1  ANALYZE
   The ANALYZE commands invoke utilities to examine various
   components of an OpenVMS system. They perform the following
   functions:

   o  Invoke the Audit Analysis Utility to extract selective
      information from the system security audit journal (see /AUDIT).

   o  Invoke the System Dump Analyzer (SDA) to examine the specified
      dump file (see /CRASH_DUMP).

   o  Invoke the Analyze/Disk_Structure Utility to examine disk
      volumes (see /DISK_STRUCTURE).

   o  Invoke the Error Log Viewer (ELV) to selectively report the
      contents of an error log file (see /ERROR_LOG/ELV). (Alpha/I64 only)

   o  Describe the contents of an image file or shareable image file
      (see /IMAGE).

   o  Invoke the Bad Block Locator (BAD) Utility to find disk blocks 
      that cannot be used to store data (see /MEDIA).

   o  Describe the contents of an object file (see /OBJECT).

   o  Invoke the OpenVMS Debugger for analysis of a process dump file
      (see /PROCESS_DUMP).

   o  Analyze the internal structure of an RMS file (see /RMS_FILE).

   o  Display the data collected by the System Service Logging 
      utility (see /SSLOG). (Alpha/I64 only)

   o  Invoke the System Dump Analyzer (SDA) to examine the running system 
      (see /SYSTEM).

   The default analyze function is to examine object modules
   (ANALYZE/OBJECT).


2  /AUDIT
 

3  Overview
   The Audit Analysis utility (ANALYZE/AUDIT) processes event
   messages in security audit log files to produce reports of
   security-related events on the system.

   Format

     ANALYZE/AUDIT  [file-spec[,...]]
 

   file-spec[,...]

   Specifies one or more security audit log files as input to
   ANALYZE/AUDIT. If you specify more than one file name, separate
   the names with commas.

   If you omit the file-spec parameter, the utility searches for the
   default audit log file SECURITY.AUDIT$JOURNAL.

   The default audit log file is created in the SYS$COMMON:[SYSMGR]
   directory. To use the file, specify SYS$MANAGER on the
   ANALYZE/AUDIT command line. If you do not specify a directory,
   the utility searches for the file in the current directory.

   You can include wildcard characters, such as the asterisk (*)  or
   percent sign (%),  in the file specification.

   The audit log file can be located in any directory. To display
   the current location, use the DCL command SHOW AUDIT/ALL.
 

3  Qualifiers

   Qualifier      Description

   /BEFORE        Controls whether records dated earlier than the
                  specified time are selected
   /BINARY        Controls whether output is a binary file
   /BRIEF         Controls whether a brief, single-line record
                  format is used in ASCII displays
   /EVENT_TYPE    Selects the classes of events to be extracted from
                  the security log file
   /FULL          Controls whether a full format is used in ASCII
                  displays
   /IGNORE        Excludes records from the report that match the
                  specified criteria
   /INTERACTIVE   Controls whether interactive command mode is
                  enabled when ANALYZE/AUDIT is invoked
   /OUTPUT        Specifies where to direct output from
                  ANALYZE/AUDIT
   /PAUSE         Specifies the length of time each record is
                  displayed in a full format display
   /SELECT        Specifies the criteria for selecting records
   /SINCE         Indicates that the utility must operate on
                  records dated with the specified time or after
                  the specified time
   /SUMMARY       Specifies that a summary of the selected records
                  be produced after all records are processed
 

3  /BEFORE
   Controls whether records dated earlier than the specified time
   are selected.

   Format

     /BEFORE[=time]

     /NOBEFORE
 
   time

   Specifies the time used to select records. Records dated earlier
   than the specified time are selected. You can specify an absolute
   time, delta time, or a combination of the two. Observe the syntax
   rules for date and time described in the OpenVMS User's Manual.
 

4  Examples

   1.$ ANALYZE/AUDIT /BEFORE=25-NOV-2005 -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects all records dated earlier
     than November 25, 2005.

   2.$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects all records generated
     between noon and 2 P.M. today.
 

3  /BINARY
   Controls whether output is a binary file.

   Format

     /BINARY

     /NOBINARY
 

4  Example

 $ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT05.AUDIT -
 _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects all audit records generated
     today and writes the records in binary format to 25OCT05.AUDIT.
 

3  /BRIEF
   Controls whether a brief, single-line record format is used in
   ASCII displays.

   Format

     /BRIEF  (default)
 

4  Example

 $ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS -
 _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example produces an ASCII file in brief
     format by default. The report is written to the AUDIT.LIS file.
 

3  /EVENT_TYPE
   Selects the classes of events to be extracted from the security
   log file. If you omit the qualifier or specify the ALL keyword,
   the utility includes all enabled event classes in the report.

   Format

     /EVENT_TYPE=(event-type[,...])
  
   event type[,...]

   Specifies the classes of events used to select records. You can
   specify any of the following event types:

   [NO]ACCESS         Access to an object, such as a file
   [NO]ALL            All event types
   [NO]AUDIT          Use of the SET AUDIT command
   [NO]AUTHORIZATION  Change to the authorization database
                      (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT,
                      or NET$PROXY.DAT)
   [NO]BREAKIN        Break-in detection
   [NO]CONNECTION     Establishment of a network connection through
                      the System Management utility (SYSMAN),
                      DECwindows, or interprocess communication
                      (IPC) software
   [NO]CREATE         Creation of an object
   [NO]DEACCESS       Completion of access to an object
   [NO]DELETE         Deletion of an object
   [NO]INSTALL        Modification of the known file list with the
                      Install utility (INSTALL)
   [NO]LOGFAIL        Unsuccessful login attempt
   [NO]LOGIN          Successful login
   [NO]LOGOUT         Successful logout
   [NO]MOUNT          Execution of DCL commands MOUNT or DISMOUNT
   [NO]NCP            Modification of the DECnet network
                      configuration databases
   [NO]NETPROXY       Modification of the network proxy
                      authorization file (NETPROXY.DAT or
                      NET$PROXY.DAT)
   [NO]PRIVILEGE      Privilege auditing
   [NO]PROCESS        Use of one or more of the process control
                      system services: $CREPRC, $DELPRC, $SCHDWK,
                      $CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID,
                      $REVOKID, $GETJPI, $FORCEX, $SETPRI
   [NO]RIGHTSDB       Modification of the rights database
                      (RIGHTSLIST.DAT)
   [NO]SYSGEN         Modification of system parameters through the
                      System Generation utility (SYSGEN) or AUTOGEN
   [NO]SYSUAF         Modification of the system user authorization
                      file (SYSUAF.DAT)
   [NO]TIME           Change in system or cluster time

   Specifying the negated form of an event class (for example,
   NOLOGFAIL) excludes the specified event class from the audit
   report.
 

4  Examples

   1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example extracts all records of
     unsuccessful login attempts, which match the LOGFAIL class,
     and compiles a brief report.

   2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example builds a report in brief format of
     all audit records except those in the LOGIN and LOGOUT event
     classes.
 

3  /FULL
   Controls whether a full format is used in ASCII displays. If you
   specify /NOFULL or omit the qualifier, records are displayed in
   the brief format.

   Format

     /FULL

     /NOFULL  (default)
 

4  Example

 $ ANALYZE/AUDIT /FULL -
 _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example displays the full contents of each
     selected record.
 

3  /IGNORE
   Excludes records from the report that match the specified
   criteria.

   Format

     /IGNORE=criteria[,...]
 
   criteria[,...]

   Specifies that all records are selected except those matching any
   of the specified exclusion criteria. See the /SELECT qualifier
   description for a list of the possible criteria to use with the
   /IGNORE qualifier.
 

3  /INTERACTIVE
   Controls whether interactive command mode is enabled when
   ANALYZE/AUDIT is invoked.

   Format

     /INTERACTIVE  (default)

     /NOINTERACTIVE
 

4  Examples

   1.$ ANALYZE/AUDIT/FULL -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example produces a full format display
     of the selected records. New records are displayed every 3
     seconds. (See the /PAUSE qualifier description to find how to
     modify the duration of each record display.) Press Ctrl/C to
     interrupt the display and to enter interactive commands.

   2.$ ANALYZE/AUDIT/FULL/NOINTERACTIVE -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example invokes the utility in
     noninteractive mode. It displays the first record selected and
     prompts you to press the Return key to display each additional
     selected record. Control returns to the DCL command level when
     all selected records have been displayed.
 

3  /OUTPUT
   Specifies where to direct output from ANALYZE/AUDIT. If you omit
   the qualifier, the report is sent to SYS$OUTPUT.

   Format

     /OUTPUT[=file-spec]

     /NOOUTPUT
 
   file-spec[,...]

   Specifies the name of the file that is to contain the selected
   records. If you omit the device and directory specification, the
   utility uses the current device and directory specification. If
   you omit the file name and type, the default file name AUDIT.LIS
   is used. If the output is binary (/BINARY) and you omit the
   /OUTPUT qualifier, the binary information is written to the file
   AUDIT.AUDIT$JOURNAL.
 

4  Example

 $ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT -
 _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects audit records from the
     system audit log file and writes them to the binary file
     BIN122588.DAT.
 

3  /PAUSE
   Specifies the length of time each record is displayed in a full-
   format display.

   Format

     /PAUSE=seconds
 
   seconds

   Specifies the duration (in seconds) of the full-screen display.
   A value of 0 specifies that the system should not pause before
   displaying the next record. By default, the utility displays a
   record for 3 seconds.
 

4  Example

 $ ANALYZE/AUDIT /FULL/PAUSE=1 -
 _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example displays a selected record in full
     format every second. You can interrupt the display and enter
     interactive commands at any time by pressing Ctrl/C.
 

3  /SELECT
   Specifies the criteria for selecting records from the audit log
   file. For a description of how to generate audit records, see the
   HP OpenVMS Guide to System Security.

   Format

     /SELECT=criteria[,...]

     /NOSELECT 

   criteria[,...]

   Specifies the criteria for selecting records. For each specified
   criterion, ANALYZE/AUDIT has two selection requirements:

   o  The packet corresponding to the criterion must be present in
      the record.

   o  One of the specified values must match the value in that
      packet.

   For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as
   the criteria, ANALYZE/AUDIT selects an event record containing
   the SYSTEM=DBASE packet and a USER packet with either the PUTNAM
   value or the WU value.

   If you omit the /SELECT qualifier, all event records selected
   through the /EVENT_TYPE qualifier are extracted from the audit
   log file and included in the report.

   You can specify any of the following criteria:
 

4  ACCESS
   ACCESS=(type,...)

   Specifies the type of object access upon which the selection
   is based. Access is object-specific and includes the following
   types:

   Associate  Execute   Read
   Control    Lock      Submit
   Create     Logical   Use
   Delete     Manage    Write
              Physical

   The HP OpenVMS Guide to System Security describes each of these
   types.
 

4  ACCOUNT
   ACCOUNT=(name,...)

   Specifies the account name upon which selection is based. You can
   use wildcards, such as an asterisk (*) or percent sign (%), to
   represent all or part of the name.
 

4  ACCOUNT
   ACCOUNT=(name,...)

   Specifies the alarm journal name on which selection is based. You
   can use wildcards to represent all or part of the alarm name.
 

4  ASSOCIATION_NAME
   ASSOCIATION_NAME=(IPC-name,...)

   Specifies the name of the interprocess communication (IPC)
   association.
 

4  AUDIT_NAME
   AUDIT_NAME=(journal-name,...)

   Specifies the audit journal name on which selection is based. You
   can use wildcards to represent all or part of the audit journal
   name.
 

4  COMMAND_LINE
   COMMAND_LINE=(command,...)

   Specifies the command line that the user entered.
 

4  CONNECTION_IDENTIFICATION
   CONNECTION_IDENTIFICATION=(IPC-name,...)

   Specifies the name for the interprocess communication (IPC)
   connection.
 

