying the next record. By default, the utility displays a record for 3 seconds. 4 Example $ ANALYZE/AUDIT /FULL/PAUSE=1 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example displays a selected record in full format every second. You can interrupt the display and enter interactive commands at any time by pressing Ctrl/C. 3 /SELECT Specifies the criteria for selecting records from the audit log file. For a description of how to generate audit records, see the HP OpenVMS Guide to System Security. Format /SELECT=criteria[,...] /NOSELECT criteria[,...] Specifies the criteria for selecting records. For each specified criterion, ANALYZE/AUDIT has two selection requirements: o The packet corresponding to the criterion must be present in the record. o One of the specified values must match the value in that packet. For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as the criteria, ANALYZE/AUDIT selects an event record containing the SYSTEM=DBASE packet and a USER packet with either the PUTNAM value or the WU value. If you omit the /SELECT qualifier, all event records selected through the /EVENT_TYPE qualifier are extracted from the audit log file and included in the report. You can specify any of the following criteria: 4 ACCESS ACCESS=(type,...) Specifies the type of object access upon which the selection is based. Access is object-specific and includes the following types: Associate Execute Read Control Lock Submit Create Logical Use Delete Manage Write Physical The HP OpenVMS Guide to System Security describes each of these types. 4 ACCOUNT ACCOUNT=(name,...) Specifies the account name upon which selection is based. You can use wildcards, such as an asterisk (*) or percent sign (%), to represent all or part of the name. 4 ACCOUNT ACCOUNT=(name,...) Specifies the alarm journal name on which selection is based. You can use wildcards to represent all or part of the alarm name. 4 ASSOCIATION_NAME ASSOCIATION_NAME=(IPC-name,...) Specifies the name of the interprocess communication (IPC) association. 4 AUDIT_NAME AUDIT_NAME=(journal-name,...) Specifies the audit journal name on which selection is based. You can use wildcards to represent all or part of the audit journal name. 4 COMMAND_LINE COMMAND_LINE=(command,...) Specifies the command line that the user entered. 4 CONNECTION_IDENTIFICATION CONNECTION_IDENTIFICATION=(IPC-name,...) Specifies the name for the interprocess communication (IPC) connection. 4 DECNET_LINK_IDENTIFICATION DECNET_LINK_IDENTIFICATION=(value,...) Specifies the number of the DECnet logical link. 4 DECNET_OBJECT_NAME DECNET_OBJECT_NAME=(object-name,...) Specifies the name of the DECnet object. 4 DECNET_OBJECT_NUMBER DECNET_OBJECT_NUMBER=(value,...) Specifies the number of the DECnet object. 4 DEFAULT_USERNAME DEFAULT_USERNAME=(username,...) Specifies the default local user name for incoming network proxy requests. 4 DEVICE_NAME DEVICE_NAME=(device-name,...) Specifies the name of a device in audit records that have a DEVICE_NAME packet. Note that this does not select the device name when it occurs in other packet types, such as in a file name or in the TARGET_DEVICE_NAME packet. 4 DIRECTORY_ENTRY DIRECTORY_ENTRY=(directory,...) Specifies the directory entry associated with file system operation. 4 DIRECTORY_NAME DIRECTORY_NAME=(directory,...) Specifies the name of the directory file. 4 DISMOUNT_FLAGS DISMOUNT_FLAGS=(flag-name,...) Identifies the names of the volume dismounting flags to be used in selecting records. Specify one or more of the following flag names: Abort, Cluster, Nounload, and Unit. 4 EVENT_CLUSTER_NAME EVENT_CLUSTER_NAME=(event-flag-cluster-name,...) Specifies the name of the event flag cluster. 4 FACILITY FACILITY=(facility-name,...) Specifies that only events audited by the named facility be selected. Provide a name or a number but, in either case, the facility has to be defined through the logical AUDSERV$FACILITY_ NAME as a decimal number; the system uses the number 0. 4 FIELD_NAME FIELD_NAME=(field-name,...) Specifies the name of the field that was modified. ANALYZE/AUDIT uses the FIELD_NAME criterion with packets containing the original data and the new data (specified by the NEW_DATA criterion). A FIELD_NAME is a character string that describes the content of the field. A search for "NEW:" in a full audit report will display records that contain the FIELD_NAME values that can be specified for this option. Examples of FIELD_NAME values are Account, Default Directory, Flags, and Password Date. For sensitive information, see SENSITIVE_FIELD_NAME. 4 FILE_NAME FILE_NAME=(file-name) Specifies the name of the file that caused the audit. Describes audit records for the specified file by using a slightly different display format than is provided by the /OBJECT=NAME=object-name keyword. 4 FILE_IDENTIFICATION FILE_IDENTIFICATION=(identification-value) Specifies the value of the file's identification. To calculate the value, start with the value listed for File ID when you use the FILE_NAME keyword. For example, the display lists the File ID as: File ID: (3024,5,0) Use the following formula to calculate the value: (((0 * 65536) + 5)* 65536) + 3024 = 330704 4 FLAGS FLAGS=(flag-name,...) Identifies the names of the audit event flags associated with the audited event. These names should be used in selecting records. Specify one or more of the following flags: ACL, Alarm, Audit, Flush, Foreign, Internal, and Mandatory. 4 HOLDER HOLDER=keyword(,...) Specifies the characteristics of the identifier holder to be used when selecting event records. Choose from the following keywords: NAME=username Specifies the name of the holder. You can represent all or part of the name with a wildcard. OWNER=uic Specifies the user identification code (UIC) of the holder. 4 IDENTIFIER IDENTIFIER=keyword(,...) Identifies which attributes of an identifier should be used when selecting event records. Choose from the following keywords: ATTRIBUTES=name Specifies the name of the particular attribute. Valid attribute names are as follows: Dynamic, Holder_Hidden, Name_ Hidden, NoAccess, Resource, and Subsystem. NAME=identifier Specifies the original name of the identifier. You can represent all or part of the name with a wildcard. NEW_NAME=identifier Specifies the new name of the identifier. You can represent all or part of the name with a wildcard. NEW_ATTRIBUTES=name Specifies the name of the new attribute. Valid attribute names are Dynamic, Holder_ Hidden, Name_Hidden, NoAccess, Resource, and Subsystem. VALUE=value Specifies the original value of the identifier. NEW_VALUE=value Specifies the new value of the identifier. 4 IDENTIFIERS_MISSING IDENTIFIERS_MISSING=(identifier,...) Specifies the identifiers missing in a failure to access an object. 4 IDENTIFIERS_USED IDENTIFIERS_USED=(identifier,...) Specifies the identifiers used to gain access to an object. An event record matches if the specified list is a subset of the identifiers recorded in the event record. 4 IMAGE_NAME IMAGE_NAME=(image-name,...) Identifies the name of the image to be used when selecting event records. You can represent all or part of the image name with a wildcard. 4 INSTALL INSTALL=keyword(,...) Specifies that installation event packets are to be considered when selecting event records. Choose from the following keywords: FILE=filename Specifies the name of the installed file. You can represent all or part of the name with a wildcard. Note that on Alpha systems prior to Version 6.1, audit log files record the installed file name within an object name packet. To select the installed file, you must use the expression OBJECT=(NAME=object-name) instead of FILE=filename. FLAGS=flag-name Specifies the names of the flags, which correspond to qualifiers of the Install utility (INSTALL); for example, OPEN corresponds to /OPEN. PRIVILEGES=privilege- Specifies the names of the privileges with name which the file was installed. 4 LNM_PARENT_NAME LNM_PARENT_NAME=(table-name,...) Specifies the name of the parent logical name table. 4 LNM_TABLE_NAME LNM_TABLE_NAME=(table-name,...) Specifies the name of the logical name table. 4 LOCAL LOCAL=(characteristic,...) Specifies the characteristics of the local (proxy) account to be used when selecting event records. The following characteristic is supported: USERNAME=username Specifies the name of the local account. You can represent all or part of the name with a wildcard. 4 LOGICAL_NAME LOGICAL_NAME=(logical-name,...) Specifies the logical name of the mounted (or dismounted) volume upon which selection is based. You can represent all or part of the logical name with a wildcard. 4 MAILBOX_UNIT MAILBOX_UNIT=(number,...) Specifies the number of the mailbox unit. 4 MOUNT_FLAGS MOUNT_FLAGS=(flag-name,...) Specifies the names of the volume mounting flags upon which selection is based. Possible flag names include the following names: CACHE=(NONE,WRITETHROUGH) CDROM CLUSTER COMPACTION DATACHECK=(READ,WRITE) DSI FOREIGN GROUP INCLUDE INITIALIZATION=(ALLOCATE,CONTINUATION) MESSAGE NOASSIST NOAUTOMATIC NOCOMPACTION NOCOPY NOHDR3 NOJOURNAL NOLABEL NOMOUNT_VERIFICATION NOQUOTA NOREBUILD NOUNLOAD NOWRITE { ACCESSIBILITY } { EXPIRATION } { IDENTIFICATION } { } { LIMITED_SEARCH } OVERRIDE=(options[,...]) { LOCK } { NO_FORCED_ERROR } { } { OWNER_IDENTIFIER } { SECURITY } { SETID } { } POOL QUOTA SHARE SUBSYSTEM SYSTEM TAPE_DATA_WRITE XAR The names NOLABEL and FOREIGN each point to the FOREIGN flag. The reason for this is that the MOUNT/NOLABEL and MOUNT/FOREIGN commands each set the FOREIGN flag. Therefore, if you used MOUNT/NOLABEL, and you use ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will display the FOREIGN flag. 4 NEW_DATA NEW_DATA=(value,...) Specifies the value to use after the event occurs. Use this criterion with the FIELD_NAME criterion. When you use the Authorize utility (AUTHORIZE) to copy a user name, NEW_DATA specifies the newly created user name. For sensitive information, see SENSITIVE_NEW_DATA. 4 NEW_IMAGE_NAME NEW_IMAGE_NAME=(image-name,...) Specifies the name of the image to be activated in the newly created process, as supplied to the $CREPRC system service. 4 NEW_OWNER NEW_OWNER=(uic,...) Specifies the user identification code (UIC) to be assigned to the created process, as supplied to the $CREPRC system service. 4 OBJECT OBJECT=keyword(,...) Specifies which characteristics of an object should be used when selecting event records. Choose any of the following keywords: CLASS=class-name Specifies the general object class as one of the following classes: Capability Device Event_cluster File Group_global_section Logical_name_table Queue Resource_domain Security_class System_global_section Volume You must enter the full class name (for example, CLASS=logical_name_table) or use wildcard characters to supply a portion of the class name (for example, CLASS=log*). NAME=object-name Specifies the name of the object. You can represent all or part of the name with a wildcard. If you do not use a wildcard, specify the full object name (for example, BOSTON$DUA0:[RWOODS]MEMO.MEM;1). OWNER=value Specifies the UIC or general identifier of the object. TYPE=type Specifies the general object class (type of object). The available classes are as follows: Capability Device File Group_global_section Logical_name_table Queue System_global_section The CLASS keyword supersedes the TYPE keyword. However, TYPE is required to select audit records in files created prior to OpenVMS Alpha Version 6.1. 4 PARENT PARENT=keyword(,...) Specifies which characteristics of the parent process are used when selecting event records generated by a subprocess. Choose from the following keywords: IDENTIFICATION=value Specifies the process identifier (PID) of the parent process. NAME=process-name Specifies the name of the parent process. You can represent all or part of the name with a wildcard. OWNER=value Specifies the owner (identifier value) of the parent process. USERNAME=username Specifies the user name of the parent process. You can represent all or part of the name with a wildcard. 4 PASSWORD PASSWORD=(password,...) Specifies the password used when the system detected a break-in attempt. 4 PRIVILEGES_MISSING PRIVILEGES_MISSING=(privilege-name,...) Specifies privileges the caller needed to perform the operation successfully. Specify any of the system privileges, as described in the HP OpenVMS Guide to System Security. 4 PRIVILEGES_USED PRIVILEGES_USED=(privilege-name,...) Specifies the privileges of the process to be used when selecting event records. Specify any of the system privileges, as described in the HP OpenVMS Guide to System Security. Also include the STATUS keyword in the selection criteria so the report can demonstrate whether the privilege was involved in a successful or an unsuccessful operation. 4 PROCESS PROCESS=(characteristic,...) Specifies the characteristics of the process to be used when selecting event records. Choose from the following characteristics: IDENTIFICATION=value Specifies the PID of the process. NAME=process-name Specifies the name of the process. You can represent all or part of the name with a wildcard. 4 REMOTE REMOTE=keyword(,...) Specifies that some characteristic of the network request is to be used when selecting event records. Choose from the following keywords: ASSOCIATION_NAME=IPC-name Specifies the interprocess communication (IPC) association name. LINK_IDENTIFICATION=value Specifies the number of the DECnet logical link. IDENTIFICATION=value Specifies the DECnet node address. NODENAME=node-name Specifies the DECnet node name. You can represent all or part of the name with a wildcard. USERNAME=username Specifies the remote user name. You can represent all or part of the remote user name with a wildcard. 4 REQUEST_NUMBER REQUEST_NUMBER=(value,...) Specifies the request number associated with the DCL command REQUEST/REPLY. 4 SECTION_NAME SECTION_NAME=(global-section-name,...) Specifies the name of the global section. 4 SENSITIVE_FIELD_NAME SENSITIVE_FIELD_NAME=(field-name,...) Specifies the name of the field that was modified. ANALYZE/AUDIT uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with packets containing the original data and the new data (specified by the SENSITIVE_NEW_DATA criterion). 4 SENSITIVE_NEW_DATA SENSITIVE_NEW_DATA=(value,...) Specifies the value to use after the event occurs. Use this criterion with the SENSITIVE_FIELD_NAME criterion. 4 SNAPSHOT_BOOTFILE SNAPSHOT_BOOTFILE=(filename,...) Specifies the name of the file containing a snapshot of the system. 4 SNAPSHOT_SAVE_FILENAME SNAPSHOT_SAVE_FILENAME=(filename,...) Specifies the name of the system snapshot file for a save operation that is in progress. 4 STATUS STATUS=(type,...) Specifies the type of success status to be used when selecting event records. Choose from the following status types: SUCCESSFUL Specifies any success status. FAILURE Specifies any failure status. CODE=(value) Specifies a specific completion status. Note that if you specify CODE more than once, only the last value is matched. 4 SUBJECT_OWNER SUBJECT_OWNER=(uic,...) Specifies the owner (UIC) of the process causing the event. 4 SUBTYPE SUBTYPE=(subtype,...) Specifies that the criteria be limited to the value or values specified as a subtype. The following table lists events and their related subtypes. After SUBTYPE, enter the subtypes as they appear in the list-for example, SUBTYPE=ALARM_STATE. (In other words, do not enter a prefix.) Symbols for Event Types and Subtypes Meaning NSA$C_MSG_AUDIT Systemwide change to auditing ALARM_STATE Events enabled as alarms AUDIT_DISABLED Audit events disabled AUDIT_ENABLED Audit events enabled AUDIT_INITIATE Audit server startup AUDIT_LOG_FIRST First entry in audit log (backward link) AUDIT_LOG_FINAL Final entry in audit log (forward link) AUDIT_STATE Events enabled as audits AUDIT_TERMINATE Audit server shutdown SNAPSHOT_ABORT* System snapshot attempt has aborted SNAPSHOT_ACCESS* Snapshot file access/deaccess SNAPSHOT_SAVE* System snapshot save in progress SNAPSHOT_STARTUP* System booted from a snapshot file * Obsolete as of OpenVMS Version 7.1 NSA$C_MSG_BREAKIN Break-in attempt detected BATCH Batch process DETACHED Detached process DIALUP Dialup interactive process LOCAL Local interactive process NETWORK Network server task REMOTE Interactive process from another network node SUBPROCESS Subprocess NSA$C_MSG_CONNECTION Logical link connection or termination CNX_ABORT Connection aborted CNX_ACCEPT Connection accepted CNX_DECNET_CREATE DECnet logical link created CNX_DECNET_DELETE DECnet logical link disconnected CNX_DISCONNECT Connection disconnected CNX_INC_ABORT Incoming connection request aborted CNX_INC_ACCEPT Incoming connection request accepted CNX_INC_DISCONNECT Incoming connection disconnected CNX_INC_REJECT Incoming connection request rejected CNX_INC_REQUEST Incoming connection request CNX_IPC_CLOSE Interprocess communication association closed CNX_IPC_OPEN Interprocess communication association opened CNX_REJECT Connection rejected CNX_REQUEST Connection requested NSA$C_MSG_INSTALL Use of the Install utility (INSTALL) INSTALL_ADD Known image installed INSTALL_REMOVE Known image deleted NSA$C_MSG_LOGFAIL Login failure See subtypes for NSA$C_MSG_BREAKIN NSA$C_MSG_LOGIN Successful login See subtypes for NSA$C_MSG_BREAKIN NSA$C_MSG_LOGOUT Successful logout See subtypes for NSA$C_MSG_BREAKIN NSA$C_MSG_MOUNT Volume mount or dismount VOL_DISMOUNT Volume dismount VOL_MOUNT Volume mount NSA$C_MSG_NCP Modification to network configuration database NCP_COMMAND Network Control Program (NCP) command issued NSA$C_MSG_NETPROXY Modification to network proxy database NETPROXY_ADD Record added to network proxy authorization file NETPROXY_DELETE Record removed from network proxy authorization file NETPROXY_MODIFY Record modified in network proxy authorization file NSA$C_MSG_OBJ_ACCESS Object access attempted OBJ_ACCESS Access attempted to create, delete, or deaccess an object NSA$C_MSG_OBJ_CREATE Object creation attempted OBJ_CREATE Access attempted to create an object NSA$C_MSG_OBJ_DEACCESS Object deaccessed OBJ_DEACCESS Attempt to complete access to an object NSA$C_MSG_OBJ_DELETE Object deletion attempted OBJ_DELETE Object deletion attempted NSA$C_MSG_PROCESS Process controlled through a system service PRC_CANWAK Process wakeup canceled PRC_CREPRC Process created PRC_DELPRC Process deleted PRC_FORCEX Process exit forced PRC_GETJPI Process information gathered PRC_GRANTID Process identifier granted PRC_RESUME Process resumed PRC_REVOKID Process identifier revoked PRC_SCHDWK Process wakeup scheduled PRC_SETPRI Process priority altered PRC_SIGPRC Process exception issued PRC_SUSPND Process suspended PRC_TERM Process termination notification requested PRC_WAKE Process wakeup issued NSA$C_MSG_PRVAUD Use of privilege PRVAUD_FAILURE Unsuccessful use of privilege PRVAUD_SUCCESS Successful use of privilege NSA$C_MSG_RIGHTSDB Modification to the rights database RDB_ADD_ID Identifier added to rights database RDB_CREATE Rights database created RDB_GRANT_ID Identifier granted to user RDB_MOD_HOLDER List of identifier holders modified RDB_MOD_ID Identifier name or attributes modified RDB_REM_ID Identifier removed from rights database RDB_REVOKE_ID Identifier taken away from user NSA$C_MSG_SYSGEN Use of the System Generation utility (SYSGEN) SYSGEN_SET System parameter modified NSA$C_MSG_SYSTIME Modification to system time SYSTIM_SET System time set SYSTIM_CAL System time calibrated NSA$C_MSG_SYSUAF Modification to system user authorization file (SYSUAF) SYSUAF_ADD Record added to system user authorization file SYSUAF_COPY Record added to system user authorization file SYSUAF_DELETE Record deleted from system user authorization file SYSUAF_MODIFY Record modified in system user authorization file SYSUAF_RENAME Record renamed in system user authorization file 4 SYSTEM SYSTEM=keyword(,...) Specifies the characteristics of the system to be used when selecting event records. Choose from the following keywords: IDENTIFICATION=value Specifies the numeric identification of the system. NAME=nodename Specifies the node name of the system. 4 SYSTEM_SERVICE_NAME SYSTEM_SERVICE_NAME=(service-name,...) Specifies the name of the system service associated with the event. 4 TARGET_DEVICE_NAME TARGET_DEVICE_NAME=(device-name,...) Specifies the target device name used by a process control system service. 4 TARGET_PROCESS_IDENTIFICATION TARGET_PROCESS_IDENTIFICATION=(value,...) Specifies the target process identifier (PID) used by a process control system service. 4 TARGET_PROCESS_NAME TARGET_PROCESS_NAME=(process-name,...) Specifies the target process name used by a process control system service. 4 TARGET_PROCESS_OWNER TARGET_PROCESS_OWNER=(uic,...) Specifies the target process owner (UIC) used by a process control system service. 4 TARGET_USERNAME TARGET_USERNAME=(username,...) Specifies the target user name used by a process control system service. 4 TERMINAL TERMINAL=(device-name,...) Specifies the name of the terminal to be used when selecting event records. You can represent all or part of the terminal name with a wildcard. 4 TRANSPORT_NAME TRANSPORT_NAME=(transport-name,...) Specifies the name of the transport: interprocess communication (IPC) or System Management Integrator (SMI), which handles requests from the System Management utility. On VAX systems, it also can specify the DECnet transport name (NSP). 4 UAF_SOURCE UAF_SOURCE=(record-name,...) Specifies the user name of the source record for an Authorize utility (AUTHORIZE) add, modify, or delete operation. 4 USERNAME USERNAME=(username,...) Specifies the user name to be used when selecting event records. You can represent all or part of the user name with a wildcard. 4 VOLUME_NAME VOLUME_NAME=(volume-name,...) Specifies the name of the mounted (or dismounted) volume to be used when selecting event records. You can represent all or part of the volume name with a wildcard. 4 VOLUME_SET_NAME VOLUME_SET_NAME=(volume-set-name,...) Specifies the name of the mounted (or dismounted) volume set to be used when selecting event records. You can represent all or part of the volume set name with a wildcard. 4 Examples 1.$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records written to the security audit log file that were generated by user JOHNSON. 2.$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,- _$ BYPASS) SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects all records written to the security audit log file that were generated by events through the use of either SYSPRV or BYPASS privilege. 3 /SINCE Indicates the utility must operate on records dated with the specified time or after the specified time. Format /SINCE[=time] /NOSINCE time Specifies the time used to select records. Records dated the same or later than the specified time are selected. You can specify an absolute time, a delta time, or a combination of the two. Observe the syntax rules for date and time described in the OpenVMS User's Manual. If you specify /SINCE without the time, the utility uses the beginning of the current day. 4 Examples 1.$ ANALYZE/AUDIT /SINCE=25-NOV-2005 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects records dated later than November 25, 2005. 2.$ ANALYZE/AUDIT /SINCE=25-NOV-2005:15:00 - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example selects records written after 3 P.M. on November 25, 2005. 3 /SUMMARY Specifies that a summary of the selected records be produced after all records are processed. Note that the /SUMMARY qualifier code is executed after the Audit Analyzer is finished, that is, after all the records to be analyzed have been collected and processed. When you specify the /INTERACTIVE qualifier (which is the default), the Audit Analyzer never reaches the finished state because /INTERACTIVE prompts you repeatedly to enter another command (which might result in a new set of records to be analyzed). To use the /SUMMARY qualifier, you must also specify /NOINTERACTIVE, which ensures that the Audit Analyzer reaches the finished state that allows the SUMMARY code to be executed and to display the proper information. In a future version of OpenVMS, the Audit Analyzer will return an error when /SUMMARY and /INTERACTIVE are specified together. You can use the /SUMMARY qualifier alone or in combination with the /BRIEF, the /BINARY, or the /FULL qualifier. Format /SUMMARY=presentation /NOSUMMARY presentation Specifies the presentation of the summary. If you do not specify a presentation criterion, ANALYZE/AUDIT summarizes the number of audits. You can specify either of the following presentations: COUNT Lists the total number of audit messages for each class of security event that have been extracted from the security audit log file. This is the default. PLOT Displays a plot showing the class of the audit event, the time of day when the audit was generated, and the name of the system where the audit was generated. 4 Examples 1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example generates a summary report of all records processed. Total records read: 9701 Records selected: 9701 Record buffer size: 1031 Successful logins: 542 Object creates: 1278 Successful logouts: 531 Object accesses: 3761 Login failures: 35 Object deaccesses: 2901 Breakin attempts: 2 Object deletes: 301 System UAF changes: 10 Volume (dis)mounts: 50 Rights db changes: 8 System time changes: 0 Netproxy changes: 5 Server messages: 0 Audit changes: 7 Connections: 0 Installed db changes: 50 Process control audits: 0 Sysgen changes: 9 Privilege audits: 91 NCP command lines: 120 2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL The command in this example generates a full format listing of all logged audit messages that match the break-in or log failure event classes. A summary report is included at the end of the listing. 3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT - _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL This command generates a histogram that you can display on a character-cell terminal. 2 /CRASH_DUMP Invokes SDA to analyze the specified dump file. Format: /CRASH_DUMP [filespec] filespec Name of the file that contains the dump you want to analyze. If no filespec is given on an ANALYZE/CRASH_DUMP command, the default is the highest version of SYS$SYSTEM:SYSDUMP.DMP. If this file does not exist, SDA prompts you for a file name. If any field of filespec is given, the remaining fields default to the highest version of SYSDUMP.DMP in your default directory. 3 /COLLECTION Valid for Alpha and Integrity server systems only. Indicates to SDA that the file ID translation data or unwind data is to be found in a separate file. Format: /COLLECTION = collection-file-name collection-file-name You must specify at least one field of the collection file name. Other fields default to the highest generation of the same filename and location as the dump file, with a file type of .COLLECT. For details, refer to the HP OpenVMS System Analysis Tools Manual. 3 /OVERRIDE Valid for Alpha and Integrity server systems only. Invokes SDA to analyze only the structure of the specified dump file when a corruption or other problem prevents normal invocation of SDA with the ANALYZE/CRASH_DUMP command. Format: /CRASH_DUMP/OVERRIDE [filespec] Commands that can be used when SDA is invoked with /OVERRIDE are as follows: o Output control commands such as SET OUTPUT and SET LOG o Dump file related commands such as SHOW DUMP and CLUE ERRLOG You cannot use commands that access memory addresses within the dump file such as EXAMINE and SHOW SUMMARY 4 Examples $ ANALYZE/CRASH_DUMP/OVERRIDE SYS$SYSTEM:SYSDUMP.DMP $ ANALYZE/CRASH/OVERRIDE SYS$SYSTEM These commands invoke SDA to analyze the crash dump stored in SYS$SYSTEM:SYSDUMP.DMP. 3 /RELEASE Invokes SDA to release those blocks in the specified system paging file occupied by a crash dump. Requires CMKRNL (change-mode-to-kernel) privilege. Format: /CRASH_DUMP/RELEASE filespec Use the /RELEASE qualifier to release from the system paging file those blocks occupied by a crash dump. Be aware that when you use the /RELEASE qualifier, SDA immediately deletes the dump from the paging file and allows you no opportunity to analyze its contents. When you specify the /RELEASE qualifier in the ANALYZE command, include the name of the system paging file (SYS$SYSTEM:PAGEFILE.SYS) as the filespec. If you do not specify the system paging file or the specified paging file does not contain a dump, SDA displays one of the following messages: %SDA-E-BLKSNRLSD, no dump blocks in page file to release, or no page file %SDA-E-NOTPAGFIL, specified file is not the page file 4 Examples $ ANALYZE/CRASH_DUMP/RELEASE SYS$SYSTEM:PAGEFILE.SYS $ ANALYZE/CRASH_DUMP/RELEASE PAGEFILE.SYS These commands invoke SDA to release to the page file those blocks in SYS$SYSTEM:PAGEFILE.SYS occupied by a crash dump. 3 /SHADOW_MEMBER Valid for Alpha and Integrity server systems only. Specifies which member of a shadow set contains the system dump to be analyzed, or allows the user to determine what system dumps have been written to the members of the shadow set. Format: /CRASH_DUMP/SHADOW_MEMBER [filespec] 3 /SYMBOL Specifies an alternate system symbol table for SDA to use, for example, if you want to analyze a crash dump taken on a processor running a different version of OpenVMS. /SYMBOL is ignored if it is specified with /OVERRIDE or /RELEASE. Format: /SYMBOL = system-symbol-table system-symbol-table The file specification of the SDA system symbol table required by SDA to analyze a system dump. The specified system-symbol-table must contain those symbols required by SDA to find certain locations in the executive image. If you do not specify the /SYMBOL qualifier, SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the SDA symbol table. When you specify the /SYMBOL qualifier, SDA assumes the default disk and directory to be SYS$DISK:[ ], that is, the disk and directory specified in your last DCL command SET DEFAULT. If you specify a file for this parameter that is not a system symbol table, SDA exits with a fatal error. 4 Examples $ ANALYZE/CRASH_DUMP/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM This command invokes SDA to analyze the crash dump stored in SYS$SYSTEM:SYSDUMP.DMP, using the base image in SDA$READ_DIR. 2 /DISK_STRUCTURE The Analyze/Disk_Structure utility checks the readability and validity of Files-11 Structure Levels 1, 2, and 5 disk volumes, and reports errors and inconsistencies. You can detect most classes of errors by invoking the utility once and using its defaults. Format ANALYZE/DISK_STRUCTURE device-name:[/qualifier] 3 Parameter device-name Specifies the disk volume or volume set to be verified. If you specify a volume set, all volumes of the volume set must be mounted as Files-11 volumes. For information about the Mount utility, refer to the OpenVMS System Management Utilities Reference Manual. 