4  DECNET_LINK_IDENTIFICATION
   DECNET_LINK_IDENTIFICATION=(value,...)

   Specifies the number of the DECnet logical link.
 

4  DECNET_OBJECT_NAME
   DECNET_OBJECT_NAME=(object-name,...)

   Specifies the name of the DECnet object.
 

4  DECNET_OBJECT_NUMBER
   DECNET_OBJECT_NUMBER=(value,...)

   Specifies the number of the DECnet object.
 

4  DEFAULT_USERNAME
   DEFAULT_USERNAME=(username,...)

   Specifies the default local user name for incoming network proxy
   requests.
 

4  DEVICE_NAME 
   DEVICE_NAME=(device-name,...)

   Specifies the name of a device in audit records that have a
   DEVICE_NAME packet. Note that this does not select the device
   name when it occurs in other packet types, such as in a file name
   or in the TARGET_DEVICE_NAME packet.
 

4  DIRECTORY_ENTRY
   DIRECTORY_ENTRY=(directory,...)

   Specifies the directory entry associated with file system
   operation.
 

4  DIRECTORY_NAME
   DIRECTORY_NAME=(directory,...)

   Specifies the name of the directory file.
 

4  DISMOUNT_FLAGS
   DISMOUNT_FLAGS=(flag-name,...)

   Identifies the names of the volume dismounting flags to be used
   in selecting records. Specify one or more of the following flag
   names: Abort, Cluster, Nounload, and Unit.
 

4  EVENT_CLUSTER_NAME
   EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)

   Specifies the name of the event flag cluster.
 

4  FACILITY
   FACILITY=(facility-name,...)

   Specifies that only events audited by the named facility be
   selected. Provide a name or a number but, in either case, the
   facility has to be defined through the logical AUDSERV$FACILITY_
   NAME as a decimal number; the system uses the number 0.
 

4  FIELD_NAME
   FIELD_NAME=(field-name,...)

   Specifies the name of the field that was modified. ANALYZE/AUDIT
   uses the FIELD_NAME criterion with packets containing the
   original data and the new data (specified by the NEW_DATA
   criterion).

   A FIELD_NAME is a character string that describes the content
   of the field. A search for "NEW:" in a full audit report will
   display records that contain the FIELD_NAME values that can be
   specified for this option. Examples of FIELD_NAME values are
   Account, Default Directory, Flags, and Password Date.

   For sensitive information, see SENSITIVE_FIELD_NAME.
 

4  FILE_NAME
   FILE_NAME=(file-name)

   Specifies the name of the file that caused the audit.
   Describes audit records for the specified file by using a
   slightly different display format than is provided by the
   /OBJECT=NAME=object-name keyword.
 

4  FILE_IDENTIFICATION
   FILE_IDENTIFICATION=(identification-value)

   Specifies the value of the file's identification. To calculate
   the value, start with the value listed for File ID when you use
   the FILE_NAME keyword. For example, the display lists the File ID
   as:

   File ID:   (3024,5,0)

   Use the following formula to calculate the value:

   (((0 * 65536) + 5)* 65536) + 3024 = 330704
 

4  FLAGS
   FLAGS=(flag-name,...)

   Identifies the names of the audit event flags associated with the
   audited event. These names should be used in selecting records.
   Specify one or more of the following flags: ACL, Alarm, Audit,
   Flush, Foreign, Internal, and Mandatory.
 

4  HOLDER
   HOLDER=keyword(,...)

   Specifies the characteristics of the identifier holder to be used
   when selecting event records. Choose from the following keywords:

   NAME=username          Specifies the name of the holder. You can
                          represent all or part of the name with a
                          wildcard.
   OWNER=uic              Specifies the user identification code
                          (UIC) of the holder.
 

4  IDENTIFIER
   IDENTIFIER=keyword(,...)

   Identifies which attributes of an identifier should be used when
   selecting event records. Choose from the following keywords:

   ATTRIBUTES=name        Specifies the name of the particular
                          attribute. Valid attribute names are as
                          follows: Dynamic, Holder_Hidden, Name_
                          Hidden, NoAccess, Resource, and Subsystem.

   NAME=identifier        Specifies the original name of the
                          identifier. You can represent all or part
                          of the name with a wildcard.

   NEW_NAME=identifier    Specifies the new name of the identifier.
                          You can represent all or part of the name
                          with a wildcard.

   NEW_ATTRIBUTES=name    Specifies the name of the new attribute.
                          Valid attribute names are Dynamic, Holder_
                          Hidden, Name_Hidden, NoAccess, Resource,
                          and Subsystem.

   VALUE=value            Specifies the original value of the
                          identifier.

   NEW_VALUE=value        Specifies the new value of the identifier.
 

4  IDENTIFIERS_MISSING
   IDENTIFIERS_MISSING=(identifier,...)

   Specifies the identifiers missing in a failure to access an
   object.
 

4  IDENTIFIERS_USED
   IDENTIFIERS_USED=(identifier,...)

   Specifies the identifiers used to gain access to an object. An
   event record matches if the specified list is a subset of the
   identifiers recorded in the event record.
 

4  IMAGE_NAME
   IMAGE_NAME=(image-name,...)

   Identifies the name of the image to be used when selecting event
   records. You can represent all or part of the image name with a
   wildcard.
 

4  INSTALL
   INSTALL=keyword(,...)

   Specifies that installation event packets are to be considered
   when selecting event records. Choose from the following keywords:

   FILE=filename          Specifies the name of the installed file.
                          You can represent all or part of the name
                          with a wildcard.

                          Note that on Alpha systems prior to
                          Version 6.1, audit log files record the
                          installed file name within an object
                          name packet. To select the installed
                          file, you must use the expression
                          OBJECT=(NAME=object-name) instead of
                          FILE=filename.

   FLAGS=flag-name        Specifies the names of the flags, which
                          correspond to qualifiers of the Install
                          utility (INSTALL); for example, OPEN
                          corresponds to /OPEN.

   PRIVILEGES=privilege-  Specifies the names of the privileges with
   name                   which the file was installed.
 

4  LNM_PARENT_NAME
   LNM_PARENT_NAME=(table-name,...)

   Specifies the name of the parent logical name table.
 

4  LNM_TABLE_NAME
   LNM_TABLE_NAME=(table-name,...)

   Specifies the name of the logical name table.
 

4  LOCAL
   LOCAL=(characteristic,...)

   Specifies the characteristics of the local (proxy) account to be
   used when selecting event records. The following characteristic
   is supported:

   USERNAME=username      Specifies the name of the local account.
                          You can represent all or part of the name
                          with a wildcard.
 

4  LOGICAL_NAME
   LOGICAL_NAME=(logical-name,...)

   Specifies the logical name of the mounted (or dismounted) volume
   upon which selection is based. You can represent all or part of
   the logical name with a wildcard.
 

4  MAILBOX_UNIT
   MAILBOX_UNIT=(number,...)

   Specifies the number of the mailbox unit.
 

4  MOUNT_FLAGS
   MOUNT_FLAGS=(flag-name,...)

   Specifies the names of the volume mounting flags upon which
   selection is based. Possible flag names include the following
   names:

      CACHE=(NONE,WRITETHROUGH)
      CDROM
      CLUSTER
      COMPACTION
      DATACHECK=(READ,WRITE)
      DSI
      FOREIGN
      GROUP
      INCLUDE
      INITIALIZATION=(ALLOCATE,CONTINUATION)
      MESSAGE
      NOASSIST
      NOAUTOMATIC
      NOCOMPACTION
      NOCOPY
      NOHDR3
      NOJOURNAL
      NOLABEL
      NOMOUNT_VERIFICATION
      NOQUOTA
      NOREBUILD
      NOUNLOAD
      NOWRITE
                               { ACCESSIBILITY    }
                               { EXPIRATION       }
                               { IDENTIFICATION   }
                               {                  }
                               { LIMITED_SEARCH   }
      OVERRIDE=(options[,...]) { LOCK             }
                               { NO_FORCED_ERROR  }
                               {                  }
                               { OWNER_IDENTIFIER }
                               { SECURITY         }
                               { SETID            }
                               {                  }
      POOL
      QUOTA
      SHARE
      SUBSYSTEM
      SYSTEM
      TAPE_DATA_WRITE
      XAR

   The names NOLABEL and FOREIGN each point to the FOREIGN
   flag. The reason for this is that the MOUNT/NOLABEL
   and MOUNT/FOREIGN commands each set the FOREIGN flag.
   Therefore, if you used MOUNT/NOLABEL, and you use
   ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will
   display the FOREIGN flag.
 

4  NEW_DATA
   NEW_DATA=(value,...)

   Specifies the value to use after the event occurs. Use this
   criterion with the FIELD_NAME criterion.

   When you use the Authorize utility (AUTHORIZE) to copy a user
   name, NEW_DATA specifies the newly created user name.

   For sensitive information, see SENSITIVE_NEW_DATA.
 

4  NEW_IMAGE_NAME
   NEW_IMAGE_NAME=(image-name,...)

   Specifies the name of the image to be activated in the newly
   created process, as supplied to the $CREPRC system service.
 

4  NEW_OWNER
   NEW_OWNER=(uic,...)

   Specifies the user identification code (UIC) to be assigned to
   the created process, as supplied to the $CREPRC system service.
 

4  OBJECT
   OBJECT=keyword(,...)

   Specifies which characteristics of an object should be used when
   selecting event records. Choose any of the following keywords:

   CLASS=class-name       Specifies the general object class as one
                          of the following classes:

                          Capability
                          Device
                          Event_cluster
                          File
                          Group_global_section
                          Logical_name_table
                          Queue
                          Resource_domain
                          Security_class
                          System_global_section
                          Volume

                          You must enter the full class name (for
                          example, CLASS=logical_name_table) or use
                          wildcard characters to supply a portion of
                          the class name (for example, CLASS=log*).

   NAME=object-name       Specifies the name of the object. You can
                          represent all or part of the name with a
                          wildcard. If you do not use a wildcard,
                          specify the full object name (for example,
                          BOSTON$DUA0:[RWOODS]MEMO.MEM;1).

   OWNER=value            Specifies the UIC or general identifier of
                          the object.

   TYPE=type              Specifies the general object class (type
                          of object). The available classes are as
                          follows:

                          Capability
                          Device
                          File
                          Group_global_section
                          Logical_name_table
                          Queue
                          System_global_section

                          The CLASS keyword supersedes the TYPE
                          keyword. However, TYPE is required to
                          select audit records in files created
                          prior to OpenVMS Alpha Version 6.1.
 

4  PARENT
   PARENT=keyword(,...)

   Specifies which characteristics of the parent process are used
   when selecting event records generated by a subprocess. Choose
   from the following keywords:

   IDENTIFICATION=value   Specifies the process identifier (PID) of
                          the parent process.

   NAME=process-name      Specifies the name of the parent process.
                          You can represent all or part of the name
                          with a wildcard.

   OWNER=value            Specifies the owner (identifier value) of
                          the parent process.

   USERNAME=username      Specifies the user name of the parent
                          process. You can represent all or part of
                          the name with a wildcard.
 

4  PASSWORD
   PASSWORD=(password,...)

   Specifies the password used when the system detected a break-in
   attempt.
 

4  PRIVILEGES_MISSING
   PRIVILEGES_MISSING=(privilege-name,...)

   Specifies privileges the caller needed to perform the operation
   successfully. Specify any of the system privileges, as described
   in the HP OpenVMS Guide to System Security.
 

4  PRIVILEGES_USED
   PRIVILEGES_USED=(privilege-name,...)

   Specifies the privileges of the process to be used when selecting
   event records. Specify any of the system privileges, as described
   in the HP OpenVMS Guide to System Security. Also include the
   STATUS keyword in the selection criteria so the report can
   demonstrate whether the privilege was involved in a successful
   or an unsuccessful operation.
 