3 Qualifiers Qualifier Description /CONFIRM Determines whether ANALYZE/DISK_STRUCTURE prompts you to confirm each repair /HOMEBLOCKS Erases damaged home blocks on an initialized volume /LIST[=filespec] Determines whether ANALYZE/DISK_STRUCTURE produces a listing of the index file /LOCK_VOLUME (Alpha/I64 only) Prevents updates to a volume while you are analyzing it /OUTPUT[=filespec] Specifies the output file to which ANALYZE/DISK_STRUCTURE writes the disk structure errors /READ_CHECK Determines whether ANALYZE/DISK_STRUCTURE performs a read check of all allocated blocks on the specified disk /RECORD_ Determines whether ANALYZE/DISK_STRUCTURE ATTRIBUTES repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT) /REPAIR Determines whether ANALYZE/DISK_STRUCTURE repairs errors that are detected in the file structure of the specified device /SHADOW Causes the entire contents of a shadow set or a specified range of blocks in a shadow set to be checked for discrepancies. /STATISTICS Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics /USAGE[=filespec] Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of ANALYZE/DISK_STRUCTURE 3 /CONFIRM Determines whether the Analyze/Disk_Structure utility prompts you to confirm each repair. If you respond with Y or YES, the utility performs the repair. Otherwise, the repair is not performed. Format /CONFIRM /NOCONFIRM 3 /HOMEBLOCKS Erases home blocks from a volume whose home blocks were not deleted during previous initialization operations. Format /HOMEBLOCKS 3 /LIST Determines whether the Analyze/Disk_Structure utility produces a listing of the index file. Format /LIST[=filespec] /NOLIST 3 /LOCK_VOLUME Prevents updates to a volume while you are analyzing it. Format /LOCK_VOLUME /NOLOCK_VOLUME 3 /OUTPUT Specifies the output file to which the Analyze/Disk_Structure utility is to write the disk structure errors. Format /OUTPUT[=filespec] /NOOUTPUT[=filespec] 3 /READ_CHECK Determines whether the Analyze/Disk_Structure utility performs a read check of all allocated blocks on the specified disk. When the Analyze/Disk_Structure utility performs a read check, it reads the disk twice; this ensures that it reads the disk correctly. The default is /NOREAD_CHECK. Format /READ_CHECK /NOREAD_CHECK 3 /RECORD_ATTRIBUTES Determines whether the Analyze/Disk_Structure utility repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT). Format /RECORD_ATTRIBUTES 3 /REPAIR Determines whether the Analyze/Disk_Structure utility repairs errors that are detected in the file structure of the specified device. Format /REPAIR /NOREPAIR 3 /SHADOW Examines the entire contents of a shadow set or a specified range of blocks in a shadow set for discrepancies. Format /SHADOW 4 Qualifiers /BLOCKS /BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL} Directs the system to compare only the range specified. The options are the following: START:n Number of the first block to be analyzed. The default is the first block. COUNT:x Number of blocks to be analyzed. You can use this option in combination with or instead of the END option. END:y Number of the last block to be analyzed. The default is the last block of the volume. FILE_ Blocks currently in use by valid files on the disk. SYSTEM This is the default. ALL All blocks on the disk. You can specify START,END,COUNT and either ALL or FILE_SYSTEM. For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL), the software checks the first 100 blocks on the disk, whether or not the file system is using them. If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the software checks only those blocks that valid files on the disk are using. /BRIEF Displays only the logical block number (LBN) if the data in a block is found to be different. Without this qualifier, if differences exist for an LBN, the hexadecimal data of that block will be displayed for each member. /IGNORE /IGNORE [NO]IGNORE Ignore "special" files that are likely to have some blocks with different data. These differences, however, are not unusual and can, therefore, be ignored. Other special files are the following: SWAPFILE*.* PAGEFILE*.* SYSDUMP.DMP SYS$ERRLOG.DMP IGNORE is the default. /OUTPUT /OUTPUT=filename Output the information to the specified file. /STATISTICS Display only the file header and footer. The best use of this qualifier is with the /OUTPUT qualifier. 3 /STATISTICS Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per- volume statistics. Format /STATISTICS 3 /USAGE Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of the Analyze/Disk_ Structure utility. Format /USAGE[=filespec] 2 /ERROR_LOG You must specify /ERROR_LOG/ELV to access the Error Log Viewer (ELV). This utility is used with error logs written on systems running OpenVMS Version 7.3 and later. /ERROR_LOG (without /ELV) invokes the Error Log Report Formatter (ERF), a utility that is no longer supported, but which may be useful for error logs written on systems running OpenVMS versions older than Version 7.2. (It is available only on Alpha and VAX systems.) For documentation about ERF, refer to the Freeware website: http://h71000.www7.hp.com/openvms/freeware/ Before using ERF, you must convert error log files using ELV or the Binary Error Log Translation utility, which is part of DECevent. DECevent is no longer supported, but those who need it can download the software and related documentation from the Freeware website: http://h71000.www7.hp.com/openvms/freeware/ 3 /ELV Valid for Alpha and I64 systems only. Invokes the Error Log Viewer (ELV) to selectively report the contents of an error log file. You can execute ELV commands directly from DCL command level or from ELV's interactive shell mode. To invoke ELV, enter the following command: $ ANALYZE/ERROR_LOG/ELV The utility enters interactive shell mode and displays the ELV prompt: ELV> You can then enter an ELV command. After ELV executes the command, it again displays the ELV> prompt. To return directly to DCL, use the /NOINTERACTIVE qualifier. You can also enter an ELV command directly from DCL; for example: $ ANALYZE/ERROR_LOG/ELV TRANSLATE ERRLOG.SYS;42 After ELV executes the command, you are returned to the DCL prompt by default. To enter interactive shell mode after executing the command, use the /INTERACTIVE qualifier. 4 Categories_of_Events ELV recognizes several categories of events for inclusion in (or exclusion from) various operations. The first major separation is between valid and invalid events. Then, within the category of valid events are selected and rejected events. Explanations of these categories follow. o Valid Valid events can be read into an internal buffer; also, bit- to-text translation data can be produced for the header. For an event to be valid, the event body does not need to be translatable; in this case, the event is valid but untranslatable. - Selected A selected event is one that is of particular interest to you. You select events by using a selection qualifier: /ENTRY, /INCLUDE, /NODE, /SINCE, and /BEFORE. The events that are selected according to the selection criteria are included in or excluded from a report. - Rejected A rejected event is one that is not included in a report because the command line specifies one of the following: * An interval: /ENTRY, /SINCE, or /BEFORE * A filter: /INCLUDE, /EXCLUDE, /NODE, or /NONODE You can use the /REJECTED qualifier to include rejected events in a report. (By default, only selected events are included in a report.) o Invalid An invalid event is one that cannot be read into an internal buffer or whose header cannot be translated. You can use the ELV command DUMP/INVALID to output invalid events to an output dump file for further examination. 4 CONVERT Converts an error log file written in the newer format to an error log file written in the older format (that is read by ANALYZE/ERROR_LOG). This command is primarily used to enable translation of older error log events whose translation is not supported by ELV. Format CONVERT [input-file,...] 5 Parameter input-file Supplies one or more names of binary error log files to be converted to the older format. If you do not specify an input file name, the default input file name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file name, the default file name is ERRLOG. If you do not specify a file type, the default file type is .SYS. 5 Qualifiers /BEFORE /BEFORE=date-time Specifies that only those events dated earlier than the stated date and time are to be selected for the report. Date-time specifies that only those events dated earlier than the stated date and time are to be selected for the report. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS System Manager's Manual for details on specifying times. If you omit a date and time, TODAY is used. /ENTRY /ENTRY=keyword[,...] Generates a report that includes the specified entry range or starts at the specified entry number. You can specify one or both keywords: Keyword Description START:decimal-value Indicates the start of a range of entries in a report. END:decimal-value Indicates the end of a range of entries in a report. Usage Notes: o You can specify one or both of these parameters. If you specify both parameters, you must enclose them in parentheses. o If you specify /ENTRY without the entry range or omit the qualifier, the entry range defaults to START:1,END:end-of- file. /EXCLUDE /EXCLUDE=event-class[,...] Excludes the specified event class or classes from the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Exclude device attention entries from the report. BUGCHECKS Exclude all types of bugcheck entries from the report. CONFIGURATION Exclude system configuration entries from the report. CONTROL_ Exclude control entries from the report. Control ENTRIES entries include the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Exclude CPU-related entries from the report. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Exclude device error entries from the report. ERRORS ENVIRONMENTAL_ Exclude environmental entries from the report. ENTRIES MACHINE_ Exclude machine check entries from the report. CHECKS MEMORY Exclude memory errors from the report. SNAPSHOT_ Exclude snapshot entries from the report. ENTRIES SYNDROME Exclude firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Exclude device timeout entries from the report. UNKNOWN_ Exclude any entry that had either an unknown entry ENTRIES type or an unknown device type or class. UNSOLICITED_ Exclude unsolicited MSCP entries from the output MSCP report. VOLUME_ Exclude volume mount and dismount entries from the CHANGES report. /INCLUDE /INCLUDE=event-class[,...] Includes the specified event class or classes in the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Select device attention entries. BUGCHECKS Select all types of bugcheck entries. CONFIGURATION Select system configuration entries. CONTROL_ Select control entries. Control entries include ENTRIES the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Select CPU-related entries. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Select device error entries. ERRORS ENVIRONMENTAL_ Select environmental entries. ENTRIES MACHINE_ Select machine check entries. CHECKS MEMORY Select memory errors. SNAPSHOT_ Select snapshot entries. ENTRIES SYNDROME Select firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Select device timeout entries. UNKNOWN_ Select any entry that has an unknown entry ENTRIES class. UNSOLICITED_ Select unsolicited MSCP entries. MSCP VOLUME_ Select volume mount and dismount entries. CHANGES /INTERACTIVE /INTERACTIVE /[NO]INTERACTIVE Specifies whether or not ELV is to run in interactive shell mode. By default, interactive shell mode results from the way ELV is invoked. /LOG /LOG /NOLOG Specifies whether or not ELV is to output control and informational messages to the terminal. The default, /NOLOG, does not output these messages to the terminal. /NODE /NODE=[node-name,...] /NONODE=[node-name,...] Includes or excludes events occurring on a specified node or nodes from a report. If you do not enter a node name, only events that occur on the node on which you are running ELV are selected. (This is important in a cluster.) If you enter /NONODE without a value, events occurring on all nodes that are represented in the error log file are processed. /OUTPUT /OUTPUT=[output-file] Specifies the output file to contain converted copies of events chosen with interval and filter qualifiers. If you do not specify an output file name, the input file name is used. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file type, the default file type is .CVT. /REJECTED You can use the /REJECTED qualifier to include rejected events in a report. (By default, only selected events are included in a report.) /SINCE /SINCE=[date-time] Specifies that only those events dated later than the stated date and time are to be selected for the report. You can use date-time to limit the report to those events dated later than the specified time. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS User's Manual for details on specifying times. If you omit a date and time, TODAY is used. 5 Examples 1.ELV> CONVERT ERROR_LOG.SYS The command in this example converts events in ERROR_LOG.SYS to the older format and writes them to ERROR_LOG.CVT. 2.ELV> CONVERT/OUTPUT The command in this example converts events in the default file ERRLOG.SYS to the older format and writes them to ERRLOG.CVT. 3.ELV> CONVERT/OUTPUT=OUTFILE.OUT The command in this example converts events in the default file ERRLOG.SYS to the older format and writes them to OUTFILE.OUT. 4 DUMP Allows you to specify the name of a file to contain an OpenVMS dump-style record for each event. If you do not specify an output file name, the input file name is used. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file type, the default file type is .DMP. Format DUMP [input-file,...] 5 Parameter input-file Supplies one or more names of binary error log files to be used to produce an output dump file. If you do not specify an input file name, the default input file name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file name, the default file name is ERRLOG. If you do not specify a file type, the default file type is .SYS. 5 Qualifiers /BEFORE /BEFORE=date-time Specifies that only those events dated earlier than the stated date and time are to be selected for the report. Date-time specifies that only those events dated earlier than the stated date and time are to be selected for the report. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS System Manager's Manual for details on specifying times. If you omit a date and time, TODAY is used. /ENTRY /ENTRY=keyword[,...] Generates a report that includes the specified entry range or starts at the specified entry number. You can specify one or both keywords: Keyword Description START:decimal-value Indicates the start of a range of entries in a report. END:decimal-value Indicates the end of a range of entries in a report. Usage Notes: o You can specify one or both of these parameters. If you specify both parameters, you must enclose them in parentheses. o If you specify /ENTRY without the entry range or omit the qualifier, the entry range defaults to START:1,END:end-of- file. /EXCLUDE /EXCLUDE=event-class[,...] Excludes the specified event class or classes from the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Exclude device attention entries from the report. BUGCHECKS Exclude all types of bugcheck entries from the report. CONFIGURATION Exclude system configuration entries from the report. CONTROL_ Exclude control entries from the report. Control ENTRIES entries include the following event types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Exclude CPU-related entries from the report. CPU entries include the following event types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Exclude device error entries from the report. ERRORS ENVIRONMENTAL_ Exclude environmental entries from the report. ENTRIES MACHINE_ Exclude machine check entries from the report. CHECKS MEMORY Exclude memory errors from the report. SNAPSHOT_ Exclude snapshot entries from the report. ENTRIES SYNDROME Exclude firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Exclude device timeout entries from the report. UNKNOWN_ Exclude any entry that had either an unknown event ENTRIES type or an unknown device type or class. UNSOLICITED_ Exclude unsolicited MSCP entries from the output MSCP report. VOLUME_ Exclude volume mount and dismount entries from the CHANGES report. /INCLUDE /INCLUDE=event-class[,...] Includes the specified event class or classes in the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Select device attention entries. BUGCHECKS Select all types of bugcheck entries. CONFIGURATION Select system configuration entries. CONTROL_ Select control entries. Control entries include ENTRIES the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Select CPU-related entries. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Select device error entries. ERRORS ENVIRONMENTAL_ Select environmental entries. ENTRIES MACHINE_ Select machine check entries. CHECKS MEMORY Select memory errors. SNAPSHOT_ Select snapshot entries. ENTRIES SYNDROME Select firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Select device timeout entries. UNKNOWN_ Select any entry that has an unknown entry ENTRIES class. UNSOLICITED_ Select unsolicited MSCP entries. MSCP VOLUME_ Select volume mount and dismount entries. CHANGES /INTERACTIVE /INTERACTIVE /[NO]INTERACTIVE Specifies whether or not ELV is to run in interactive shell mode. By default, interactive shell mode results from the way ELV is invoked. /INVALID Allows you to specify the name of a file to contain invalid entries. /LOG /LOG /NOLOG Specifies whether or not ELV is to output control and informational messages to the terminal. The default, /NOLOG, does not output these messages to the terminal. /NODE /NODE=[node-name,...] /NONODE=[node-name,...] Includes or excludes events occurring on a specified node or nodes from a report. If you do not enter a node name, only events that occur on the node on which you are running ELV are selected. (This is important in a cluster.) If you enter /NONODE without a value, events occurring on all nodes that are represented in the error log file are processed. /OUTPUT /OUTPUT=[output-file] Specifies that the output file is to contain OpenVMS dump-style records for each event. If you do not specify an output file name, the input file name is used. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file type, the default file type is .DMP. /REJECTED You can use the /REJECTED qualifier to include rejected events in a report. (By default, only selected events are included in a report.) /SINCE /SINCE=[date-time] Specifies that only those events dated later than the stated date and time are to be selected for the report. You can use date-time to limit the report to those events dated later than the specified time. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS User's Manual for details on specifying times. If you omit a date and time, TODAY is used. 5 Examples 1.ELV> DUMP ERROR_LOG.SYS The command in this example creates a dump file named ERROR_ LOG.DMP that contains OpenVMS dump-style records. 2.ELV> DUMP/OUTPUT=OUTFILE.OUT The command in this example creates a dump file named OUTFILE.OUT that contains OpenVMS dump-style records. 3.ELV> DUMP/INVALID The command in this example creates a dump file with the default name of ERRLOG.DMP that contains OpenVMS dump-style records of invalid events. 4.ELV> DUMP/INVALID/OUTPUT=OUTFILE.OUT The command in this example creates a dump file named OUTFILE.OUT that contains OpenVMS dump-style records of invalid events. 4 EXIT Stops the execution of ELV and returns control to the DCL command level. You can also enter Ctrl/Z to perform the same function. Format EXIT 5 Example ELV> EXIT $ The command in this example terminates the ELV session and returns control to the DCL command level. 4 TRANSLATE Performs a bit-to-text translation of one or more binary error log files. Format TRANSLATE [input-file,...] 5 Parameter input-file Supplies one or more names of binary error log files to be translated. If you do not specify an input file name, the default input file name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file name, the default file name is ERRLOG. If you do not specify a file type, the default file type is .SYS. 5 Qualifiers /BEFORE /BEFORE=date-time Specifies that only those events dated earlier than the stated date and time are to be selected for the report. Date-time specifies that only those events dated earlier than the stated date and time are to be selected for the report. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS System Manager's Manual for details on specifying times. If you omit a date and time, TODAY is used. /BRIEF Specifies that ELV is to generate a brief report. A brief report is equivalent to using /DETAIL=LOW. Do not use the /BRIEF qualifier with /DETAIL, /FULL, /ONE_LINE, or /SUMMARY. /DETAIL /DETAIL=[keyword] Specifies the detail level of the generated report. Do not use the /DETAIL qualifier with /BRIEF, /FULL, /ONE_LINE, or /SUMMARY. The keyword denotes the level of detail for the generated report. Keywords are the following: Keyword Description MINIMUM Contains only the minimum amount of information. LOW Is the equivalent of a /BRIEF report. MEDIUM Is the default type of report. HIGH Is the equivalent of a /FULL report. MAXIMUM Contains the maximum amount of information. /ENTRY /ENTRY=keyword[,...] Generates a report that includes the specified entry range or starts at the specified entry number. You can specify one or both keywords: Keyword Description START:decimal-value Indicates the start of a range of entries in a report. END:decimal-value Indicates the end of a range of entries in a report. Usage Notes: o You can specify one or both of these parameters. If you specify both parameters, you must enclose them in parentheses. o If you specify /ENTRY without the entry range or omit the qualifier, the entry range defaults to START:1,END:end-of- file. /EXCLUDE /EXCLUDE=event-class[,...] Excludes the specified event class or classes from the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Exclude device attention entries from the report. BUGCHECKS Exclude all types of bugcheck entries from the report. CONFIGURATION Exclude system configuration entries from the report. CONTROL_ Exclude control entries from the report. Control ENTRIES entries include the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Exclude CPU-related entries from the report. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Exclude device error entries from the report. ERRORS ENVIRONMENTAL_ Exclude environmental entries from the report. ENTRIES MACHINE_ Exclude machine check entries from the report. CHECKS MEMORY Exclude memory errors from the report. SNAPSHOT_ Exclude snapshot entries from the report. ENTRIES SYNDROME Exclude firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Exclude device timeout entries from the report. UNKNOWN_ Exclude any entry that had either an unknown entry ENTRIES type or an unknown device type or class. UNSOLICITED_ Exclude unsolicited MSCP entries from the output MSCP report. VOLUME_ Exclude volume mount and dismount entries from the CHANGES report. /FULL Specifies that ELV is to generate a full report. A full report is equivalent to using /DETAIL=HIGH. Do not use the /FULL qualifier with /BRIEF, /DETAIL, ONE_LINE, or /SUMMARY. /INCLUDE /INCLUDE=event-class[,...] Includes the specified event class or classes in the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Select device attention entries. BUGCHECKS Select all types of bugcheck entries. CONFIGURATION Select system configuration entries. CONTROL_ Select control entries. Control entries include ENTRIES the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Select CPU-related entries. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Select device error entries. ERRORS ENVIRONMENTAL_ Select environmental entries. ENTRIES MACHINE_ Select machine check entries. CHECKS MEMORY Select memory errors. SNAPSHOT_ Select snapshot entries. ENTRIES SYNDROME Select firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Select device timeout entries. UNKNOWN_ Select any entry that has an unknown entry ENTRIES class. UNSOLICITED_ Select unsolicited MSCP entries. MSCP VOLUME_ Select volume mount and dismount entries. CHANGES /INTERACTIVE /INTERACTIVE /[NO]INTERACTIVE Specifies whether or not ELV is to run in interactive shell mode. By default, interactive shell mode results from the way ELV is invoked. /LOG /LOG /NOLOG Specifies whether or not ELV is to output control and informational messages to the terminal. The default, /NOLOG, does not output these messages to the terminal. /NODE /NODE=[node-name,...] /NONODE=[node-name,...] Includes or excludes events occurring on a specified node or nodes from a report. If you do not enter a node name, only events that occur on the node on which you are running ELV are selected. (This is important in a cluster.) If you enter /NONODE without a value, events occurring on all nodes that are represented in the error log file are processed. /ONE_LINE Specifies that a one-line-per-event report be generated instead of a standard report. Do not use /ONE_LINE with /BRIEF, /DETAIL, /FULL, or /SUMMARY qualifiers. /OUTPUT /OUTPUT=[output-file] Specifies that the output file is to contain a bit-to-text translations of events. By default, output is written to SYS$OUTPUT. If you do not specify an output file name, the input file name is used. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file type, the default file type is .LIS. /PAGE /PAGE /NOPAGE Specifies whether or not to enable paged output of the generated report. /REJECTED You can use the /REJECTED qualifier to include rejected events in a report. (By default, only selected events are included in a report.) /SINCE /SINCE=[date-time] Specifies that only those events dated later than the stated date and time are to be selected for the report. You can use date-time to limit the report to those events dated later than the specified time. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS User's Manual for details on specifying times. If you omit a date and time, TODAY is used. /SUMMARY Specifies that a summary report is to be generated rather than a standard report. Do not use /SUMMARY with /BRIEF, /DETAIL, /FULL, ONE_LINE, or /TERSE qualifiers. /TERSE Specifies that the data is to be displayed in a less interpreted format, regardless of detail level. /TERSE has no effect when used with ONE_LINE or /SUMMARY. You can use /TERSE with /BRIEF, /DETAIL, or /FULL, which use a default display. (/ONE_LINE and /SUMMARY do not use the same default display.) 5 Examples 1.ELV> TRANSLATE /BEFORE=24-MAY-2002:04:51:33.87 ERRLOG.SYS;42 For this example, the default report produced for ERRLOG.SYS;42 contains all entries that were logged before 4:51 on May 24, 2002. 2.ELV> TRANSLATE /BRIEF ERRLOG.SYS;42 The command in this example generates a brief report. 3.ELV> TRANSLATE /DETAIL=LOW ERRLOG.SYS;42 The command in this example generates a report with a LOW level of detail. 4.ELV> TRANSLATE /ENTRY=END:18 ERRLOG.SYS;42 The command in this example shows how to display entries before a specified entry in a sequence. 5.ELV> TRANSLATE /ENTRY=(START:18,END:37) ERRLOG.SYS;42 The command in this example shows how to display entries within a specified entry range. 6.ELV> TRANSLATE /EXCLUDE=DEVICE_ERRORS ERRLOG.SYS;42 The command in this example shows how to exclude the DEVICE_ ERRORS entry type from a report. 7.ELV> TRANSLATE /FULL ERRLOG.SYS;42 The command in this example generates a full report. 8.ELV> TRANSLATE /INCLUDE=(VOLUME_CHANGES, CPU_ENTRIES, BUGCHECKS) ERRLOG.SYS;42 The command in this example shows how to select VOLUME_ CHANGES, CPU_ENTRIES, and BUGCHECKS entry types. 9.ELV> TRANSLATE /INTERACTIVE ERRLOG.SYS The command in this example enables interactive shell mode after translating ERRLOG.SYS. (The default, NOINTERACTIVE, returns you to the DCL prompt.) 10. ELV> TRANSLATE /LOG ERRLOG.SYS This example shows how to enable the logging of control and informational messages. 11. ELV> TRANSLATE /NONODE=(BEAVIS, BUTTHD) ERRLOG.SYS The command in this example generates a report containing all events except those occurring on nodes BEAVIS and BUTTHD. 12. ELV> TRANSLATE /ONE_LINE ERRLOG.SYS The command in this example requests ELV to produce a one-line- per-event report instead of a standard report. 13. ELV> TRANSLATE /OUTPUT=ERRLOG.DAT;3 ERRLOG.SYS;42 This example creates a binary file named ERRLOG.DAT. If a version number is specified, as in this example, and a file with the same name and version number does not exist, then the binary file will be created with the specified version number. 14. ELV> TRANSLATE /PAGE ERRLOG.SYS This example shows how to generate a paged report. 15. ELV> TRANSLATE /SINCE="24-MAY-2002 04:51:33.87" ERRLOG.SYS;42 For this example, the default report produced for ERRLOG.SYS;42 contains all entries that were logged after 4:51 on May 24, 2002. 16. ELV> TRANSLATE /SUMMARY ERRLOG.SYS This example shows how to generate a summary report. 17. ELV> TRANSLATE /TERSE ERRLOG.SYS This example shows how to generate a terse report. 4 WRITE Performs an image copy of events from one or more binary error log files. Format WRITE [input-file,...] 5 Parameter input-file Supplies one or more names of binary error log files from which events are to be copied to a new binary error log file. If you do not specify an input file name, the default input file name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file name, the default file name is ERRLOG. If you do not specify a file type, the default file type is .SYS. 5 Qualifiers /BEFORE /BEFORE=date-time Specifies that only those events dated earlier than the stated date and time are to be selected for the report. Date-time specifies that only those events dated earlier than the stated date and time are to be selected for the report. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS System Manager's Manual for details on specifying times. If you omit a date and time, TODAY is used. /ENTRY /ENTRY=keyword[,...] Generates a report that includes the specified entry range or starts at the specified entry number. You can specify one or both keywords: Keyword Description START:decimal-value Indicates the start of a range of entries in a report. END:decimal-value Indicates the end of a range of entries in a report. Usage Notes: o You can specify one or both of these parameters. If you specify both parameters, you must enclose them in parentheses. o If you specify /ENTRY without the entry range or omit the qualifier, the entry range defaults to START:1,END:end-of- file. /EXCLUDE /EXCLUDE=event-class[,...] Excludes the specified event class or classes from the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Exclude device attention entries from the report. BUGCHECKS Exclude all types of bugcheck entries from the report. CONFIGURATION Exclude system configuration entries from the report. CONTROL_ Exclude control entries from the report. Control ENTRIES entries include the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Exclude CPU-related entries from the report. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Exclude device error entries from the report. ERRORS ENVIRONMENTAL_ Exclude environmental entries from the report. ENTRIES MACHINE_ Exclude machine check entries from the report. CHECKS MEMORY Exclude memory errors from the report. SNAPSHOT_ Exclude snapshot entries from the report. ENTRIES SYNDROME Exclude firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Exclude device timeout entries from the report. UNKNOWN_ Exclude any entry that had either an unknown entry ENTRIES type or an unknown device type or class. UNSOLICITED_ Exclude unsolicited MSCP entries from the output MSCP report. VOLUME_ Exclude volume mount and dismount entries from the CHANGES report. /INCLUDE /INCLUDE=event-class[,...] Includes the specified event class or classes in the report. Do not use the /EXCLUDE qualifier with /INCLUDE. For event-class, specify one or more of the keywords shown in the following table. If you specify more than one keyword, you must use a comma-separated list of values enclosed in parentheses. Keyword Description ATTENTIONS Select device attention entries. BUGCHECKS Select all types of bugcheck entries. CONFIGURATION Select system configuration entries. CONTROL_ Select control entries. Control entries include ENTRIES the following entry types: o System power failure restarts o Time stamps o System startups o $SNDERR messages (system service to send messages to error log) o Operator messages o Network messages o ERRLOG.SYS created CPU_ENTRIES Select CPU-related entries. CPU entries include the following entry types: o SBI alerts/faults o Undefined interrupts o MBA/UBA adapter errors o Asynchronous write errors o UBA errors DEVICE_ Select device error entries. ERRORS ENVIRONMENTAL_ Select environmental entries. ENTRIES MACHINE_ Select machine check entries. CHECKS MEMORY Select memory errors. SNAPSHOT_ Select snapshot entries. ENTRIES SYNDROME Select firmware-generated entries that describe a symptom set used by HP support personnel to identify problems. TIMEOUTS Select device timeout entries. UNKNOWN_ Select any entry that has an unknown entry ENTRIES class. UNSOLICITED_ Select unsolicited MSCP entries. MSCP VOLUME_ Select volume mount and dismount entries. CHANGES /INTERACTIVE /INTERACTIVE /[NO]INTERACTIVE Specifies whether or not ELV is to run in interactive shell mode. By default, interactive shell mode results from the way ELV is invoked. /LOG /LOG /NOLOG Specifies whether or not ELV is to output control and informational messages to the terminal. The default, /NOLOG, does not output these messages to the terminal. /NODE /NODE=[node-name,...] /NONODE=[node-name,...] Includes or excludes events occurring on a specified node or nodes from a report. If you do not enter a node name, only events that occur on the node on which you are running ELV are selected. (This is important in a cluster.) If you enter /NONODE without a value, events occurring on all nodes that are represented in the error log file are processed. /OUTPUT /OUTPUT=[output-file] Specifies that the output file is to contain image copies of events. If you do not specify an output file name, the input file name is used. If you do not specify a device and directory, the system defaults to your current device and directory. If you do not specify a file type, the default file type is .DAT. /REJECTED You can use the /REJECTED qualifier to include rejected events in a report. (By default, only selected events are included in a report.) /SINCE /SINCE=[date-time] Specifies that only those events dated later than the stated date and time are to be selected for the report. You can use date-time to limit the report to those events dated later than the specified time. You can specify an absolute time, a delta time, or a combination of absolute and delta times. See the OpenVMS User's Manual for details on specifying times. If you omit a date and time, TODAY is used. 5 Examples 1.ELV> WRITE ERROR_LOG.SYS The command in this example copies events in ERROR_LOG.SYS to ERROR_LOG.DAT. 2.ELV> WRITE/OUTPUT The command in this example copies events in the default file ERRLOG.SYS to ERRLOG.DAT. 3.ELV> WRITE/OUTPUT=OUTFILE.OUT The command in this example copies events in the default file ERRLOG.SYS to OUTFILE.OUT. 2 /IMAGE Analyzes the contents of an executable image file or a shareable image file on OpenVMS VAX and Alpha systems, and an Executable and Linkable Format (ELF) image file or sharable image file on OpenVMS I64 systems, identifying obvious errors in the file. This analysis includes translated images on I64 and Alpha systems. The /IMAGE qualifier is required. For general information about image files, refer to the description of the linker in the HP OpenVMS Linker Utility Manual. (Use the ANALYZE/OBJECT command to analyze the contents of an object file.) Format ANALYZE/IMAGE filespec[,...] 