4  PROCESS
   PROCESS=(characteristic,...)

   Specifies the characteristics of the process to be used
   when selecting event records. Choose from the following
   characteristics:

   IDENTIFICATION=value   Specifies the PID of the process.

   NAME=process-name      Specifies the name of the process. You can
                          represent all or part of the name with a
                          wildcard.
 

4  REMOTE
   REMOTE=keyword(,...)

   Specifies that some characteristic of the network request is to
   be used when selecting event records. Choose from the following
   keywords:

   ASSOCIATION_NAME=IPC-name   Specifies the interprocess
                               communication (IPC) association name.

   LINK_IDENTIFICATION=value   Specifies the number of the DECnet
                               logical link.

   IDENTIFICATION=value        Specifies the DECnet node address.

   NODENAME=node-name          Specifies the DECnet node name. You
                               can represent all or part of the name
                               with a wildcard.

   USERNAME=username           Specifies the remote user name. You
                               can represent all or part of the
                               remote user name with a wildcard.
 

4  REQUEST_NUMBER
   REQUEST_NUMBER=(value,...)

   Specifies the request number associated with the DCL command
   REQUEST/REPLY.
 

4  SECTION_NAME
   SECTION_NAME=(global-section-name,...)

   Specifies the name of the global section.
 

4  SENSITIVE_FIELD_NAME
   SENSITIVE_FIELD_NAME=(field-name,...)

   Specifies the name of the field that was modified. ANALYZE/AUDIT
   uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with
   packets containing the original data and the new data (specified
   by the SENSITIVE_NEW_DATA criterion).
 

4  SENSITIVE_NEW_DATA
   SENSITIVE_NEW_DATA=(value,...)

   Specifies the value to use after the event occurs. Use this
   criterion with the SENSITIVE_FIELD_NAME criterion.
 

4  SNAPSHOT_BOOTFILE
   SNAPSHOT_BOOTFILE=(filename,...)

   Specifies the name of the file containing a snapshot of the
   system.
 

4  SNAPSHOT_SAVE_FILENAME
   SNAPSHOT_SAVE_FILENAME=(filename,...)

   Specifies the name of the system snapshot file for a save
   operation that is in progress.
 

4  STATUS
   STATUS=(type,...)

   Specifies the type of success status to be used when selecting
   event records. Choose from the following status types:

   SUCCESSFUL             Specifies any success status.
   FAILURE                Specifies any failure status.
   CODE=(value)           Specifies a specific completion status.

   Note that if you specify CODE more than once, only the last value
   is matched.
 

4  SUBJECT_OWNER
   SUBJECT_OWNER=(uic,...)

   Specifies the owner (UIC) of the process causing the event.
 

4  SUBTYPE
   SUBTYPE=(subtype,...)

   Specifies that the criteria be limited to the value or values
   specified as a subtype. The following table lists events and
   their related subtypes. After SUBTYPE, enter the subtypes as they
   appear in the list-for example, SUBTYPE=ALARM_STATE. (In other
   words, do not enter a prefix.)

   Symbols for Event Types
   and Subtypes              Meaning

   NSA$C_MSG_AUDIT           Systemwide change to auditing
         ALARM_STATE         Events enabled as alarms
         AUDIT_DISABLED      Audit events disabled
         AUDIT_ENABLED       Audit events enabled
         AUDIT_INITIATE      Audit server startup
         AUDIT_LOG_FIRST     First entry in audit log (backward
                             link)
         AUDIT_LOG_FINAL     Final entry in audit log (forward link)
         AUDIT_STATE         Events enabled as audits
         AUDIT_TERMINATE     Audit server shutdown
         SNAPSHOT_ABORT*     System snapshot attempt has aborted
         SNAPSHOT_ACCESS*    Snapshot file access/deaccess
         SNAPSHOT_SAVE*      System snapshot save in progress
         SNAPSHOT_STARTUP*   System booted from a snapshot file
         
         * Obsolete as of OpenVMS Version 7.1

   NSA$C_MSG_BREAKIN         Break-in attempt detected
         BATCH               Batch process
         DETACHED            Detached process
         DIALUP              Dialup interactive process
         LOCAL               Local interactive process
         NETWORK             Network server task
         REMOTE              Interactive process from another
                             network node
         SUBPROCESS          Subprocess

   NSA$C_MSG_CONNECTION      Logical link connection or termination
         CNX_ABORT           Connection aborted
         CNX_ACCEPT          Connection accepted
         CNX_DECNET_CREATE   DECnet logical link created
         CNX_DECNET_DELETE   DECnet logical link disconnected
         CNX_DISCONNECT      Connection disconnected
         CNX_INC_ABORT       Incoming connection request aborted
         CNX_INC_ACCEPT      Incoming connection request accepted
         CNX_INC_DISCONNECT  Incoming connection disconnected
         CNX_INC_REJECT      Incoming connection request rejected
         CNX_INC_REQUEST     Incoming connection request
         CNX_IPC_CLOSE       Interprocess communication association
                             closed
         CNX_IPC_OPEN        Interprocess communication association
                             opened
         CNX_REJECT          Connection rejected
         CNX_REQUEST         Connection requested

   NSA$C_MSG_INSTALL         Use of the Install utility (INSTALL)
         INSTALL_ADD         Known image installed
         INSTALL_REMOVE      Known image deleted

   NSA$C_MSG_LOGFAIL         Login failure
         See subtypes for
              NSA$C_MSG_BREAKIN

   NSA$C_MSG_LOGIN           Successful login
         See subtypes for
              NSA$C_MSG_BREAKIN

   NSA$C_MSG_LOGOUT          Successful logout
         See subtypes for
              NSA$C_MSG_BREAKIN

   NSA$C_MSG_MOUNT           Volume mount or dismount
         VOL_DISMOUNT        Volume dismount
         VOL_MOUNT           Volume mount

   NSA$C_MSG_NCP             Modification to network configuration
                             database
         NCP_COMMAND         Network Control Program (NCP) command
                             issued

   NSA$C_MSG_NETPROXY        Modification to network proxy database
         NETPROXY_ADD        Record added to network proxy
                             authorization file
         NETPROXY_DELETE     Record removed from network proxy
                             authorization file
         NETPROXY_MODIFY     Record modified in network proxy
                             authorization file

   NSA$C_MSG_OBJ_ACCESS      Object access attempted
         OBJ_ACCESS          Access attempted to create, delete, or
                             deaccess an object

   NSA$C_MSG_OBJ_CREATE      Object creation attempted
         OBJ_CREATE          Access attempted to create an object

   NSA$C_MSG_OBJ_DEACCESS    Object deaccessed
         OBJ_DEACCESS        Attempt to complete access to an object

   NSA$C_MSG_OBJ_DELETE      Object deletion attempted
         OBJ_DELETE          Object deletion attempted

   NSA$C_MSG_PROCESS         Process controlled through a system
                             service
         PRC_CANWAK          Process wakeup canceled
         PRC_CREPRC          Process created
         PRC_DELPRC          Process deleted
         PRC_FORCEX          Process exit forced
         PRC_GETJPI          Process information gathered
         PRC_GRANTID         Process identifier granted
         PRC_RESUME          Process resumed
         PRC_REVOKID         Process identifier revoked
         PRC_SCHDWK          Process wakeup scheduled
         PRC_SETPRI          Process priority altered
         PRC_SIGPRC          Process exception issued
         PRC_SUSPND          Process suspended
         PRC_TERM            Process termination notification
                             requested
         PRC_WAKE            Process wakeup issued

   NSA$C_MSG_PRVAUD          Use of privilege
         PRVAUD_FAILURE      Unsuccessful use of privilege
         PRVAUD_SUCCESS      Successful use of privilege

   NSA$C_MSG_RIGHTSDB        Modification to the rights database
         RDB_ADD_ID          Identifier added to rights database
         RDB_CREATE          Rights database created
         RDB_GRANT_ID        Identifier granted to user
         RDB_MOD_HOLDER      List of identifier holders modified
         RDB_MOD_ID          Identifier name or attributes modified
         RDB_REM_ID          Identifier removed from rights database
         RDB_REVOKE_ID       Identifier taken away from user

   NSA$C_MSG_SYSGEN          Use of the System Generation utility
                             (SYSGEN)
         SYSGEN_SET          System parameter modified

   NSA$C_MSG_SYSTIME         Modification to system time
         SYSTIM_SET          System time set
         SYSTIM_CAL          System time calibrated

   NSA$C_MSG_SYSUAF          Modification to system user
                             authorization file (SYSUAF)
         SYSUAF_ADD          Record added to system user
                             authorization file
         SYSUAF_COPY         Record added to system user
                             authorization file
         SYSUAF_DELETE       Record deleted from system user
                             authorization file
         SYSUAF_MODIFY       Record modified in system user
                             authorization file
         SYSUAF_RENAME       Record renamed in system user
                             authorization file
 

4  SYSTEM
   SYSTEM=keyword(,...)

   Specifies the characteristics of the system to be used when
   selecting event records. Choose from the following keywords:

   IDENTIFICATION=value   Specifies the numeric identification of
                          the system.
   NAME=nodename          Specifies the node name of the system.
 

4  SYSTEM_SERVICE_NAME
   SYSTEM_SERVICE_NAME=(service-name,...)

   Specifies the name of the system service associated with the
   event.
 

4  TARGET_DEVICE_NAME
   TARGET_DEVICE_NAME=(device-name,...)

   Specifies the target device name used by a process control system
   service.
 

4  TARGET_PROCESS_IDENTIFICATION
   TARGET_PROCESS_IDENTIFICATION=(value,...)

   Specifies the target process identifier (PID) used by a process
   control system service.
 

4  TARGET_PROCESS_NAME
   TARGET_PROCESS_NAME=(process-name,...)

   Specifies the target process name used by a process control
   system service.
 

4  TARGET_PROCESS_OWNER
   TARGET_PROCESS_OWNER=(uic,...)

   Specifies the target process owner (UIC) used by a process
   control system service.
 

4  TARGET_USERNAME
   TARGET_USERNAME=(username,...)

   Specifies the target user name used by a process control system
   service.
 

4  TERMINAL
   TERMINAL=(device-name,...)

   Specifies the name of the terminal to be used when selecting
   event records. You can represent all or part of the terminal name
   with a wildcard.
 

4  TRANSPORT_NAME
   TRANSPORT_NAME=(transport-name,...)

   Specifies the name of the transport: interprocess communication
   (IPC) or System Management Integrator (SMI), which handles
   requests from the System Management utility.

   On VAX systems, it also can specify the DECnet transport name
   (NSP).
 

4  UAF_SOURCE
   UAF_SOURCE=(record-name,...)

   Specifies the user name of the source record for an Authorize
   utility (AUTHORIZE) add, modify, or delete operation.
 

4  USERNAME
   USERNAME=(username,...)

   Specifies the user name to be used when selecting event records.
   You can represent all or part of the user name with a wildcard.
 

4  VOLUME_NAME
   VOLUME_NAME=(volume-name,...)

   Specifies the name of the mounted (or dismounted) volume to be
   used when selecting event records. You can represent all or part
   of the volume name with a wildcard.
 

4  VOLUME_SET_NAME
   VOLUME_SET_NAME=(volume-set-name,...)

   Specifies the name of the mounted (or dismounted) volume set to
   be used when selecting event records. You can represent all or
   part of the volume set name with a wildcard.
 

4  Examples

   1.$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects all records written to the
     security audit log file that were generated by user JOHNSON.

   2.$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,-
     _$ BYPASS)  SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects all records written to the
     security audit log file that were generated by events through
     the use of either SYSPRV or BYPASS privilege.
 

3  /SINCE
   Indicates the utility must operate on records dated with the
   specified time or after the specified time.