3 Parameter filespec[,...] Specifies the name of one or more image files that you want analyzed. You must specify at least one file name. If you specify more than one file, separate the file specifications with either commas (,) or plus signs (+). The default file type is .EXE. The asterisk (*) and percent sign (%) wildcard characters are allowed in the file specification. 3 Description The ANALYZE/IMAGE command provides a description of the components of an executable image file or shareable image file on OpenVMS VAX and Alpha systems, and of an Executable and Linkable Format (ELF) image file or sharable image file on OpenVMS I64 systems. It also verifies that the structure of the major parts of the image file is correct. However, the ANALYZE/IMAGE command cannot ensure that program execution is error free. On OpenVMS I64 systems, the ANALYZE/IMAGE command automatically distinguishes between I64, Alpha, and VAX images by examining the header information. If errors are found, the first error of the worst severity is returned. For example, if a warning (A) and two errors (B and C) are found, the first error (B) is returned as the image exit status. The image exit status is placed in the DCL symbol $STATUS at image exit. NOTES For I64 images and objects, the Analyze utility determines whether the file it analyzes is an image file or object file. Although Analyze allows you to specify ANALYZE/OJBECT on an ELF image file, use ANALYZE/IMAGE for ELF image files and ANALYZE/OJBECT for ELF object files. When parsing output from ANALYZE/IMAGE, be aware that the output for ELF images may change. When using ANALYZE without a qualifier, the default is /OBJECT. Therefore, when using this default to analyze an image in the output file, the utility correctly identifies itself as "Analyze Object File". The OpenVMS VAX and Alpha versions of ANALYZE/IMAGE do not have the capability of analyzing all non-platform images. For example, ANALYZE/IMAGE cannot analyze I64 images on VAX or Alpha images on older versions of VAX. When you analyze I64 images on I64 platforms, ANALYZE/IMAGE accepts VAX-only or Alpha-only qualifiers, but ignores any effect of these qualifiers. Depending on the platform, the ANALYZE/IMAGE command distinguishes I64 images from VAX and ALpha images by examining the meta information (e.g., ELF, EIHD, or IHD). The ANALYZE/IMAGE command provides the following information for image files: o Image architecture and type - The OpenVMS platform and whether the image is executable or shareable. o Image name - The name of the image or shareable image. o Image identification - The identification given in a link operation. o Creating linker identification - The linker that generated the image. o Link date and time - The date and time of the link operation. o Image transfer addresses - The addresses to which control is passed at image execution time. o Image version - The revision level (major ID and minor ID) of the image. o Location and size of the image's symbol vector (Alpha and I64 only). o List of required sharable images - The dependencies on sharable images. o Location of the debugger symbol table (DST)-Identifies the location of the DST in the image file. DST information is present only in executable images that have been linked with the /DEBUG or the /TRACEBACK command qualifier. (VAX and Alpha only.) o Location and interpretation of the debug and traceback information - The sections that contain the information and formats the data (DWARF) (I64 only). o Location of the global symbol table (GST)- The location of the GST in the image file. GST information is present only in shareable image files. (VAX and Alpha only.) o Location of the global symbol table (.symtab) - The location of the GST in the image file. GST informaton is present only in sharable image files (I64 only.) o Patch information-Indicates whether the image has been patched (changed without having been recompiled or reassembled and relinked). If a patch is present, the actual patch code can be displayed. (VAX and Alpha only.) o Image section descriptors (ISD)-Identify portions of the image binary contents that are grouped in OpenVMS Cluster systems according to their attributes. An ISD contains information that the image activator needs when it initializes the address space for an image. For example, an ISD tells whether the ISD is shareable, whether it is readable or writable, whether it is based or position independent, and how much memory should be allocated. (VAX only.) o Summary of internal tables - Lists the program segments and sections of which the image consists. (I64 only.) o Fixup vectors-Contain information that the image activator needs to ensure the position independence of shareable image references. (VAX and Alpha only.) o Fixup information-Information that the image activator needs to ensure the position independence of sharable image references. (I64 only.) o System version categories-For an image that is linked against the executive (the system shareable image on I64 and Alpha or the system symbol table on VAX), displays both the values of the system version categories for which the image was linked originally and the values for the system that is currently running. You can use these values to identify changes in the system since the image was linked last. The ANALYZE/IMAGE command has command qualifiers and positional qualifiers. For VAX and Alpha images, by default, if you do not specify any positional qualifiers (for example, /GST or /HEADER), the entire image is analyzed. If you do specify a positional qualifier, the analysis excludes all other positional qualifiers except the /HEADER qualifier (which is always enabled) and any qualifier that you request explicitly. The default behavior for analyzing ELF images differs from the behavior for analyzing Alpha or VAX images. For ELF images, a summary of the major ELF tables is displayed. With this information, you can select specific segments and/or sections for analysis. To locate errors, analyze the entire image by selecting all sections and segments. 3 Qualifiers /FIXUP_SECTION /FIXUP_SECTION (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all information in the fixup section of the image. If you specify the /FIXUP_SECTION qualifier after the ANALYZE/IMAGE command, the fixup section of each image file in the parameter list is analyzed. If you specify the /FIXUP_SECTION qualifier after a file specification, only the information in the fixup section of that image file is analyzed. /FLAGVALUES /FLAGVALUES (I64 only) Several fields in an ELF module represent bit flags. Where possible, these bit-flag values are examined and displayed individually. By default, only the flag values that are set to 1 (ON) are displayed. The keywords are as follows: Keyword Description ON The keyword ON displays all flags whose value is 1. OFF The keyword OFF displays all flags whose value is 0. ALL The keyword ALL displays all flag values. The keywords ON and OFF, in contrast, indicate the value of each specific flag bit. /GST /GST (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all global symbol table records. This qualifier is valid only for shareable images. If you specify the /GST qualifier after the ANALYZE/IMAGE command, the global symbol table records of each image file in the parameter list are analyzed. If you specify the /GST qualifier after a file specification, only the global symbol table records of that file are analyzed. /HEADER /HEADER (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all header items and image section descriptions. The image header items are always analyzed. /INTERACTIVE /INTERACTIVE /NOINTERACTIVE (default) Specifies whether the analysis is interactive. In interactive mode, as each item is analyzed, the results are displayed on the screen and you are asked whether you want to continue. /MODULE /MODULE [=(module_name[,...]) ] (I64 only) Selectively formats debug or traceback information for the named module or list of modules. You must request debug or traceback information by using the /SECTIONS qualifier with keywords ALL, DEBUG or TRACE. If debug or traceback information is selectively formatted, then the module name is a subselection. If you do not specify a module name, only debug or traceback meta information about the available modules is printed. In this case, any other debug or traceback selection is deactivated. NOTE This qualifier is only valid for ANALYZE/IMAGE. Although ANALYZE/OBJECT can be used to format I64 images, Analyze rejects the /MODULE qualifier. /OUTPUT /OUTPUT=filespec Identifies the output file for storing the results of the image analysis. The asterisk (*) and the percent sign (%) wildcard characters are not allowed in the file specification. If you specify a file type and omit the file name, the default file name ANALYZE is used. The default file type is .ANL. If you omit the qualifier, the results are output to the current SYS$OUTPUT device. /PAGE_BREAK /PAGE_BREAK=keyword (I64 only) Specifies if and where page breaks (form feeds) are inserted in the report file. This qualifier is only useful if /OUTPUT is used to write a report file. It is ignored if /INTERACTIVE is used to specify an interactive analysis. Keywords include NONE, which sets no page breaks; PRINTABLE_ REPORT, which creates page breaks as in listing files, and SEPARATE_INFORMATION, which sets page breaks between section information. /PATCH_TEXT /PATCH_TEXT (VAX only) Positional qualifier. Specifies that the analysis include all patch text records. If you specify the /PATCH_TEXT qualifier after the ANALYZE/IMAGE command, the patch text records of each image file in the parameter list are analyzed. If you specify the /PATCH_TEXT qualifier after a file specification, only the patch text records of that file are analyzed. /SECTIONS /SECTIONS [=(keyword[,...])] (I64 only) Selects individual program sections or section types to display. NOTE This qualifier and its keywords can only be used to form an inclusion list of sections to be displayed. This qualifier is not negatable and cannot be used to form an exclusion list. If no values are specified, the default keyword is HEADERS. The keywords are as follows: Keyword Description ALL Displays a detailed analysis of every section in the module. Note that this keyword can generate a large amount of output. CODE Displays all of all sections of type SHT_ PROGBITS where the executable flag is set (SHDR$M_SHF_EXECINSTR in the section header). The section data will be displayed as machine instructions. DEBUG Analyzes and displays sections consisting [=(suffix[,...])] of DWARF formatted debug information. In addition, you can use a list of debug section name suffixes to selectively format DEBUG information. EXTENSIONS Analyzes and displays sections of type SHT_ IA64_EXT. The data is displayed in hexadecimal format. GROUP Analyzes and displays sections of type SHT_ GROUP. Sections of this type consist of a list of the section numbers of sections belonging to that group. HEADERS The default keyword. Displays the ELF header and the section header details. LINKAGES Analyzes and displays sections of type SHT_ VMS_LINKAGES.The data is displayed as a list of linkage descriptors. NOBITS Analyzes and displays sections of type SHT_ NOBITS. There is no module data associated with sections of this type. NOTE Analyzes and displays sections of type SHT_ NOTE. The data for this section is displayed as a list of formatted OpenVMS note entries. NULL Displays all sections of type PT_NULL. No a data will be displayed for segments of this type. NUMBERS= Displays individual sections, as follows: (number [,...]) o The selected sections will have a detailed display of their header and their contents. An informational message is displayed for section numbers that do not exist in the module. o One or more numeric values may be specified. o Section numbers may be specified in decimal, octal (using the %O prefix), or hexadecimal (using the %X prefix). STRTAB Analyzes and displays sections of type SHT_ STRTAB. The data for this section is displayed as a string table. SYMTAB Displays sections of type SHT_SYMTAB. The data for this section is displayed as a symbol table. SYMBOL_VECTOR Sections of this type will only appear in sharable image files. If present, they point to the same data as the dynamic segment DT_ VMS_SYMVEC tags. TRACE Analyzes and displays sections consisting of [=(suffix[,...])] traceback information. In addition, you can use a list of trace section name suffixes to selectively format TRACE information. UNWIND Analyzes and displays sections of type SHT_ IA64_UNWIND. Each section of this type has an associated Unwind Information section of type SHT_PROGBITS. This associated section is also displayed. /SEGMENTS /SEGMENTS [=(keyword[,...])] (I64 only) Selects individual program segments or program segments of a specified type to be displayed. NOTE This qualifier and its keywords can only be used to form an inclusion list of segments to be displayed. This qualifier is not negatable and cannot be used to form an exclusion list. If no values are specified, the default keyword is HEADERS. The keywords are as follows: Keyword Description ALL Analyzes and displays information for every program segment. Note that this can generate a large amount of output. CODE Analyzes and displays all executable segments (PHDR$M_PF_X bit set in the segment header). Segment data is displayed as machine instructions. DYNAMIC Analyzes and displays the segment of type PT_DYNAMIC. EXTENSIONS Analyzes and displays segments of type IA_64_ARCHEXT. HEADERS The default keyword. Analyzes and displays the ELF header and segment header details. LOAD Analyzes and displays segments of type PT_LOAD. If the segment header indicates this is an executable segment (PHDR$M_PF_X bit set in the segment header), the contents will be formatted as machine instructions, otherwise the contents are formatted as hexadecimal data. NULL Analyzes and displays segments of type PT_NULL. No a data will be displayed for segments of this type. NUMBERS= Analyzes and displays individual segments, as follows: (number [,...]) o The selected segments have a detailed display of header and content information. For section numbers that do not exist in the module, an informational message is displayed. o One or more numeric values may be specified. o Segment numbers may be specified in decimal, octal (using the %O prefix), or hexadecimal (using the %X prefix). /SELECT /SELECT=(keyword[,...]) Allows for the collection of specific image file information and displays the selected keyword items in the order specified. Analyze creates DCL symbols for all selectable information with the /SELECT qualifier. The symbol names consist of the prefix ANALYZE$ and a descriptive name of the information they hold. The symbol value is the selected information, usually printed to SYS$OUTPUT. Effectively, all