   Format

     /SINCE[=time]

     /NOSINCE

   time

   Specifies the time used to select records. Records dated the
   same or later than the specified time are selected. You can
   specify an absolute time, a delta time, or a combination of the
   two. Observe the syntax rules for date and time described in the
   OpenVMS User's Manual.

   If you specify /SINCE without the time, the utility uses the
   beginning of the current day.
 

4  Examples

   1.$ ANALYZE/AUDIT /SINCE=25-NOV-2005 -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects records dated later than
     November 25, 2005.

   2.$ ANALYZE/AUDIT /SINCE=25-NOV-2005:15:00 -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example selects records written after 3
     P.M. on November 25, 2005.
 

3  /SUMMARY
   Specifies that a summary of the selected records be produced
   after all records are processed.

   Note that the /SUMMARY qualifier code is executed after the
   Audit Analyzer is finished, that is, after all the records to be
   analyzed have been collected and processed. When you specify the
   /INTERACTIVE qualifier (which is the default), the Audit Analyzer
   never reaches the finished state because /INTERACTIVE prompts you
   repeatedly to enter another command (which might result in a new
   set of records to be analyzed).

   To use the /SUMMARY qualifier, you must also specify
   /NOINTERACTIVE, which ensures that the Audit Analyzer reaches
   the finished state that allows the SUMMARY code to be executed
   and to display the proper information. In a future version of
   OpenVMS, the Audit Analyzer will return an error when /SUMMARY
   and /INTERACTIVE are specified together.

   You can use the /SUMMARY qualifier alone or in combination with
   the /BRIEF, the /BINARY, or the /FULL qualifier.

   Format

     /SUMMARY=presentation

     /NOSUMMARY
 
   presentation

   Specifies the presentation of the summary. If you do not specify
   a presentation criterion, ANALYZE/AUDIT summarizes the number of
   audits.

   You can specify either of the following presentations:
 

   COUNT

   Lists the total number of audit messages for each class of
   security event that have been extracted from the security audit
   log file. This is the default.
 

   PLOT

   Displays a plot showing the class of the audit event, the time
   of day when the audit was generated, and the name of the system
   where the audit was generated.
 

4  Examples

   1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example generates a summary report of all
     records processed.

       Total records read:        9701          Records selected:          9701
       Record buffer size:        1031
       Successful logins:          542          Object creates:            1278
       Successful logouts:         531          Object accesses:           3761
       Login failures:              35          Object deaccesses:         2901
       Breakin attempts:             2          Object deletes:             301
       System UAF changes:          10          Volume (dis)mounts:          50
       Rights db changes:            8          System time changes:          0
       Netproxy changes:             5          Server messages:              0
       Audit changes:                7          Connections:                  0
       Installed db changes:        50          Process control audits:       0
       Sysgen changes:               9          Privilege audits:            91
       NCP command lines:          120

   2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     The command in this example generates a full format listing
     of all logged audit messages that match the break-in or log
     failure event classes. A summary report is included at the end
     of the listing.

   3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
     _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

     This command generates a histogram that you can display on a
     character-cell terminal.
  

2  /CRASH_DUMP
   Invokes SDA to analyze the specified dump file.   

   Format:

     /CRASH_DUMP [filespec]


   filespec

   Name of the file that contains the dump you want to analyze.
   If no filespec is given on an ANALYZE/CRASH_DUMP command,
   the default is the highest version of SYS$SYSTEM:SYSDUMP.DMP.
   If this file does not exist, SDA prompts you for a file name.
   If any field of filespec is given, the remaining fields default
   to the highest version of SYSDUMP.DMP in your default directory.


3  /COLLECTION

   Valid for Alpha and Integrity server systems only. 

   Indicates to SDA that the file ID translation data or unwind data
   is to be found in a separate file.

   Format:

   /COLLECTION = collection-file-name

   collection-file-name

   You must specify at least one field of the collection file name. 
   Other fields default to the highest generation of the same filename
   and location as the dump file, with a file type of .COLLECT.

   For details, refer to the HP OpenVMS System Analysis Tools Manual. 


3  /OVERRIDE

   Valid for Alpha and Integrity server systems only. 

   Invokes SDA to analyze only the structure of the specified
   dump file when a corruption or other problem prevents
   normal invocation of SDA with the ANALYZE/CRASH_DUMP command.
 
   Format:

     /CRASH_DUMP/OVERRIDE [filespec]


   Commands that can be used when SDA is invoked with /OVERRIDE are 
   as follows:
    
   o  Output control commands such as SET OUTPUT and SET LOG
   o  Dump file related commands such as SHOW DUMP and CLUE ERRLOG
 
   You cannot use commands that access memory addresses within the 
   dump file such as EXAMINE and SHOW SUMMARY

4  Examples

  $ ANALYZE/CRASH_DUMP/OVERRIDE SYS$SYSTEM:SYSDUMP.DMP
  $ ANALYZE/CRASH/OVERRIDE SYS$SYSTEM

      These commands invoke SDA to analyze the crash dump stored in
      SYS$SYSTEM:SYSDUMP.DMP.


3  /RELEASE
   Invokes SDA to release those blocks in the specified system
   paging file occupied by a crash dump.
   
   Requires CMKRNL (change-mode-to-kernel) privilege.

   Format:

     /CRASH_DUMP/RELEASE  filespec

   Use the /RELEASE qualifier to release from the system paging file
   those blocks occupied by a crash dump. Be aware that when you use 
   the /RELEASE qualifier, SDA immediately deletes the dump from the
   paging file and allows you no opportunity to analyze its contents.

   When you specify the /RELEASE qualifier in the ANALYZE 
   command, include the name of the system paging file
   (SYS$SYSTEM:PAGEFILE.SYS) as the filespec.

   If you do not specify the system paging file or the specified
   paging file does not contain a dump, SDA displays one of the 
   following messages:

   %SDA-E-BLKSNRLSD, no dump blocks in page file to release,
                     or no page file
   %SDA-E-NOTPAGFIL, specified file is not the page file
 

4  Examples

 $ ANALYZE/CRASH_DUMP/RELEASE SYS$SYSTEM:PAGEFILE.SYS
 $ ANALYZE/CRASH_DUMP/RELEASE PAGEFILE.SYS

     These commands invoke SDA to release to the page file those
     blocks in SYS$SYSTEM:PAGEFILE.SYS occupied by a crash dump.
 
3  /SHADOW_MEMBER
   Valid for Alpha and Integrity server systems only. 

   Specifies which member of a shadow set contains the system dump
   to be analyzed, or allows the user to determine what system dumps
   have been written to the members of the shadow set.

   Format:

   /CRASH_DUMP/SHADOW_MEMBER [filespec]


3  /SYMBOL
   Specifies an alternate system symbol table for SDA to use, for 
   example, if you want to analyze a crash dump taken on a processor 
   running a different version of OpenVMS.

   /SYMBOL is ignored if it is specified with /OVERRIDE or /RELEASE.

   Format:

     /SYMBOL = system-symbol-table

   system-symbol-table

   The file specification of the SDA system symbol table required
   by SDA to analyze a system dump. The specified system-symbol-table
   must contain those symbols required by SDA to find certain
   locations in the executive image.

   If you do not specify the /SYMBOL qualifier, SDA uses
   SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the
   SDA symbol table. When you specify the /SYMBOL qualifier,
   SDA assumes the default disk and directory to be SYS$DISK:[ ],
   that is, the disk and directory specified in your last DCL command
   SET DEFAULT. If you specify a file for this parameter that is
   not a system symbol table, SDA exits with a fatal error.

4  Examples
 
   $ ANALYZE/CRASH_DUMP/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM

       This command invokes SDA to analyze the crash dump stored in
       SYS$SYSTEM:SYSDUMP.DMP, using the base image in SDA$READ_DIR.


2  /DISK_STRUCTURE
   The Analyze/Disk_Structure utility checks the readability and
   validity of Files-11 Structure Levels 1, 2, and 5 disk volumes,
   and reports errors and inconsistencies. You can detect most
   classes of errors by invoking the utility once and using its
   defaults.

   Format

     ANALYZE/DISK_STRUCTURE  device-name:[/qualifier]
 

3  Parameter
 

device-name

   Specifies the disk volume or volume set to be verified. If you
   specify a volume set, all volumes of the volume set must be
   mounted as Files-11 volumes. For information about the Mount
   utility, refer to the OpenVMS System Management Utilities
   Reference Manual.
 

3  Qualifiers

   Qualifier          Description

   /CONFIRM           Determines whether ANALYZE/DISK_STRUCTURE
                      prompts you to confirm each repair

   /HOMEBLOCKS        Erases damaged home blocks on an initialized
                      volume

   /LIST[=filespec]   Determines whether ANALYZE/DISK_STRUCTURE
                      produces a listing of the index file

   /LOCK_VOLUME       (Alpha/I64 only) Prevents updates to a 
                      volume while you are analyzing it

   /OUTPUT[=filespec] Specifies the output file to which
                      ANALYZE/DISK_STRUCTURE writes the disk
                      structure errors

   /READ_CHECK        Determines whether ANALYZE/DISK_STRUCTURE
                      performs a read check of all allocated blocks
                      on the specified disk

   /RECORD_           Determines whether ANALYZE/DISK_STRUCTURE
   ATTRIBUTES         repairs files containing erroneous settings
                      in the record attributes section of their
                      associated file attribute block (FAT)

   /REPAIR            Determines whether ANALYZE/DISK_STRUCTURE
                      repairs errors that are detected in the file
                      structure of the specified device

   /SHADOW            Causes the entire contents of a shadow set or
                      a specified range of blocks in a shadow set to
                      be checked for discrepancies.

   /STATISTICS        Produces statistical information about the
                      volume under verification and creates a
                      file, STATS.DAT, which contains per-volume
                      statistics

   /USAGE[=filespec]  Specifies that a disk usage accounting file
                      should be produced, in addition to the other
                      specified functions of ANALYZE/DISK_STRUCTURE
 

3  /CONFIRM
   Determines whether the Analyze/Disk_Structure utility prompts you
   to confirm each repair. If you respond with Y or YES, the utility
   performs the repair. Otherwise, the repair is not performed.

   Format

     /CONFIRM

     /NOCONFIRM
 

3  /HOMEBLOCKS
   Erases home blocks from a volume whose home blocks were not
   deleted during previous initialization operations.

   Format

     /HOMEBLOCKS
 

3  /LIST
   Determines whether the Analyze/Disk_Structure utility produces a
   listing of the index file.

   Format

     /LIST[=filespec]

     /NOLIST
 

3  /LOCK_VOLUME
   Prevents updates to a volume while you are analyzing it.

   Format

     /LOCK_VOLUME

     /NOLOCK_VOLUME
 

3  /OUTPUT
   Specifies the output file to which the Analyze/Disk_Structure
   utility is to write the disk structure errors.

   Format

     /OUTPUT[=filespec]

     /NOOUTPUT[=filespec]
 

3  /READ_CHECK
   Determines whether the Analyze/Disk_Structure utility performs
   a read check of all allocated blocks on the specified disk.
   When the Analyze/Disk_Structure utility performs a read check,
   it reads the disk twice; this ensures that it reads the disk
   correctly. The default is /NOREAD_CHECK.

   Format

     /READ_CHECK

     /NOREAD_CHECK
 

3  /RECORD_ATTRIBUTES
   Determines whether the Analyze/Disk_Structure utility repairs
   files containing erroneous settings in the record attributes
   section of their associated file attribute block (FAT).

   Format

     /RECORD_ATTRIBUTES
 

3  /REPAIR
   Determines whether the Analyze/Disk_Structure utility repairs
   errors that are detected in the file structure of the specified
   device.

   Format

     /REPAIR

     /NOREPAIR
 

3  /SHADOW
   Examines the entire contents of a shadow set or a specified range
   of blocks in a shadow set for discrepancies.