of the printed information is duplicated in the symbols. For unselected information, the corresponding symbols will contain the null string. The keywords are as follows: Keyword Description ARCHITECTURE Writes the architecture information into the DCL symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS IA64" if the file is an OpenVMS I64 image file. Returns "OpenVMS Alpha" if the file is an OpenVMS Alpha image file. Returns "OpenVMS VAX" if the file is an OpenVMS VAX image file. BUILD_ Writes build identification information into IDENTIFICATION the DCL symbol ANALYZE$BUILD_IDENTIFICATION. For OpenVMS I64 and Alpha image files, returns the image build identification stored in the image file, enclosed in quotation marks. For OpenVMS VAX image files, the null string that is represented by adjacent quotation marks is returned. FILE_TYPE Writes file type information into the DCL symbol ANALYZE$FILE_TYPE. Returns "Image" if the file is an OpenVMS I64, Alpha, or VAX image file. IDENTIFICATION The possible keywords are as follows: [=keyword] o IMAGE (default) - Writes the image identification information into the DCL symbol ANALYZE$IDENTIFICATION. Returns the image identification that is stored in the image file, enclosed in quotation marks. Otherwise, returns "Unknown". o LINKER - Writes the linker identification information into the DCL symbol ANALYZE$LINKER_IDENTIFICATION. Returns the identification of the linker used to link the image. IMAGE_TYPE Writes image type information into the DCL symbol ANALYZE$IMAGE_TYPE. Returns "Shareable" if the file is a shareable image file. Returns "Executable" if the file is either an OpenVMS I64, Alpha, or OpenVMS VAX executable (nonshareable) image file. LINK_TIME Writes link time information into the DCL symbol ANALYZE$LINK_TIME. For image files, returns the image link time that is stored in the image file, enclosed in quotation marks. NAME Writes link time information into the DCL symbol ANALYZE$NAME. For image files, returns the image name that is stored in the image file, enclosed in quotation marks. VERSION_ Writes the system and component version numbers NUMBERS into DCL symbols. The DCL symbol names and (Alpha and values are similar to the printed output of I64 only) ANALYZE/IMAGE; that is, there is a symbol for each component. The symbol names consist of the prefix "ANALYZE$SYS$K_" and the component name consists of "BASE_IMAGE", "MEMORY_MANAGEMENT", and so forth. If the analyzed image depends on a component, the component's version number saved in the image is also in the corresponding DCL symbol. The other DCL symbols contain an empty string. The symbol value, the version, consists of a major and minor version number, separated by a dot and enclosed in parantheses. In addition, if the image runs on the same platform as Analyze, then the component's version of the running system are stored in the DCL symbols. Then, within the parentheses, the image and system versions are separated by a slash. In this case, both versions are compared. The comparision is performed by an LEQUAL check for major-/minor-IDs. If there is a mismatch, Analyze prints an informational message. Note also that the system version is saved in the DCL symbol of the BASE_IMAGE component. NOTE The Analyze utility can work on several files. Because there is only one set of DCL symbols, the symbols only contain information from the last analyzed file. When an error occurs, symbol values are undefined. Check for Analyze errors first, then use the symbols. 3 Examples 1.$ ANALYZE/IMAGE LINEDT The ANALYZE/IMAGE command in this example produces a description and an error analysis of the image LINEDT.EXE. Output is sent to the current SYS$OUTPUT device. 2.$ ANALYZE/IMAGE/OUTPUT=LIALPHEX/FIXUP_SECTION/PATCH_TEXT LINEDT, ALPRIN (VAX and Alpha only) The ANALYZE/IMAGE command in this example produces a description and an error analysis of the fixup sections and patch text records of LINEDT.EXE and ALPRIN.EXE in file LIALPHEX.ANL. Output is sent to the file LIALPHEX.ANL. 3.$ ANALYZE/IMAGE/SELECT=(ARCH,FILE,NAME,IDENT,BUILD,LINK) *.EXE DISK:[DIRECTORY]ALPHA.EXE;1 OpenVMS ALPHA Image "Test image ALPHA" "A11-27" "X5SC-SSB-0000" 14-JUN-2004 07:16:19.24 DISK:[DIRECTORY]VAX.EXE;1 OpenVMS VAX Image "Test image VAX" "V11-27" "" 15-JUN-2004 13:18:40:70 On an Alpha system, this example displays the information requested about the executable files ALPHA.EXE and VAX.EXE. 4.$ ANALYZE/IMAGE/SELECT=(ARCHITECTURE,IDENT,NAME) HELLO 1 USER:[JOE]HELLO.EXE;1 OpenVMS IA64 "V1.0" "HELLO" $ $ SHOW SYMBOL ANALYZE$* ANALYZE$ARCHITECTURE = "OpenVMS IA64" ANALYZE$BUILD_IDENTIFICATION = "" ANALYZE$FILE_TYPE = "" ANALYZE$IDENTIFICATION = ""V1.0"" ANALYZE$IMAGE_TYPE = "" ANALYZE$LINKER_IDENTIFICATION = "" ANALYZE$LINK_TIME = "" ANALYZE$NAME = ""HELLO"" $ $ ANALYZE/IMAGE/SELECT=(IDENT=(IMAGE,LINKER),IMAGE,LINK) HELLO 2 USER:[JOE]HELLO.EXE;1 "V1.0" "Linker I01-54" Executable 7-JUN-2004 11:47:08.10 $ $ SHOW SYMBOL ANALYZE$* ANALYZE$ARCHITECTURE = "" ANALYZE$BUILD_IDENTIFICATION = "" ANALYZE$FILE_TYPE = "" ANALYZE$IDENTIFICATION = ""V1.0"" ANALYZE$IMAGE_TYPE = "Executable" ANALYZE$LINKER_IDENTIFICATION = ""Linker I01-54"" ANALYZE$LINK_TIME = " 7-JUN-2004 11:47:08.10" ANALYZE$NAME = "" $ $ ANALYZE/IMAGE/SELECT=FILE HELLO.* 3 USER:[JOE]HELLO.C;1 %ANALYZE-E-ILLFIL, Illegal file format encountered USER:[JOE]HELLO.EXE;1 Image USER:[JOE]HELLO.MAP;1 %ANALYZE-E-ILLFIL, Illegal file format encountered USER:[JOE]HELLO.OBJ;1 Object $ $ SHOW SYMBOL ANALYZE$* ANALYZE$ARCHITECTURE = "" ANALYZE$BUILD_IDENTIFICATION = "" ANALYZE$FILE_TYPE = "Object" ANALYZE$IDENTIFICATION = "" ANALYZE$IMAGE_TYPE = "" ANALYZE$LINKER_IDENTIFICATION = "" ANALYZE$LINK_TIME = "" ANALYZE$NAME = $ This I64 example displays the information requested for the executable file, HELLO.EXE. The following text is keyed to the callout numbers at the ends of each ANALYZE/IMAGE command line in the example: 1 Only the selected information can be found in the DCL symbols. The information in the symbols is identical to what is printed to SYS$OUTPUT, that is, if quoted strings are printed there are quotes strings in the symbol. 2 If the new linker identification is selected, it is necessary to use IDENT with a keyword list. 3 When using wildcards, errors in the analyzed file (for example illegal file format errors) do not terminate Analyze. Only the information from the last analyzed file can be found in the DCL symbols. 2 /MEDIA Invokes the Bad Block Locator utility (BAD), which analyzes block-addressable devices and records the location of blocks that cannot reliably store data. The /MEDIA qualifier is required. For a complete description of BAD, including information about the ANALYZE/MEDIA command and its qualifiers, see the OpenVMS Bad Block Locator Utility Manual. This manual is posted with other archived manuals on the OpenVMS Documentation website. Format ANALYZE/MEDIA device device Specifies the device that BAD will analyze. The device has the form: ddcu: or logical-name 3 Qualifiers /BAD_BLOCKS /BAD_BLOCKS[=LIST] Adds the specified bad blocks to the detected bad block file (DBBF). If the /BAD_BLOCK qualifier is specified along with the /EXERCISE qualifier, the medium is tested once the bad blocks are added to the DBBF. If you do not specify a value for the /BAD_BLOCK qualifier, you are prompted as follows: BAD_BLOCKS = In prompt mode, BAD reports any duplicate bad blocks. Qualifier Value List Specifies the bad block locations to be added to the DBBF. Valid codes for specifying bad block locations are: Code Meaning LBN Specifies the logical block number (LBN) of a single bad block. LBN:count Specifies a range of contiguous bad blocks starting at the logical block number (LBN) and continuing for "count" blocks. SEC.TRK.CYL Specifies the physical disk address (sector, track, and cylinder) of a single bad sector. This code is valid only for last track devices. SEC.TRK.CYL:count Specifies a range of bad sectors starting at the specified physical disk address (sector, track, and cylinder) and continuing for "count" sectors. This code is valid only for last track devices. You can specify these formats in any integer combination or radix combination. Note The term "block" denotes a standard unit of 512 bytes, whereas the term "sector" denotes the physical size of the device sector, which is not always the same for all devices. For example, an RL02 has a sector size of 256 bytes, while an RK07 has a standard sector size of 512 bytes. /EXERCISE /EXERCISE=(FULL,[NO]KEEP,PATTERN) /NOEXERCISE (default) Controls whether the media should actually be tested. You can update the DBBF without erasing the contents of the volume by using the /NOEXERCISE qualifier along with the /BAD_BLOCKS qualifier. Qualifier Keywords FULL Causes BAD to test the media using three test patterns (0s, 1s, and "worst case") instead of the default single "worst case" pattern. The FULL keyword can be used only with /EXERCISE. Note that the "worst case" test pattern always remains on media tested with the /EXERCISE qualifier. KEEP Ensures the preservation of the current software detected bad block file (SDBBF). The keep keyword is the default when /NOEXERCISE is specified. NOKEEP Causes BAD to create a new SDBBF. The NOKEEP keyword is the default when /EXERCISE is specified. This keyword cannot be used with the /NOEXERCISE qualifier. PATTERN=(value[,...]) Allows users to specify the value of a test pattern to be used as "worst case". Up to an octaword of test pattern data may be specified in decimal (%D), hexadecimal (%X), or octal (%O) radixes. The default radix is decimal. The pattern is specified in longwords. If two or more longwords are specified, they must be enclosed in parentheses and separated by commas. /LOG /LOG /NOLOG (default) Specifies whether a message is sent to the current SYS$OUTPUT device and SYS$ERROR, indicating the total number of bad blocks detected by BAD. /OUTPUT /OUTPUT[=filespec] Specifies whether the contents of the DBBF are written to the specified file. If you omit the /OUTPUT qualifier, no output is generated. If you specify /OUTPUT but omit the filespec, the contents of the DBBF are written to the current SYS$OUTPUT device. When you specify /OUTPUT, the /SHOW=AFTER qualifier is implied. Qualifier Value filespec Identifies the output file for storing the results of the medium analysis. If you specify a file type and omit the file name, the default file name ANALYZE is used. The default file type is ANL. If you omit the filespec, the results are output to the current SYS$OUTPUT device. No wildcard characters are allowed in the file specification. /RETRY /RETRY /NORETRY (default) Enables the device driver to retry soft errors. /SHOW /SHOW[=(keyword[,...])] Lists the contents of the DBBF before or after (or both) the medium is exercised or modified. Qualifier Keywords [NO]BEFORE,[NO]AFTER Specifies whether the contents of the DBBF are listed before or after (or both) the medium is exercised. After is the default. 3 Examples In examples 1 and 2, the contents of the data region on the medium are not altered or destroyed; in examples 3, 4, and 5, all the data on the medium is destroyed. 1. $ ANALYZE/MEDIA/BAD_BLOCKS=(4.4.4:3) DBA1: The /BAD_BLOCKS qualifier in this example specifies a range of 3 bad blocks beginning at the physical disk address sector 4, track 4, cylinder 4. This range is added to the DBBF. 2. $ ANALYZE/MEDIA/LOG DBB1: DEVICE DBB1: CONTAINS A TOTAL OF 340670 BLOCKS; 11 DEFECTIVE BLOCKS DETECTED. The command in this example requests BAD to report the total number of bad blocks recorded in DBBFs for the disk mounted on DBB1:. The medium is not exercised or altered in any way. 3. $ ANALYZE/MEDIA/EXERCISE/BAD_BLOCKS=(2) DBB1: The command in this example adds the bad block specification to the DBBF and then tests the media. The bad block in this example is located at logical block number (LBN) 2. 4. $ ANALYZE/MEDIA/EXERCISE=KEEP DBA1: This command tests the media while preserving the current SDBBF. 5. $ ANALYZE/MEDIA/EXERCISE/RETRY DBB1: The command in this example directs the device driver to retry soft errors. 2 /OBJECT Analyzes the contents of an object file on OpenVMS VAX and Alpha systems, and an Executable and Linkable Format (ELF) object file on OpenVMS I64 systems, and identifies obvious errors. The /OBJECT qualifier is required. For general information about object files, refer to the description of the linker in the HP OpenVMS Linker Utility Manual. (Use the ANALYZE/IMAGE command to analyze the contents of an image file.) Format ANALYZE/OBJECT filespec[,...] 3 Parameter filespec[,...] Specifies the object files or object module libraries you want analyzed (the default file type is .OBJ). Use commas (,) or plus signs (+) to separate file specifications. The asterisk (*) and the percent sign (%) wildcard characters are allowed in the file specification. 3 Description The ANALYZE/OBJECT command describes the contents of one or more object modules contained in one or more files. It also performs a partial error analysis. This analysis determines whether all records in an object module conform in content, format, and sequence to the specifications of the I64, Alpha, or VAX Object Language. On OpenVMS I64 systems, the ANALYZE/OBJECT command automatically distinguishes I64, Alpha, and VAX objects by examining the format of the object modules header. ANALYZE/OBJECT is intended primarily for programmers compilers, debuggers, or other software involving the operating system's object modules. It checks that that the ELF object format (I64) or the object language records (VAX and Alpha) generated by the object modules are acceptable to the Linker utility, and it identifies certain errors in the file. It also provides a description of the records in the object file or object module library. For more information on the linker and on the Alpha and VAX object languages, refer to the HP OpenVMS Linker Utility Manual. Information on the I64 object format will be available in a future release. NOTES For I64 images and objects, the Analyze utility determines whether the file it analyzes is an image file or object file. Although Analyze allows you to specify ANALYZE/IMAGE on an ELF object file, use ANALYZE/IMAGE for ELF image files and ANALYZE/OJBECT for ELF object files. The OpenVMS VAX and OpenVMS Alpha versions of ANALYZE/OBJECT are not fully capable of analyzing non-platform objects (for example I64 objects on VAX or Alpha). The output format of ANALYZE/OBJECT for ELF objects may change. Further, the default behavior for analyzing ELF objects differs from the behavior for analyzing Alpha or VAX objects. For ELF objects, a summary of the major ELF tables is displayed. With this information, you can select specific sections for further analysis. To locate errors, the entire object should be analyzed by selecting all sections. When you analyze I64 objects on I64 platforms, ANALYZE/OBJECT accepts either VAX- or Alpha-only qualifiers, but ignores any effect of these qualifiers. The ANALYZE/OBJECT command analyzes the object modules in order, record by record, from the first to the last record in the object module. Fields in each record are analyzed in order from the first to the last field in the record. After the object module is analyzed, you should compare the content and format of each type of record to the required content and format of that record as described by the OpenVMS I64, Alpha, or OpenVMS VAX Object Language. This comparison is particularly important if the analysis output contains a diagnostic message. ANALYZE/OBJECT displays the following information for object modules: o Module architecture and type o Module name o Module version o Module creation date and time o Language processor creator Linking an object module differs from analyzing an object module. The object's contents are not interpreted; rather, only the meta information is checked for consistancy. As a result, even if the analysis is error free, the linking operation may not be. In particular, the analysis does not check the following for VAX and Alpha objects: o That data arguments in TIR commands are in the correct format o That "Store Data" TIR commands are storing within legal address limits Therefore, as a final check, you should still link an object module whose analysis is error free. If an error is found, however, the first error of the worst severity that is discovered is returned. For example, if a warning (A) and two errors (B and C) are signaled, then the first error (B) is returned as the image exit status, which is placed in the DCL symbol $STATUS at image exit. ANALYZE/OBJECT uses positional qualifiers; that is, qualifiers whose function depends on their position in the command line. When a positional qualifier precedes all of the input files in a command line, it affects all input files. For example, the following command line requests that the analysis include the global symbol directory records in files A, B, and C: $ ANALYZE/OBJECT/GSD A,B,C Conversely, when a positional qualifier is associated with only one file in the parameter list, only that file is affected. For example, the following command line requests that the analysis include the global symbol directory records in file B only: $ ANALYZE/OBJECT A,B/GSD,C For VAX and Alpha objects, typically, all records in an object module are analyzed. However, when the /DBG, /EOM, /GSD, /LNK, /MHD, /TBT, or /TIR qualifier is specified, only the record types indicated by the qualifiers are analyzed. All other record types are ignored. By default, the analysis includes all record types unless you explicitly request a limited analysis using appropriate qualifiers. NOTE For VAX and Alpha End-of-Module (EOM) records and module header (MHD) records are always analyzed, no matter which qualifiers you specify. For I64 objects the Elf header, the section header table and the note section are always analyzed, no matter which qualifiers you specify. 3 Qualifiers /DISASSEMBLE /DISASSEMBLE (I64 only) Positional qualifier. Displays all sections of type SHT_PROGBITS where the executable flag is set (SHDR$M_SHF_EXECINSTR in the section header). The section data will be displayed as machine instructions with symbolization of labels, branch targets, and so on. All local and global symbols from the symbol table are used for symbolization. The output is similar to compiler generated machine code listings. NOTE This qualifier is accepted only for objects. I64 images contain only global symbols, if any at all. In addition, output produced with this qualifier differs from output produced by ANALYZE/OBJECT/SECTIONS=CODE, which provides machine code output for the same sections, although without symbolization. /DBG /DBG (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all debugger information records. If you want the analysis to include debugger information for all files in the parameter list, insert the /DBG qualifier immediately following the /OBJECT qualifier. If you want the analysis to include debugger information selectively, insert the /DBG qualifier immediately following each of the selected file specifications. /EOM /EOM (VAX and Alpha only) Positional qualifier. Specifies that the analysis should be limited to MHD records, EOM records, and records explicitly specified by the command. If you want this to apply to all files in the parameter list, insert the /EOM qualifier immediately following the /OBJECT qualifier. To make the /EOM qualifier applicable selectively, insert it immediately following each of the selected file specifications. NOTE End-of-module records can be EOM or EOMW records. Refer to the HP OpenVMS Linker Utility Manual for more information. /FLAGVALUES /FLAGVALUES (I64 only) Several fields in an ELF module represent bit flags. Where possible, these bit-flag values are examined and displayed individually. By default, only the flag values that are set to 1 (ON) are displayed. The keywords are as follows: Keyword Description ON The keyword ON displays all flags whose value is 1. OFF The keyword OFF displays all flags whose value is 0. ALL The keyword ALL displays all flag values. The keywords ON and OFF, in contrast, indicate the value of each specific flag bit. /GSD /GSD (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all global symbol directory (GSD) records. If you want the analysis to include GSD records for each file in the parameter list, specify the /GSD qualifier immediately following the /OBJECT qualifier. If you want the analysis to include GSD records selectively, insert the /GSD qualifier immediately following each of the selected file specifications. /INCLUDE /INCLUDE [=(module[,...])] When the specified file is an object module library, use this qualifier to list selected object modules within the library for analysis. If you omit the list or specify an asterisk (*), all modules are analyzed. If you specify only one module, you can omit the parentheses. /INTERACTIVE /INTERACTIVE /NOINTERACTIVE (default) Controls whether the analysis occurs interactively. In interactive mode, as each record is analyzed, the results are displayed on the screen, and you are asked whether you want to continue. /LNK /LNK (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all link option specification (LNK) records. If you want the analysis to include LNK records for each file in the parameter list, specify the /LNK qualifier immediately following the /OBJECT qualifier. If you want the analysis to include LNK records selectively, insert the /LNK qualifier immediately following each of the selected file specifications. /MHD /MHD (VAX and Alpha only) Positional qualifier. Specifies that the analysis should be limited to MHD records, EOM records, and records explicitly specified by the command. If you want this analysis to apply to all files in the parameter list, insert the /MHD qualifier immediately following the /OBJECT qualifier. To make the /MHD qualifier applicable selectively, insert immediately following each of the selected file specifications. /PAGE_BREAK /PAGE_BREAK=keyword (I64 only) Specifies if and where page breaks (form feeds) are inserted in the report file. This qualifier is only useful if /OUTPUT is used to write a report file. It is ignored if /INTERACTIVE is used to specify an interactive analysis. Keywords include NONE, which sets no page breaks; PRINTABLE_ REPORT, which creates page breaks as in listing files, and SEPARATE_INFORMATION, which sets page breaks between section information. /OUTPUT /OUTPUT [=filespec] Directs the output of the object analysis (the default is SYS$OUTPUT). If you specify a file type and omit the file name, the default file name ANALYZE is used. The default file type is .ANL. The asterisk (*) and the percent sign (%) wildcard characters are not allowed in the file specification. /SECTIONS /SECTIONS [=(keyword[,...])] (I64 only) Selects individual program sections or section types to display. NOTE This qualifier and its keywords can only be used to form an inclusion list of sections to be displayed. This qualifier is not negatable and cannot be used to form an exclusion list. If no values are specified, the default keyword is HEADERS. The keywords are as follows: Keyword Description ALL Displays a detailed analysis of every section in the module. Note that this keyword can generate a large amount of output. CODE Displays all sections of type SHT_PROGBITS where the executable flag is set (SHDR$M_ SHF_EXECINSTR in the section header). The section data will be displayed as machine instructions. DEBUG Analyzes and displays sections consisting [=(suffix[,...])] of debug formatted debug information. In addition, you can use a list of debug section name suffixes to selectively format DEBUG information. The suffix can be specified as follows: o ABBREV-Formats DEBUG abbreviations o ARANGES-Formats DEBUG address lookup tables o FRAME-Formats DEBUG frame descriptors for unwinding o INFO-Formats DEBUG symbols o LINE-Formats DEBUG source line info o PUBNAMES-Formats DEBUG name lookup tables o PUBTYPES-Formats DEBUG type lookup tables EXTENSIONS Analyzes and displays sections of type SHT_ IA64_EXT. The data is displayed in hexadecimal format. GROUP Analyzes and displays sections of type SHT_ GROUP. Sections of this type consist of a list of the section numbers of sections belonging to that group. HEADERS The default keyword. Displays the ELF header and the section header details. LINKAGES Analyzes and displays sections of type SHT_ VMS_LINKAGES.The data is displayed as a list of linkage descriptors. NOBITS Analyzes and displays sections of type SHT_ NOBITS. There is no module data associated with sections of this type. NOTE Analyzes and displays sections of type SHT_ NOTE. The data for this section is displayed as a list of formatted OpenVMS note entries. NULL Displays all sections of type PT_NULL. No a data will be displayed for segments of this type. NUMBERS= (number Displays individual sections, as follows: [,...]) o The selected sections will have a detailed display of their header and their contents. An informational message is displayed for section numbers that do not exist in the module. o One or more numeric values may be specified. o Section numbers may be specified in decimal, octal (using the %O prefix), or hexadecimal (using the %X prefix). PROGBITS Displays all sections of type SHT_PROGBITS, except unwind sections. Formatting for the sections of type SHT_ PROGBITS depends on the EXECINSTR flag (SHDR$M_SHF_EXECINSTR) in its section header. If this bit set, the section data will be displayed as machine instructions. Otherwise it will be displayed as hexadecimal data. Unwind sections will be displayed if /SECTIONS=UNWIND is specified. RELOCATIONS Analyzes and displays sections of type SHT_ RELA. The data for this section is displayed as table of relocation entries. STRTAB Analyzes and displays sections of type SHT_ STRTAB. The data for this section is displayed as a string table. SYMTAB Displays sections of type SHT_SYMTAB. The data for this section is displayed as a symbol table. TRACE Analyzes and displays sections consisting of [=(suffix[,...])] traceback information. In addition, you can use a list of trace section name suffixes to selectively format TRACE information. The trace section names, which appear as ".trace_suffix", can be viewed in the summary table. The suffix can be specified as shown below. In addition, because there is one common debug and traceback section, ".debug_line", the suffix "line" can be specified as shown below as well: o ABBREV-Formats TRACE abbreviations o ARANGES-Formats TRACE address lookup tables o INFO-Formats TRACE symbols o LINE-Formats TRACE source line info UNWIND Analyzes and displays sections of type SHT_ IA64_UNWIND. Each section of this type has an associated Unwind Information section of type SHT_PROGBITS. This associated section is also displayed. /SELECT /SELECT=(keyword[,...]) Allows for the collection of specific object file information and displays the selected keyword items in the order specified. NOTE The /SELECT qualifier can be used on object and image files. The same keywords are valid selections. However, some information can not be in an object, such as the link date and time. Therfore, for some keywords the Analyze utility returns "Unknown.". In the following table, only the keywords (which are useful for object files) and their return values are listed. Analyze creates DCL symbols for all selectable information with the /SELECT qualifier. The symbol names consist of the prefix ANALYZE$ and a descriptive name of the information they hold. The symbol value is the selected information, usually printed to SYS$OUTPUT. Effectively, all of the printed information is duplicated in the symbols. For unselected information, the corresponding symbols will contain the null string. The keywords are as follows: Keyword Description ARCHITECTURE Writes the architecture information into the DCL symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS IA64" if the file is an OpenVMS I64 object file. Returns "OpenVMS Alpha" if the file an OpenVMS Alpha object file. Returns "OpenVMS VAX" if the file is an OpenVMS VAX object file. FILE_TYPE Writes file type information into the DCL symbol ANALYZE$FILE_TYPE. Returns "Object" if the file is an OpenVMS I64, Alpha, or VAX object file. /TBT /TBT (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all module traceback (TBT) records. If you want the analysis to include TBT records for each file in the parameter list, specify the /TBT qualifier immediately following the /OBJECT qualifier. If you want the analysis to include TBT records selectively, insert the /TBT qualifier immediately following each of the selected file specifications. /TIR /TIR (VAX and Alpha only) Positional qualifier. Specifies that the analysis should include all text information and relocation (TIR) records. If you want the analysis to include TIR records for each file in the parameter list, specify the /TIR qualifier immediately following the /OBJECT qualifier. If you want the analysis to include TIR records selectively, insert the /TIR qualifier immediately following the selected file specifications. 3 Examples 1.$ ANALYZE/OBJECT/INTERACTIVE LINEDT In this example, the ANALYZE/OBJECT command produces a description and a partial error analysis of the object file LINEDT.OBJ. Output is to the terminal, because the /INTERACTIVE qualifier has been used. As each item is analyzed, the utility displays the results on the screen and asks if you want to continue. 2.$ ANALYZE/OBJECT/OUTPUT=LIOBJ/DBG LINEDT (VAX and Alpha only) In this example, the ANALYZE/OBJECT command analyzes only the debugger information records of the file LINEDT.OBJ. Output is to the file LIOBJ.ANL. 3.$ ANALYZE/OBJECT/SELECT=(ARCH,FILE) *.OBJ DISK:[DIRECTORY]ALPHA.OBJ;1 OpenVMS ALPHA Object DISK:[DIRECTORY]VAX.OBJ;1 OpenVMS VAX Object This example displays the information requested about the object files ALPHA.OBJ and VAX.OBJ. 2 /PROCESS_DUMP Invokes the OpenVMS Debugger to analyze a process dump file that was created when an image failed during execution. (Use the /DUMP qualifier with the RUN or the SET PROCESS command to generate a dump file.) Note that on Alpha systems, you can also force a process to dump by using the DUMP/PROCESS command. The ANALYZE/PROCESS_DUMP command can display a process dump file for either an Alpha or a VAX image. For a complete description of the debugger, including information about the DEBUG command, refer to the OpenVMS Debugger Manual. Requires read (R) access to the dump file. Format ANALYZE/PROCESS_DUMP dump-file dump-file Specifies the dump file to be analyzed with the debugger. 3 Qualifiers /FULL On VAX and Alpha systems, displays all known information about the failing process. /IMAGE /IMAGE=image-name /NOIMAGE On VAX systems, specifies the image to be activated to set up the process context for the analysis. If you use the /NOIMAGE qualifier, the DELTA debugger will be used for the analysis. By default, symbols are taken from the image with the same name as the image that was running at the time of the dump. /IMAGE_PATH /IMAGE_PATH[=directory-spec] dump-file /NOIMAGE_PATH On Alpha systems, specifies the search path the debugger is to use to find the debugger symbol table (DST) file. As in prior debuggers, the debugger builds an image list from the saved process image list. When you set an image (the main image is automatically set), the debugger attempts to open that image in order to find the DST file. If you include the /IMAGE_PATH=directory-spec qualifier, the debugger searches for the DST file in the specified directory. The debugger first tries to translate directory-spec as the logical name of a directory search list. If that fails, the debugger interprets directory-spec as a directory specification, and searches that directory for matching .DSF or .EXE files. A .DSF file takes precedence over an .EXE file. The name of the .DSF or .EXE file must match the image. If you do not include the /IMAGE_PATH=directory-spec qualifier, the debugger looks for the DST file first in the directory that contains the dump file. If that fails, the debugger searches directory SYS$SHARE and then directory SYS$MESSAGE. If the debugger fails to find a DST file for an image, the symbolic information available to the debugger is limited to global and universal symbol names. Version 7.3 and later debuggers check for dumpfile image specification and DST file link date-time mismatches and issue a warning if one is discovered. The dump-file parameter is the name of the process dump file to be analyzed. Note that the process dump file file type must be .DMP and the DST file type must be either .DSF or .EXE. Restrictions You cannot use a logical to redirect the search for an image and use the /IMAGE_PATH qualifier at the same time. If you use the /IMAGE_PATH qualifier, then all images that are not in their original locations must be found through that path. Individual image logicals (for example, the "SH" in "DEFINE SH SYS$LOGIN:SH.EXE") are not processed. Additionally, you cannot input a directory search path directly to the /IMAGE_PATH qualifier, as it does not process a directory list separated by commas; however, you can specify a logical that translates into a directory search path. /INTERACTIVE /INTERACTIVE /NOINTERACTIVE (default) On VAX systems, causes the display of information to pause when your terminal screen is filled. Press Return to display additional information. By default, the display is continuous. /MISCELLANEOUS On VAX systems, displays process information and registers at the time of the dump. Refer to the $GETJPI system service for further explanation of the process information displayed. /RELOCATION On VAX systems, displays the addresses to which data structures saved in the dump are mapped in P0 space. (Examples of such data structures are the stacks.) The data structures in the dump must be mapped into P0 space so that the debugger can use those data structures in P1 space. 