   Format

     /SHADOW
 

4  Qualifiers
 

/BLOCKS

      /BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL}

   Directs the system to compare only the range specified. The
   options are the following:

   START:n     Number of the first block to be analyzed. The default
               is the first block.

   COUNT:x     Number of blocks to be analyzed. You can use this
               option in combination with or instead of the END
               option.

   END:y       Number of the last block to be analyzed. The default
               is the last block of the volume.

   FILE_       Blocks currently in use by valid files on the disk.
   SYSTEM      This is the default.

   ALL         All blocks on the disk.

   You can specify START,END,COUNT and either ALL or FILE_SYSTEM.
   For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL),
   the software checks the first 100 blocks on the disk, whether or
   not the file system is using them.

   If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the
   software checks only those blocks that valid files on the disk
   are using.
 

/BRIEF

   Displays only the logical block number (LBN) if the data in
   a block is found to be different. Without this qualifier, if
   differences exist for an LBN, the hexadecimal data of that block
   will be displayed for each member.
 

/IGNORE

      /IGNORE
      [NO]IGNORE

   Ignore "special" files that are likely to have some blocks with
   different data. These differences, however, are not unusual and
   can, therefore, be ignored.

   Other special files are the following:

      SWAPFILE*.*
      PAGEFILE*.*
      SYSDUMP.DMP
      SYS$ERRLOG.DMP

   IGNORE is the default.
 

/OUTPUT

      /OUTPUT=filename

   Output the information to the specified file.
 

/STATISTICS

   Display only the file header and footer. The best use of this
   qualifier is with the /OUTPUT qualifier.
 

3  /STATISTICS
   Produces statistical information about the volume under
   verification and creates a file, STATS.DAT, which contains per-
   volume statistics.

   Format

     /STATISTICS
 

3  /USAGE
   Specifies that a disk usage accounting file should be produced,
   in addition to the other specified functions of the Analyze/Disk_
   Structure utility.

   Format

     /USAGE[=filespec]


2  /ERROR_LOG

   You must specify /ERROR_LOG/ELV to access the Error Log Viewer 
   (ELV). This utility is used with error logs written on systems 
   running OpenVMS Version 7.3 and later.

   /ERROR_LOG (without /ELV) invokes the Error Log Report Formatter 
   (ERF), a utility that is no longer supported, but which may be 
   useful for error logs written on systems running OpenVMS versions 
   older than Version 7.2. (It is available only on Alpha and VAX 
   systems.) For documentation about ERF, refer to the Freeware 
   website:

            http://h71000.www7.hp.com/openvms/freeware/

   Before using ERF, you must convert error log files using ELV or the
   Binary Error Log Translation utility, which is part of DECevent.
   DECevent is no longer supported, but those who need it can download 
   the software and related documentation from the Freeware website:

            http://h71000.www7.hp.com/openvms/freeware/


3  /ELV
   Valid for Alpha and I64 systems only. 

   Invokes the Error Log Viewer (ELV) to selectively report the
   contents of an error log file. 

   You can execute ELV commands directly from DCL command level or
   from ELV's interactive shell mode.

   To invoke ELV, enter the following command:

   $ ANALYZE/ERROR_LOG/ELV

   The utility enters interactive shell mode and displays the ELV
   prompt:

   ELV>

   You can then enter an ELV command. After ELV executes the
   command, it again displays the ELV> prompt. To return directly
   to DCL, use the /NOINTERACTIVE qualifier.

   You can also enter an ELV command directly from DCL; for example:

   $ ANALYZE/ERROR_LOG/ELV TRANSLATE ERRLOG.SYS;42

   After ELV executes the command, you are returned to the DCL
   prompt by default.

   To enter interactive shell mode after executing the command, use
   the /INTERACTIVE qualifier.

4  Categories_of_Events
   ELV recognizes several categories of events for inclusion in (or
   exclusion from) various operations. The first major separation
   is between valid and invalid events. Then, within the category
   of valid events are selected and rejected events. Explanations of
   these categories follow.

   o  Valid
      Valid events can be read into an internal buffer; also, bit-
      to-text translation data can be produced for the header.
      For an event to be valid, the event body does not need
      to be translatable; in this case, the event is valid but
      untranslatable.

      -  Selected
         A selected event is one that is of particular interest
         to you. You select events by using a selection qualifier:
         /ENTRY, /INCLUDE, /NODE, /SINCE, and /BEFORE. The events
         that are selected according to the selection criteria are
         included in or excluded from a report.

      -  Rejected
         A rejected event is one that is not included in a report
         because the command line specifies one of the following:

         *  An interval: /ENTRY, /SINCE, or /BEFORE

         *  A filter: /INCLUDE, /EXCLUDE, /NODE, or /NONODE

         You can use the /REJECTED qualifier to include rejected
         events in a report. (By default, only selected events are
         included in a report.)

   o  Invalid
      An invalid event is one that cannot be read into an internal
      buffer or whose header cannot be translated. You can use the
      ELV command DUMP/INVALID to output invalid events to an output
      dump file for further examination.
 

4  CONVERT
   Converts an error log file written in the newer format to an
   error log file written in the older format (that is read by
   ANALYZE/ERROR_LOG). This command is primarily used to enable
   translation of older error log events whose translation is not
   supported by ELV.

   Format

     CONVERT  [input-file,...]
 

5  Parameter
 

input-file

   Supplies one or more names of binary error log files to be
   converted to the older format.

   If you do not specify an input file name, the default input file
   name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
   and directory, the system defaults to your current device and
   directory. If you do not specify a file name, the default file
   name is ERRLOG. If you do not specify a file type, the default
   file type is .SYS.
 

5  Qualifiers
 

/BEFORE

      /BEFORE=date-time

   Specifies that only those events dated earlier than the stated
   date and time are to be selected for the report.

   Date-time specifies that only those events dated earlier than
   the stated date and time are to be selected for the report. You
   can specify an absolute time, a delta time, or a combination of
   absolute and delta times. See the OpenVMS System Manager's Manual
   for details on specifying times.

   If you omit a date and time, TODAY is used.
 

/ENTRY

      /ENTRY=keyword[,...]

   Generates a report that includes the specified entry range or
   starts at the specified entry number.

   You can specify one or both keywords:

   Keyword               Description

   START:decimal-value   Indicates the start of a range of entries
                         in a report.

   END:decimal-value     Indicates the end of a range of entries 
                         in a report.

   Usage Notes:

   o  You can specify one or both of these parameters. If you
      specify both parameters, you must enclose them in parentheses.

   o  If you specify /ENTRY without the entry range or omit the
      qualifier, the entry range defaults to START:1,END:end-of-
      file.
 

/EXCLUDE

      /EXCLUDE=event-class[,...]

   Excludes the specified event class or classes from the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Exclude device attention entries from the report.

   BUGCHECKS      Exclude all types of bugcheck entries from the
                  report.

   CONFIGURATION  Exclude system configuration entries from the
                  report.

   CONTROL_       Exclude control entries from the report. Control
   ENTRIES        entries include the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                  entries include the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Exclude device error entries from the report.
   ERRORS

   ENVIRONMENTAL_ Exclude environmental entries from the report.
   ENTRIES

   MACHINE_       Exclude machine check entries from the report.
   CHECKS

   MEMORY         Exclude memory errors from the report.

   SNAPSHOT_      Exclude snapshot entries from the report.
   ENTRIES

   SYNDROME       Exclude firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Exclude device timeout entries from the report.

   UNKNOWN_       Exclude any entry that had either an unknown entry
   ENTRIES        type or an unknown device type or class.

   UNSOLICITED_   Exclude unsolicited MSCP entries from the output
   MSCP           report.

   VOLUME_        Exclude volume mount and dismount entries from the
   CHANGES        report.
 

/INCLUDE

      /INCLUDE=event-class[,...]

   Includes the specified event class or classes in the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Select device attention entries.

   BUGCHECKS      Select all types of bugcheck entries.

   CONFIGURATION  Select system configuration entries.

   CONTROL_       Select control entries. Control entries include 
   ENTRIES        the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Select CPU-related entries. CPU entries include
                  the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Select device error entries.
   ERRORS

   ENVIRONMENTAL_ Select environmental entries.
   ENTRIES

   MACHINE_       Select machine check entries.
   CHECKS

   MEMORY         Select memory errors.

   SNAPSHOT_      Select snapshot entries.
   ENTRIES

   SYNDROME       Select firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Select device timeout entries.

   UNKNOWN_       Select any entry that has an unknown entry
   ENTRIES        class.

   UNSOLICITED_   Select unsolicited MSCP entries.
   MSCP           

   VOLUME_        Select volume mount and dismount entries.
   CHANGES        
 

/INTERACTIVE

      /INTERACTIVE
      /[NO]INTERACTIVE

   Specifies whether or not ELV is to run in interactive shell mode.
   By default, interactive shell mode results from the way ELV is
   invoked.
 

/LOG

      /LOG
      /NOLOG

   Specifies whether or not ELV is to output control and
   informational messages to the terminal. The default, /NOLOG,
   does not output these messages to the terminal.
 

/NODE

      /NODE=[node-name,...]
      /NONODE=[node-name,...]

   Includes or excludes events occurring on a specified node or
   nodes from a report.

   If you do not enter a node name, only events that occur on
   the node on which you are running ELV are selected. (This is
   important in a cluster.)

   If you enter /NONODE without a value, events occurring on all
   nodes that are represented in the error log file are processed.
 

/OUTPUT

      /OUTPUT=[output-file]

   Specifies the output file to contain converted copies of events
   chosen with interval and filter qualifiers.

   If you do not specify an output file name, the input file name
   is used. If you do not specify a device and directory, the system
   defaults to your current device and directory. If you do not
   specify a file type, the default file type is .CVT.
 

/REJECTED

   You can use the /REJECTED qualifier to include rejected events
   in a report. (By default, only selected events are included in a
   report.)
 

/SINCE

      /SINCE=[date-time]

   Specifies that only those events dated later than the stated date
   and time are to be selected for the report.

   You can use date-time to limit the report to those events dated
   later than the specified time. You can specify an absolute time,
   a delta time, or a combination of absolute and delta times. See
   the OpenVMS User's Manual for details on specifying times.

   If you omit a date and time, TODAY is used.
 

5  Examples

   1.ELV> CONVERT ERROR_LOG.SYS

     The command in this example converts events in ERROR_LOG.SYS to
     the older format and writes them to ERROR_LOG.CVT.

   2.ELV> CONVERT/OUTPUT

     The command in this example converts events in the default file
     ERRLOG.SYS to the older format and writes them to ERRLOG.CVT.

   3.ELV> CONVERT/OUTPUT=OUTFILE.OUT

     The command in this example converts events in the default file
     ERRLOG.SYS to the older format and writes them to OUTFILE.OUT.
 

4  DUMP
   Allows you to specify the name of a file to contain an OpenVMS
   dump-style record for each event.

   If you do not specify an output file name, the input file name
   is used. If you do not specify a device and directory, the system
   defaults to your current device and directory. If you do not
   specify a file type, the default file type is .DMP.

   Format

     DUMP  [input-file,...]
 

5  Parameter
 

input-file

   Supplies one or more names of binary error log files to be used
   to produce an output dump file.

   If you do not specify an input file name, the default input file
   name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
   and directory, the system defaults to your current device and
   directory. If you do not specify a file name, the default file
   name is ERRLOG. If you do not specify a file type, the default
   file type is .SYS.
 

5  Qualifiers
 

/BEFORE

      /BEFORE=date-time

   Specifies that only those events dated earlier than the stated
   date and time are to be selected for the report.

   Date-time specifies that only those events dated earlier than
   the stated date and time are to be selected for the report. You
   can specify an absolute time, a delta time, or a combination of
   absolute and delta times. See the OpenVMS System Manager's Manual
   for details on specifying times.

   If you omit a date and time, TODAY is used.
 

/ENTRY

      /ENTRY=keyword[,...]

   Generates a report that includes the specified entry range or
   starts at the specified entry number.

   You can specify one or both keywords:

   Keyword               Description

   START:decimal-value   Indicates the start of a range of entries 
                         in a report.

   END:decimal-value     Indicates the end of a range of entries 
                         in a report.

   Usage Notes:

   o  You can specify one or both of these parameters. If you
      specify both parameters, you must enclose them in parentheses.

   o  If you specify /ENTRY without the entry range or omit the
      qualifier, the entry range defaults to START:1,END:end-of-
      file.
 

/EXCLUDE

      /EXCLUDE=event-class[,...]

   Excludes the specified event class or classes from the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Exclude device attention entries from the report.

   BUGCHECKS      Exclude all types of bugcheck entries from the
                  report.

   CONFIGURATION  Exclude system configuration entries from the
                  report.

   CONTROL_       Exclude control entries from the report. Control
   ENTRIES        entries include the following event types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                  entries include the following event types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Exclude device error entries from the report.
   ERRORS

   ENVIRONMENTAL_ Exclude environmental entries from the report.
   ENTRIES

   MACHINE_       Exclude machine check entries from the report.
   CHECKS

   MEMORY         Exclude memory errors from the report.

   SNAPSHOT_      Exclude snapshot entries from the report.
   ENTRIES

   SYNDROME       Exclude firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Exclude device timeout entries from the report.

   UNKNOWN_       Exclude any entry that had either an unknown event
   ENTRIES        type or an unknown device type or class.

   UNSOLICITED_   Exclude unsolicited MSCP entries from the output
   MSCP           report.

   VOLUME_        Exclude volume mount and dismount entries from the
   CHANGES        report.
 

/INCLUDE

      /INCLUDE=event-class[,...]

   Includes the specified event class or classes in the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Select device attention entries.

   BUGCHECKS      Select all types of bugcheck entries.

   CONFIGURATION  Select system configuration entries.

   CONTROL_       Select control entries. Control entries include 
   ENTRIES        the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Select CPU-related entries. CPU entries include
                  the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Select device error entries.
   ERRORS

   ENVIRONMENTAL_ Select environmental entries.
   ENTRIES

   MACHINE_       Select machine check entries.
   CHECKS

   MEMORY         Select memory errors.

   SNAPSHOT_      Select snapshot entries.
   ENTRIES

   SYNDROME       Select firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Select device timeout entries.

   UNKNOWN_       Select any entry that has an unknown entry
   ENTRIES        class.

   UNSOLICITED_   Select unsolicited MSCP entries.
   MSCP           

   VOLUME_        Select volume mount and dismount entries.
   CHANGES        
 

/INTERACTIVE

      /INTERACTIVE
      /[NO]INTERACTIVE

   Specifies whether or not ELV is to run in interactive shell mode.
   By default, interactive shell mode results from the way ELV is
   invoked.
 

/INVALID

   Allows you to specify the name of a file to contain invalid
   entries.
 

/LOG

      /LOG
      /NOLOG

   Specifies whether or not ELV is to output control and
   informational messages to the terminal. The default, /NOLOG,
   does not output these messages to the terminal.
 

/NODE

      /NODE=[node-name,...]
      /NONODE=[node-name,...]

   Includes or excludes events occurring on a specified node or
   nodes from a report.

   If you do not enter a node name, only events that occur on
   the node on which you are running ELV are selected. (This is
   important in a cluster.)

   If you enter /NONODE without a value, events occurring on all
   nodes that are represented in the error log file are processed.
 

/OUTPUT

      /OUTPUT=[output-file]

   Specifies that the output file is to contain OpenVMS dump-style
   records for each event.

   If you do not specify an output file name, the input file name
   is used. If you do not specify a device and directory, the system
   defaults to your current device and directory. If you do not
   specify a file type, the default file type is .DMP.
 

/REJECTED

   You can use the /REJECTED qualifier to include rejected events
   in a report. (By default, only selected events are included in a
   report.)
 

/SINCE

      /SINCE=[date-time]

   Specifies that only those events dated later than the stated date
   and time are to be selected for the report.

   You can use date-time to limit the report to those events dated
   later than the specified time. You can specify an absolute time,
   a delta time, or a combination of absolute and delta times. See
   the OpenVMS User's Manual for details on specifying times.

   If you omit a date and time, TODAY is used.
 

5  Examples

   1.ELV> DUMP ERROR_LOG.SYS

     The command in this example creates a dump file named ERROR_
     LOG.DMP that contains OpenVMS dump-style records.

   2.ELV> DUMP/OUTPUT=OUTFILE.OUT

     The command in this example creates a dump file named
     OUTFILE.OUT that contains OpenVMS dump-style records.

   3.ELV> DUMP/INVALID

     The command in this example creates a dump file with the
     default name of ERRLOG.DMP that contains OpenVMS dump-style
     records of invalid events.

   4.ELV> DUMP/INVALID/OUTPUT=OUTFILE.OUT

     The command in this example creates a dump file named
     OUTFILE.OUT that contains OpenVMS dump-style records of invalid
     events.
 

4  EXIT
   Stops the execution of ELV and returns control to the DCL command
   level. You can also enter Ctrl/Z to perform the same function.

   Format

     EXIT
 

5  Example

 ELV> EXIT
 $

     The command in this example terminates the ELV session and
     returns control to the DCL command level.
 

4  TRANSLATE
   Performs a bit-to-text translation of one or more binary error
   log files.

   Format

     TRANSLATE  [input-file,...]
 

5  Parameter
 

input-file

   Supplies one or more names of binary error log files to be
   translated.

   If you do not specify an input file name, the default input file
   name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
   and directory, the system defaults to your current device and
   directory. If you do not specify a file name, the default file
   name is ERRLOG. If you do not specify a file type, the default
   file type is .SYS.
 

5  Qualifiers
 

/BEFORE

      /BEFORE=date-time

   Specifies that only those events dated earlier than the stated
   date and time are to be selected for the report.

   Date-time specifies that only those events dated earlier than
   the stated date and time are to be selected for the report. You
   can specify an absolute time, a delta time, or a combination of
   absolute and delta times. See the OpenVMS System Manager's Manual
   for details on specifying times.

   If you omit a date and time, TODAY is used.
 

/BRIEF

   Specifies that ELV is to generate a brief report. A brief report
   is equivalent to using /DETAIL=LOW.

   Do not use the /BRIEF qualifier with /DETAIL, /FULL, /ONE_LINE,
   or /SUMMARY.
 

/DETAIL

      /DETAIL=[keyword]

   Specifies the detail level of the generated report.

   Do not use the /DETAIL qualifier with /BRIEF, /FULL, /ONE_LINE,
   or /SUMMARY. The keyword denotes the level of detail for the
   generated report. Keywords are the following:

   Keyword    Description

   MINIMUM    Contains only the minimum amount of information.
   LOW        Is the equivalent of a /BRIEF report.
   MEDIUM     Is the default type of report.
   HIGH       Is the equivalent of a /FULL report.
   MAXIMUM    Contains the maximum amount of information.
 

/ENTRY

      /ENTRY=keyword[,...]

   Generates a report that includes the specified entry range or
   starts at the specified entry number. You can specify one or 
   both keywords:

   Keyword               Description

   START:decimal-value   Indicates the start of a range of entries 
                         in a report.

   END:decimal-value     Indicates the end of a range of entries 
                         in a report.

   Usage Notes:

   o  You can specify one or both of these parameters. If you
      specify both parameters, you must enclose them in parentheses.

   o  If you specify /ENTRY without the entry range or omit the
      qualifier, the entry range defaults to START:1,END:end-of-
      file.
 

/EXCLUDE

      /EXCLUDE=event-class[,...]

   Excludes the specified event class or classes from the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Exclude device attention entries from the report.

   BUGCHECKS      Exclude all types of bugcheck entries from the
                  report.

   CONFIGURATION  Exclude system configuration entries from the
                  report.

   CONTROL_       Exclude control entries from the report. Control
   ENTRIES        entries include the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                  entries include the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Exclude device error entries from the report.
   ERRORS

   ENVIRONMENTAL_ Exclude environmental entries from the report.
   ENTRIES

   MACHINE_       Exclude machine check entries from the report.
   CHECKS

   MEMORY         Exclude memory errors from the report.

   SNAPSHOT_      Exclude snapshot entries from the report.
   ENTRIES

   SYNDROME       Exclude firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Exclude device timeout entries from the report.

   UNKNOWN_       Exclude any entry that had either an unknown entry
   ENTRIES        type or an unknown device type or class.

   UNSOLICITED_   Exclude unsolicited MSCP entries from the output
   MSCP           report.

   VOLUME_        Exclude volume mount and dismount entries from the
   CHANGES        report.
 

/FULL

   Specifies that ELV is to generate a full report. A full report is
   equivalent to using /DETAIL=HIGH.

   Do not use the /FULL qualifier with /BRIEF, /DETAIL, ONE_LINE, or
   /SUMMARY.
 

/INCLUDE

      /INCLUDE=event-class[,...]

   Includes the specified event class or classes in the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Select device attention entries.

   BUGCHECKS      Select all types of bugcheck entries.

   CONFIGURATION  Select system configuration entries.

   CONTROL_       Select control entries. Control entries include 
   ENTRIES        the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Select CPU-related entries. CPU entries include
                  the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Select device error entries.
   ERRORS

   ENVIRONMENTAL_ Select environmental entries.
   ENTRIES

   MACHINE_       Select machine check entries.
   CHECKS

   MEMORY         Select memory errors.

   SNAPSHOT_      Select snapshot entries.
   ENTRIES

   SYNDROME       Select firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Select device timeout entries.

   UNKNOWN_       Select any entry that has an unknown entry
   ENTRIES        class.

   UNSOLICITED_   Select unsolicited MSCP entries.
   MSCP           

   VOLUME_        Select volume mount and dismount entries.
   CHANGES        
 

/INTERACTIVE

      /INTERACTIVE
      /[NO]INTERACTIVE

   Specifies whether or not ELV is to run in interactive shell mode.
   By default, interactive shell mode results from the way ELV is
   invoked.
 

/LOG

      /LOG
      /NOLOG

   Specifies whether or not ELV is to output control and
   informational messages to the terminal. The default, /NOLOG,
   does not output these messages to the terminal.
 

/NODE

      /NODE=[node-name,...]
      /NONODE=[node-name,...]

   Includes or excludes events occurring on a specified node or
   nodes from a report.

   If you do not enter a node name, only events that occur on
   the node on which you are running ELV are selected. (This is
   important in a cluster.)

   If you enter /NONODE without a value, events occurring on all
   nodes that are represented in the error log file are processed.
 

/ONE_LINE

   Specifies that a one-line-per-event report be generated instead
   of a standard report.

   Do not use /ONE_LINE with /BRIEF, /DETAIL, /FULL, or /SUMMARY
   qualifiers.
 

/OUTPUT

      /OUTPUT=[output-file]

   Specifies that the output file is to contain a bit-to-text
   translations of events.

   By default, output is written to SYS$OUTPUT. If you do not
   specify an output file name, the input file name is used. If
   you do not specify a device and directory, the system defaults to
   your current device and directory. If you do not specify a file
   type, the default file type is .LIS.
 

/PAGE

      /PAGE
      /NOPAGE

   Specifies whether or not to enable paged output of the generated
   report.
 

/REJECTED

   You can use the /REJECTED qualifier to include rejected events
   in a report. (By default, only selected events are included in a
   report.)
 

/SINCE

      /SINCE=[date-time]

   Specifies that only those events dated later than the stated date
   and time are to be selected for the report.