3 Examples 1.$ ANALYZE/PROCESS/FULL ZIPLIST R0 = 00018292 R1 = 8013DE20 R2 = 7FFE6A40 R3 = 7FFE6A98 R4 = 8013DE20 R5 = 00000000 R6 = 7FFE7B9A R7 = 0000F000 R8 = 00000000 R9 = 00000000 R10 = 00000000 R11 = 00000000 SP = 7FFAEF44 AP = 7FFAEF48 FP = 7FFAEF84 FREE_P0_VA 00001600 FREE_P1_VA 7FFAC600 Active ASTs 00 Enabled ASTs 0F Current Privileges FFFFFF80 1010C100 Event Flags 00000000 E0000000 Buffered I/O count/limit 6/6 Direct I/O count/limit 6/6 File count/limit 27/30 Process count/limit 0/0 Timer queue count/limit 10/10 AST count/limit 6/6 Enqueue count/limit 30/30 Buffered I/O total 7 Direct I/O total 18 Link Date 27-DEC-2000 15:02:00.48 Patch Date 17-NOV-2000 00:01:53 ECO Level 0030008C 00540040 00000000 34303230 Kernel stack 00000000 pages at 00000000 moved to 00000000 Exec stack 00000000 pages at 00000000 moved to 00000000 Vector page 00000001 page at 7FFEFE00 moved to 00001600 PIO (RMS) area 00000005 pages at 7FFE1200 moved to 00001800 Image activator context 00000001 page at 7FFE3400 moved to 00002200 User writable context 0000000A pages at 7FFE1C00 moved to 00002400 Creating a subprocess VAX DEBUG Version 5.4 DBG> This example shows the output of the ANALYZE/PROCESS command when used with the /FULL qualifier on a VAX system. The file specified, ZIPLIST, contains the dump of a process that encountered a fatal error. The DBG> prompt indicates that the debugger is ready to accept commands. 2 /RMS_FILE Invokes the Analyze/RMS_File utility to inspect and analyze the internal structure of an RMS file. The /RMS_FILE qualifier is required. For a complete description of the Analyze/RMS_File utility, including more information about the ANALYZE/RMS_FILE command and its qualifiers, see the OpenVMS Record Management Utilities Reference Manual. ANALYZE/RMS_FILE filespec[,...] 3 Parameter filespec[,...] Specifies the data file to be analyzed. The default file type is .DAT. You can use multiple file specifications and wildcard characters with the /CHECK qualifier, the /RU_JOURNAL qualifier, the /STATISTICS qualifier, and the /SUMMARY qualifier, but not with the /FDL qualifier or the /INTERACTIVE qualifier. 3 Qualifiers /CHECK Checks the integrity of the file and generates a report of any errors in its structure. The report produced by the /CHECK qualifier includes a list of any errors and a summary of the file's structure. If you do not specify an output file, the report is written to the current SYS$OUTPUT device, which is generally your terminal. You can use wildcards and multiple file specifications. If you specify /NOOUTPUT, you only get a message indicating whether the file has errors. The check function is active by default when you use the ANALYZE /RMS_FILE command without any qualifiers. The /CHECK qualifier is not compatible with the /FDL qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier, or the /SUMMARY qualifier. If /CHECK is used with any of the other qualifiers, /FDL takes precedence, next is /INTERACTIVE, then /STATISTICS, and lastly /SUMMARY. /FDL Generates an FDL file describing the RMS data file being analyzed. By default, the /FDL qualifier creates a file with the file type .FDL and the same file name as the input data file. To assign a different type or name to the FDL file, use the /OUTPUT qualifier. If the data file is corrupted, the FDL file contains the Analyze/RMS_File utility error messages. For indexed files, the FDL file contains special analysis sections you can use with the EDIT/FDL Optimize script to make better design decisions when you reorganize the file. You cannot use wildcards or multiple file specifications with the /FDL qualifier. The /FDL qualifier is not compatible with the /CHECK qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier, the /SUMMARY qualifier, or the /UPDATE_HEADER qualifier. The /FDL qualifier takes precedence over all other qualifiers. /INTERACTIVE Begins an interactive examination of the file's structure. You cannot use wildcards or multiple file specifications. For help with the interactive commands, enter the HELP command at the ANALYZE> prompt. Do not use this qualifier with the /CHECK, /FDL, /STATISTICS, /SUMMARY, or /UPDATE_HEADER qualifiers. If used with the /FDL qualifier, the /FDL takes precedence. All other qualifiers are ignored when used with /INTERACTIVE. /OUTPUT /OUTPUT=filesspec /NOOUTPUT Identifies the destination file for the results of the analysis. The /NOOUTPUT qualifier specifies that no output file is to be created. In all cases, the Analyze/RMS_File utility displays a message indicating whether the data file has errors. /CHECK Places the integrity report in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output- filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /FDL Places the resulting FDL specification in the output file. The default file type is .FDL, and the default file name is that of the input file. /INTERACTIVE Places a transcript of the interactive session in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output-filespec parameter, no transcript of your interactive session is produced. /RU_JOURNAL Places the recovery-unit journal information in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output-filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /STATISTICS Places the statistics report in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output- filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /SUMMARY Places the summary report in the output file. The default file type is .ANL, and the default file name is ANALYZE. If you omit the output- filespec parameter, output is written to the current SYS$OUTPUT device, which is generally your terminal. /RU_JOURNAL Provides information about recovery-unit journaling where applicable. You can use the /RU_JOURNAL qualifier on any file, but it is inoperative on files not marked for recovery-unit journaling. This qualifier provides the only way of accessing a file that would otherwise be inaccessible because of unresolved recovery units. This situation might be the result of an unavailable recovery-unit journal file or of unavailable data files that were included in the recovery unit. To use the /RU_JOURNAL qualifier, your process must have both CMEXEC privilege and access to the [SYSJNL] directory (either SYSPRV privilege or access for UIC [1,4]). This qualifier is compatible with all of the ANALYZE/RMS_FILE qualifiers, and you can use it with wildcards and multiple file specifications. When you specify the /RU_JOURNAL qualifier, the Analyze/RMS_File utility provides you with the following data for each active recovery unit: o The journal file specification and the journal creation date o The recovery-unit identification, recovery-unit start time, cluster system identification number (CSID), and process identification (PID) o Information about the files involved in the recovery unit, including the file specification, the name of the volume where the file resides, the file identification, the date and time the file was created, and the current status of the file o The state of the recovery unit - active, none, started, committed, or not available (for more information, see the RMS Journaling for OpenVMS Manual) o An error statement /STATISTICS Specifies that a report is to be produced containing statistics about the file. The /STATISTICS qualifier is used mainly on indexed files. By default, if you do not specify an output file with the /OUTPUT qualifier, the statistics report is written to the current SYS$OUTPUT device, which is generally your terminal. The /STATISTICS qualifier is not compatible with the /CHECK qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier. If /STATISTICS is used with any other qualifiers, /FDL takes precedence, and then /INTERACTIVE. All other qualifiers are ignored. The /STATISTICS qualifier does an implicit check. /SUMMARY Specifies that a summary report is to be produced containing information about the file's structure and use. The /SUMMARY qualifier generates a summary report containing information about the file's structure and use. If the file has no errors, the output generated from the /SUMMARY qualifier is identical to that produced by the /CHECK qualifier. Unlike the /CHECK qualifier, however, the /SUMMARY qualifier does not check the structure of your file, so output is generated more quickly. Do not use this qualifier with the /CHECK qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier, or the /UPDATE_HEADER qualifier. If /SUMMARY is used with any other qualifiers, /FDL takes precedence, next is /INTERACTIVE, and then /STATISTICS. /UPDATE_HEADER Attempts to update the following attributes in the header of the file: longest record length (LRL) and/or file length hint attribute. You must use this qualifier in combination with either /STATISTICS or /CHECK (the default). This qualifier only applies to sequential file organizations and is ignored for any other file organization. The /UPDATE_HEADER qualifier attempts to update the LRL and/or file hint attribute in the file header if the calculated value(s) differ from the current value(s) in the file header. The /UPDATE_HEADER qualifier applies to: o An LRL request - if the file is sequential and has a record format other than undefined (UDF). o A HINT request - if the file is sequential, the record format is either variable (VAR) or variable with fixed control (VFC), and the file is located on an ODS-5 disk device. It is not supported for remote accesses; requests are ignored. The /UPDATE_HEADER qualifier requires either the STATISTICS or CHECK (default) functions since calculating new values for the LRL and/or file length hint presumes that all the records in the sequential file are processed. It is not compatible with the /FDL qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier. Any errors returned by the file system when an attempt to update the file header fails are ignored. If the update succeeds, the updated values are displayed at the end of the report. 3 EXAMPLES 1.$ ANALYZE/RMS_FILE/CHECK CUSTFILE This command checks the file CUSTFILE.DAT for errors and displays the report on the terminal. 2.$ ANALYZE/RMS_FILE/FDL ADDRFILE This command generates an FDL file named ADDRFILE.FDL from the data file ADDRFILE.DAT. 3.$ ANALYZE/RMS_FILE DENVER::DB1:[PROD]RUN.DAT This command analyzes the structure of the file RUN.DAT residing at remote node DENVER. 4.$ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A FILE HEADER File Spec: DISK$REGRES:[REGRES]A.A;3 ... RMS FILE ATTRIBUTES File Organization: sequential Record Format: variable Record Attributes: carriage-return Maximum Record Size: 0 Longest Record: 52 Blocks Allocated: 4, Default Extend Size: 0 End-of-File VBN: 1, Offset: %X'008E' File Monitoring: disabled File Length Hint (Record Count): 6 (invalid) File Length Hint (Data Byte Count): 42 (invalid) Global Buffer Count: 0 The analysis uncovered NO errors. UPDATED File Length Hint (Record Count) to: 10 UPDATED File Length Hint (Data Byte Count) to: 118 ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A 2 /SSLOG Valid for Alpha and I64 systems only. Displays the collected data. Format: ANALYZE/SSLOG [/BRIEF | /FULL | /NORMAL | /STATISTICS] [/OUTPUT=filename] [/SELECT=(option[,...])] [/WIDE] [filespec] filespec Optional name of the log file to be analyzed. The default filename is SSLOG.DAT. 3 Qualifiers /BRIEF Displays abbreviated logged information. /FULL Displays logged information, error status messages and sequence numbers. /NORMAL /NORMAL (Default) Displays basic logged information. /STATISTICS /STATISTICS[=BY_STATUS] Displays statistics on system services usage; accepts BY_ STATUS keyword. Outputs a summary of the services logged with a breakdown by access mode. Output is ordered with the most frequently requested services first. If BY_STATUS is included, the summary is further separated by completion status. Output is displayed up to 132 columns wide. /OUTPUT /OUTPUT=filename Identifies the output file for storing the results of the log analysis. An asterisk (*) and percent sign (%) are not allowed as wildcards in the file specification. There is no default file type or filename. If you omit the qualifier, results are output to the current SYS$OUTPUT device. /SELECT /SELECT=([option[,...]]) Selects entries based on your choice of options. You must specify at least one of the following: Keyword Meaning ACCESS_MODE=mode Selects data by access mode. IMAGE=image-name Selects data by image name. STATUS[=n] Selects data by status. n is optional. /SELECT=STATUS displays all entries that have an error status. SYSSER=service-name Selects data by service name. /WIDE Provides for a display of logged information up to 132 columns wide. 3 Description The ANALYZE/SSLOG command displays the collected logged data. Note that a system service log must be analyzed on the same platform type as the one on which it was created; for example, a log created on an OpenVMS Alpha system must be analyzed on an OpenVMS Alpha system. For examples with explanations, see the System Service Logging chapter of the HP OpenVMS System Analysis Tools Manual. 2 /SYSTEM Invokes the System Dump Analyzer utility, which analyzes a running system. The /SYSTEM qualifier is required. Requires CMKRNL (change-mode-to-kernel) privilege. Also requires PFNMAP (map-by-PFN) privilege to access memory by physical address. For more information about the System Dump Analyzer utility on Alpha and Integrity server systems, see the HP OpenVMS System Analysis Tools Manual or online help. Format: ANALYZE/SYSTEM 3 /SYMBOL Specifies an alternate system symbol table for SDA to use. Format: ANALYZE/SYSTEM/SYMBOL=system-symbol-table system-symbol-table The file specification of the SDA system symbol table required by SDA to analyze a running system. The specified system-symbol-table must contain those symbols required by SDA to find certain locations in the executive image. On Alpha and I64 systems, if you do not specify the /SYMBOL qualifier, SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the SDA symbol table. On VAX systems, if you do not specify the /SYMBOL qualifier, SDA uses SYS$SYSTEM:SYS.STB by default. When you specify the /SYMBOL qualifier, SDA assumes the default disk and directory to be SYS$DISK and [default-dir]; that is, the disk and directory specified in your last SET DEFAULT command. If no device and directory are given in the file name and the file is not found in the current default directory, SDA attempts to open the file SDA$READ_DIR:filename.type. If no type has been given in the file name, SDA assumes .EXE. If you specify a file for this parameter that is not a system symbol table, SDA halts with a fatal error. 3 Examples 1. $ ANALYZE/SYSTEM OpenVMS (TM) system analyzer SDA> This command invokes SDA to analyze the running system. 2. On Alpha and I64 systems: $ ANALYZE/SYSTEM/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM This command invokes SDA to analyze the running system, using the base image in SDA$READ_DIR. 3. On VAX systems: $ ANALYZE/SYSTEM/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM This command invokes SDA to analyze the running system, using the system symbol table at SYS$CRASH:SYS.STB.