   You can use date-time to limit the report to those events dated
   later than the specified time. You can specify an absolute time,
   a delta time, or a combination of absolute and delta times. See
   the OpenVMS User's Manual for details on specifying times.

   If you omit a date and time, TODAY is used.
 

/SUMMARY

   Specifies that a summary report is to be generated rather than a
   standard report.

   Do not use /SUMMARY with /BRIEF, /DETAIL, /FULL, ONE_LINE, or
   /TERSE qualifiers.
 

/TERSE

   Specifies that the data is to be displayed in a less interpreted
   format, regardless of detail level.

   /TERSE has no effect when used with ONE_LINE or /SUMMARY. You can
   use /TERSE with /BRIEF, /DETAIL, or /FULL, which use a default
   display. (/ONE_LINE and /SUMMARY do not use the same default
   display.)
 

5  Examples

   1.ELV> TRANSLATE /BEFORE=24-MAY-2002:04:51:33.87 ERRLOG.SYS;42

     For this example, the default report produced for ERRLOG.SYS;42
     contains all entries that were logged before 4:51 on May 24,
     2002.

   2.ELV> TRANSLATE /BRIEF ERRLOG.SYS;42

     The command in this example generates a brief report.

   3.ELV> TRANSLATE /DETAIL=LOW ERRLOG.SYS;42

     The command in this example generates a report with a LOW level
     of detail.

   4.ELV> TRANSLATE /ENTRY=END:18 ERRLOG.SYS;42

     The command in this example shows how to display entries before
     a specified entry in a sequence.

   5.ELV> TRANSLATE /ENTRY=(START:18,END:37) ERRLOG.SYS;42

     The command in this example shows how to display entries within
     a specified entry range.

   6.ELV> TRANSLATE /EXCLUDE=DEVICE_ERRORS ERRLOG.SYS;42

     The command in this example shows how to exclude the DEVICE_
     ERRORS entry type from a report.

   7.ELV> TRANSLATE /FULL ERRLOG.SYS;42

     The command in this example generates a full report.

   8.ELV> TRANSLATE /INCLUDE=(VOLUME_CHANGES, CPU_ENTRIES,
     BUGCHECKS)
     ERRLOG.SYS;42

     The command in this example shows how to select VOLUME_
     CHANGES, CPU_ENTRIES, and BUGCHECKS entry types.

   9.ELV> TRANSLATE /INTERACTIVE ERRLOG.SYS

     The command in this example enables interactive shell mode
     after translating ERRLOG.SYS. (The default, NOINTERACTIVE,
     returns you to the DCL prompt.)

   10. ELV> TRANSLATE /LOG ERRLOG.SYS

     This example shows how to enable the logging of control and
     informational messages.

   11. ELV> TRANSLATE /NONODE=(BEAVIS, BUTTHD) ERRLOG.SYS

     The command in this example generates a report containing all
     events except those occurring on nodes BEAVIS and BUTTHD.

   12. ELV> TRANSLATE /ONE_LINE ERRLOG.SYS

     The command in this example requests ELV to produce a one-line-
     per-event report instead of a standard report.

   13. ELV> TRANSLATE /OUTPUT=ERRLOG.DAT;3 ERRLOG.SYS;42

     This example creates a binary file named ERRLOG.DAT. If a
     version number is specified, as in this example, and a file
     with the same name and version number does not exist, then the
     binary file will be created with the specified version number.

   14. ELV> TRANSLATE /PAGE ERRLOG.SYS

     This example shows how to generate a paged report.

   15. ELV> TRANSLATE /SINCE="24-MAY-2002 04:51:33.87" ERRLOG.SYS;42

     For this example, the default report produced for ERRLOG.SYS;42
     contains all entries that were logged after 4:51 on May 24,
     2002.

   16. ELV> TRANSLATE /SUMMARY ERRLOG.SYS

     This example shows how to generate a summary report.

   17. ELV> TRANSLATE /TERSE ERRLOG.SYS

     This example shows how to generate a terse report.
 

4  WRITE
   Performs an image copy of events from one or more binary error
   log files.

   Format

     WRITE  [input-file,...]
 

5  Parameter
 

input-file

   Supplies one or more names of binary error log files from which
   events are to be copied to a new binary error log file.

   If you do not specify an input file name, the default input file
   name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
   and directory, the system defaults to your current device and
   directory. If you do not specify a file name, the default file
   name is ERRLOG. If you do not specify a file type, the default
   file type is .SYS.
 

5  Qualifiers
 

/BEFORE

      /BEFORE=date-time

   Specifies that only those events dated earlier than the stated
   date and time are to be selected for the report.

   Date-time specifies that only those events dated earlier than
   the stated date and time are to be selected for the report. You
   can specify an absolute time, a delta time, or a combination of
   absolute and delta times. See the OpenVMS System Manager's Manual
   for details on specifying times.

   If you omit a date and time, TODAY is used.
 

/ENTRY

      /ENTRY=keyword[,...]

   Generates a report that includes the specified entry range or
   starts at the specified entry number. You can specify one or 
   both keywords:

   Keyword               Description

   START:decimal-value   Indicates the start of a range of entries 
                         in a report.

   END:decimal-value     Indicates the end of a range of entries 
                         in a report.

   Usage Notes:

   o  You can specify one or both of these parameters. If you
      specify both parameters, you must enclose them in parentheses.

   o  If you specify /ENTRY without the entry range or omit the
      qualifier, the entry range defaults to START:1,END:end-of-
      file.
 

/EXCLUDE

      /EXCLUDE=event-class[,...]

   Excludes the specified event class or classes from the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Exclude device attention entries from the report.

   BUGCHECKS      Exclude all types of bugcheck entries from the
                  report.

   CONFIGURATION  Exclude system configuration entries from the
                  report.

   CONTROL_       Exclude control entries from the report. Control
   ENTRIES        entries include the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                  entries include the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Exclude device error entries from the report.
   ERRORS

   ENVIRONMENTAL_ Exclude environmental entries from the report.
   ENTRIES

   MACHINE_       Exclude machine check entries from the report.
   CHECKS

   MEMORY         Exclude memory errors from the report.

   SNAPSHOT_      Exclude snapshot entries from the report.
   ENTRIES

   SYNDROME       Exclude firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Exclude device timeout entries from the report.

   UNKNOWN_       Exclude any entry that had either an unknown entry
   ENTRIES        type or an unknown device type or class.

   UNSOLICITED_   Exclude unsolicited MSCP entries from the output
   MSCP           report.

   VOLUME_        Exclude volume mount and dismount entries from the
   CHANGES        report.
 

/INCLUDE

      /INCLUDE=event-class[,...]

   Includes the specified event class or classes in the report. Do
   not use the /EXCLUDE qualifier with /INCLUDE.

   For event-class, specify one or more of the keywords shown in the
   following table. If you specify more than one keyword, you must
   use a comma-separated list of values enclosed in parentheses.

   Keyword        Description

   ATTENTIONS     Select device attention entries.

   BUGCHECKS      Select all types of bugcheck entries.

   CONFIGURATION  Select system configuration entries.

   CONTROL_       Select control entries. Control entries include 
   ENTRIES        the following entry types:

                  o  System power failure restarts
                  o  Time stamps
                  o  System startups
                  o  $SNDERR messages (system service to send
                     messages to error log)
                  o  Operator messages
                  o  Network messages
                  o  ERRLOG.SYS created

   CPU_ENTRIES    Select CPU-related entries. CPU entries include
                  the following entry types:

                  o  SBI alerts/faults
                  o  Undefined interrupts
                  o  MBA/UBA adapter errors
                  o  Asynchronous write errors
                  o  UBA errors

   DEVICE_        Select device error entries.
   ERRORS

   ENVIRONMENTAL_ Select environmental entries.
   ENTRIES

   MACHINE_       Select machine check entries.
   CHECKS

   MEMORY         Select memory errors.

   SNAPSHOT_      Select snapshot entries.
   ENTRIES

   SYNDROME       Select firmware-generated entries that describe
                  a symptom set used by HP support personnel to
                  identify problems.

   TIMEOUTS       Select device timeout entries.

   UNKNOWN_       Select any entry that has an unknown entry
   ENTRIES        class.

   UNSOLICITED_   Select unsolicited MSCP entries.
   MSCP           

   VOLUME_        Select volume mount and dismount entries.
   CHANGES        
 

/INTERACTIVE

      /INTERACTIVE
      /[NO]INTERACTIVE

   Specifies whether or not ELV is to run in interactive shell mode.
   By default, interactive shell mode results from the way ELV is
   invoked.
 

/LOG

      /LOG
      /NOLOG

   Specifies whether or not ELV is to output control and
   informational messages to the terminal. The default, /NOLOG,
   does not output these messages to the terminal.
 

/NODE

      /NODE=[node-name,...]
      /NONODE=[node-name,...]

   Includes or excludes events occurring on a specified node or
   nodes from a report.

   If you do not enter a node name, only events that occur on
   the node on which you are running ELV are selected. (This is
   important in a cluster.)

   If you enter /NONODE without a value, events occurring on all
   nodes that are represented in the error log file are processed.
 

/OUTPUT

      /OUTPUT=[output-file]

   Specifies that the output file is to contain image copies of
   events.

   If you do not specify an output file name, the input file name
   is used. If you do not specify a device and directory, the system
   defaults to your current device and directory. If you do not
   specify a file type, the default file type is .DAT.
 

/REJECTED

   You can use the /REJECTED qualifier to include rejected events
   in a report. (By default, only selected events are included in a
   report.)
 

/SINCE

      /SINCE=[date-time]

   Specifies that only those events dated later than the stated date
   and time are to be selected for the report.

   You can use date-time to limit the report to those events dated
   later than the specified time. You can specify an absolute time,
   a delta time, or a combination of absolute and delta times. See
   the OpenVMS User's Manual for details on specifying times.

   If you omit a date and time, TODAY is used.
 

5  Examples

   1.ELV> WRITE ERROR_LOG.SYS

     The command in this example copies events in ERROR_LOG.SYS to
     ERROR_LOG.DAT.

   2.ELV> WRITE/OUTPUT

     The command in this example copies events in the default file
     ERRLOG.SYS to ERRLOG.DAT.

   3.ELV> WRITE/OUTPUT=OUTFILE.OUT

     The command in this example copies events in the default file
     ERRLOG.SYS to OUTFILE.OUT.

2  /IMAGE
   Analyzes the contents of an executable image file or a shareable
   image file on OpenVMS VAX and Alpha systems, and an Executable
   and Linkable Format (ELF) image file or sharable image file on
   OpenVMS I64 systems, identifying obvious errors in the file. This
   analysis includes translated images on I64 and Alpha systems. The
   /IMAGE qualifier is required.

   For general information about image files, refer to the
   description of the linker in the HP OpenVMS Linker Utility
   Manual. (Use the ANALYZE/OBJECT command to analyze the contents
   of an object file.)

   Format

     ANALYZE/IMAGE  filespec[,...]
 

3  Parameter
 

filespec[,...]

   Specifies the name of one or more image files that you want
   analyzed. You must specify at least one file name. If you specify
   more than one file, separate the file specifications with either
   commas (,)  or plus signs (+). The default file type is .EXE.

   The asterisk (*)  and percent sign (%) wildcard characters are
   allowed in the file specification.
 

3  Description
   The ANALYZE/IMAGE command provides a description of the
   components of an executable image file or shareable image file on
   OpenVMS VAX and Alpha systems, and of an Executable and Linkable
   Format (ELF) image file or sharable image file on OpenVMS I64
   systems. It also verifies that the structure of the major parts
   of the image file is correct. However, the ANALYZE/IMAGE command
   cannot ensure that program execution is error free.

   On OpenVMS I64 systems, the ANALYZE/IMAGE command automatically
   distinguishes between I64, Alpha, and VAX images by examining the
   header information.

   If errors are found, the first error of the worst severity is
   returned. For example, if a warning (A) and two errors (B and
   C) are found, the first error (B) is returned as the image exit
   status. The image exit status is placed in the DCL symbol $STATUS
   at image exit.

                                 NOTES

      For I64 images and objects, the Analyze utility determines
      whether the file it analyzes is an image file or object
      file. Although Analyze allows you to specify ANALYZE/OJBECT
      on an ELF image file, use ANALYZE/IMAGE for ELF image files
      and ANALYZE/OJBECT for ELF object files.

      When parsing output from ANALYZE/IMAGE, be aware that the
      output for ELF images may change.

   When using ANALYZE without a qualifier, the default is /OBJECT.
   Therefore, when using this default to analyze an image in the
   output file, the utility correctly identifies itself as "Analyze
   Object File".

   The OpenVMS VAX and Alpha versions of ANALYZE/IMAGE do not have
   the capability of analyzing all non-platform images. For example,
   ANALYZE/IMAGE cannot analyze I64 images on VAX or Alpha images on
   older versions of VAX.

   When you analyze I64 images on I64 platforms, ANALYZE/IMAGE
   accepts VAX-only or Alpha-only qualifiers, but ignores any effect
   of these qualifiers.

   Depending on the platform, the ANALYZE/IMAGE command
   distinguishes I64 images from VAX and ALpha images by examining
   the meta information (e.g., ELF, EIHD, or IHD).

   The ANALYZE/IMAGE command provides the following information for
   image files:

   o  Image architecture and type - The OpenVMS platform and whether
      the image is executable or shareable.

   o  Image name - The name of the image or shareable image.

   o  Image identification - The identification given in a link
      operation.

   o  Creating linker identification - The linker that generated the
      image.

   o  Link date and time - The date and time of the link operation.

   o  Image transfer addresses - The addresses to which control is
      passed at image execution time.

   o  Image version - The revision level (major ID and minor ID) of
      the image.

   o  Location and size of the image's symbol vector (Alpha and I64
      only).

   o  List of required sharable images - The dependencies on
      sharable images.

   o  Location of the debugger symbol table (DST)-Identifies the
      location of the DST in the image file. DST information is
      present only in executable images that have been linked with
      the /DEBUG or the /TRACEBACK command qualifier. (VAX and Alpha
      only.)

   o  Location and interpretation of the debug and traceback
      information - The sections that contain the information and
      formats the data (DWARF) (I64 only).

   o  Location of the global symbol table (GST)- The location of
      the GST in the image file. GST information is present only in
      shareable image files. (VAX and Alpha only.)

   o  Location of the global symbol table (.symtab) - The location
      of the GST in the image file. GST informaton is present only
      in sharable image files (I64 only.)

   o  Patch information-Indicates whether the image has been patched
      (changed without having been recompiled or reassembled and
      relinked). If a patch is present, the actual patch code can be
      displayed. (VAX and Alpha only.)

   o  Image section descriptors (ISD)-Identify portions of the image
      binary contents that are grouped in OpenVMS Cluster systems
      according to their attributes. An ISD contains information
      that the image activator needs when it initializes the address
      space for an image. For example, an ISD tells whether the ISD
      is shareable, whether it is readable or writable, whether it
      is based or position independent, and how much memory should
      be allocated. (VAX only.)

   o  Summary of internal tables - Lists the program segments and
      sections of which the image consists. (I64 only.)

   o  Fixup vectors-Contain information that the image activator
      needs to ensure the position independence of shareable image
      references. (VAX and Alpha only.)

   o  Fixup information-Information that the image activator
      needs to ensure the position independence of sharable image
      references. (I64 only.)

   o  System version categories-For an image that is linked against
      the executive (the system shareable image on I64 and Alpha or
      the system symbol table on VAX), displays both the values of
      the system version categories for which the image was linked
      originally and the values for the system that is currently
      running. You can use these values to identify changes in the
      system since the image was linked last.

   The ANALYZE/IMAGE command has command qualifiers and positional
   qualifiers. For VAX and Alpha images, by default, if you do not
   specify any positional qualifiers (for example, /GST or /HEADER),
   the entire image is analyzed. If you do specify a positional
   qualifier, the analysis excludes all other positional qualifiers
   except the /HEADER qualifier (which is always enabled) and any
   qualifier that you request explicitly.

   The default behavior for analyzing ELF images differs from the
   behavior for analyzing Alpha or VAX images. For ELF images,
   a summary of the major ELF tables is displayed. With this
   information, you can select specific segments and/or sections for
   analysis. To locate errors, analyze the entire image by selecting
   all sections and segments.
 

3  Qualifiers
 

/FIXUP_SECTION

      /FIXUP_SECTION (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all information in the
   fixup section of the image.

   If you specify the /FIXUP_SECTION qualifier after the
   ANALYZE/IMAGE command, the fixup section of each image file in
   the parameter list is analyzed.

   If you specify the /FIXUP_SECTION qualifier after a file
   specification, only the information in the fixup section of that
   image file is analyzed.
 

/FLAGVALUES

      /FLAGVALUES (I64 only)

   Several fields in an ELF module represent bit flags. Where
   possible, these bit-flag values are examined and displayed
   individually. By default, only the flag values that are set to
   1 (ON) are displayed.

   The keywords are as follows:

   Keyword    Description

   ON         The keyword ON displays all flags whose value is 1.
   OFF        The keyword OFF displays all flags whose value is 0.
   ALL        The keyword ALL displays all flag values. The keywords
              ON and OFF, in contrast, indicate the value of each
              specific flag bit.
 

/GST

      /GST (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all global symbol
   table records. This qualifier is valid only for shareable images.

   If you specify the /GST qualifier after the ANALYZE/IMAGE
   command, the global symbol table records of each image file in
   the parameter list are analyzed.

   If you specify the /GST qualifier after a file specification,
   only the global symbol table records of that file are analyzed.
 

/HEADER

      /HEADER (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all header items and
   image section descriptions. The image header items are always
   analyzed.
 

/INTERACTIVE

      /INTERACTIVE
      /NOINTERACTIVE (default)

   Specifies whether the analysis is interactive. In interactive
   mode, as each item is analyzed, the results are displayed on the
   screen and you are asked whether you want to continue.
 

/MODULE

      /MODULE [=(module_name[,...]) ] (I64 only)

   Selectively formats debug or traceback information for the named
   module or list of modules. You must request debug or traceback
   information by using the /SECTIONS qualifier with keywords ALL,
   DEBUG or TRACE. If debug or traceback information is selectively
   formatted, then the module name is a subselection.

   If you do not specify a module name, only debug or traceback meta
   information about the available modules is printed. In this case,
   any other debug or traceback selection is deactivated.

                                  NOTE

      This qualifier is only valid for ANALYZE/IMAGE. Although
      ANALYZE/OBJECT can be used to format I64 images, Analyze
      rejects the /MODULE qualifier.
 

/OUTPUT

      /OUTPUT=filespec

   Identifies the output file for storing the results of the image
   analysis. The asterisk (*) and the percent sign (%) wildcard
   characters are not allowed in the file specification. If you
   specify a file type and omit the file name, the default file
   name ANALYZE is used. The default file type is .ANL. If you omit
   the qualifier, the results are output to the current SYS$OUTPUT
   device.
 

/PAGE_BREAK

      /PAGE_BREAK=keyword (I64 only)

   Specifies if and where page breaks (form feeds) are inserted in
   the report file. This qualifier is only useful if /OUTPUT is used
   to write a report file. It is ignored if /INTERACTIVE is used to
   specify an interactive analysis.

   Keywords include NONE, which sets no page breaks; PRINTABLE_
   REPORT, which creates page breaks as in listing files, and
   SEPARATE_INFORMATION, which sets page breaks between section
   information.
 

/PATCH_TEXT

      /PATCH_TEXT (VAX only)

   Positional qualifier.

   Specifies that the analysis include all patch text records. If
   you specify the /PATCH_TEXT qualifier after the ANALYZE/IMAGE
   command, the patch text records of each image file in the
   parameter list are analyzed.

   If you specify the /PATCH_TEXT qualifier after a file
   specification, only the patch text records of that file are
   analyzed.
 

/SECTIONS

      /SECTIONS [=(keyword[,...])] (I64 only)

   Selects individual program sections or section types to display.

                                  NOTE

      This qualifier and its keywords can only be used to form an
      inclusion list of sections to be displayed. This qualifier
      is not negatable and cannot be used to form an exclusion
      list. If no values are specified, the default keyword is
      HEADERS.

   The keywords are as follows:

   Keyword            Description

   ALL                Displays a detailed analysis of every section
                      in the module. Note that this keyword can
                      generate a large amount of output.
   CODE               Displays all of all sections of type SHT_
                      PROGBITS where the executable flag is set
                      (SHDR$M_SHF_EXECINSTR in the section header).
                      The section data will be displayed as machine
                      instructions.
   DEBUG              Analyzes and displays sections consisting
   [=(suffix[,...])]  of DWARF formatted debug information. In
                      addition, you can use a list of debug section
                      name suffixes to selectively format DEBUG
                      information.
   EXTENSIONS         Analyzes and displays sections of type SHT_
                      IA64_EXT. The data is displayed in hexadecimal
                      format.
   GROUP              Analyzes and displays sections of type SHT_
                      GROUP. Sections of this type consist of a list
                      of the section numbers of sections belonging
                      to that group.
   HEADERS            The default keyword. Displays the ELF header
                      and the section header details.
   LINKAGES           Analyzes and displays sections of type SHT_
                      VMS_LINKAGES.The data is displayed as a list
                      of linkage descriptors.
   NOBITS             Analyzes and displays sections of type SHT_
                      NOBITS. There is no module data associated
                      with sections of this type.
   NOTE               Analyzes and displays sections of type SHT_
                      NOTE. The data for this section is displayed
                      as a list of formatted OpenVMS note entries.
   NULL               Displays all sections of type PT_NULL. No a
                      data will be displayed for segments of this
                      type.
   NUMBERS=           Displays individual sections, as follows:
   (number [,...])
                      o  The selected sections will have a detailed
                         display of their header and their contents.
                         An informational message is displayed for
                         section numbers that do not exist in the
                         module.

                      o  One or more numeric values may be
                         specified.

                      o  Section numbers may be specified in
                         decimal, octal (using the %O prefix), or
                         hexadecimal (using the %X prefix).

   STRTAB             Analyzes and displays sections of type SHT_
                      STRTAB. The data for this section is displayed
                      as a string table.
   SYMTAB             Displays sections of type SHT_SYMTAB. The
                      data for this section is displayed as a symbol
                      table.
   SYMBOL_VECTOR      Sections of this type will only appear in
                      sharable image files. If present, they point
                      to the same data as the dynamic segment DT_
                      VMS_SYMVEC tags.
   TRACE              Analyzes and displays sections consisting of
   [=(suffix[,...])]  traceback information. In addition, you can
                      use a list of trace section name suffixes to
                      selectively format TRACE information.
   UNWIND             Analyzes and displays sections of type SHT_
                      IA64_UNWIND. Each section of this type has an
                      associated Unwind Information section of type
                      SHT_PROGBITS. This associated section is also
                      displayed.
 

/SEGMENTS

      /SEGMENTS [=(keyword[,...])] (I64 only)

   Selects individual program segments or program segments of a
   specified type to be displayed.

                                  NOTE

      This qualifier and its keywords can only be used to form an
      inclusion list of segments to be displayed. This qualifier
      is not negatable and cannot be used to form an exclusion
      list. If no values are specified, the default keyword is
      HEADERS.

   The keywords are as follows:

   Keyword    Description

   ALL        Analyzes and displays information for every program
              segment. Note that this can generate a large amount of
              output.
   CODE       Analyzes and displays all executable segments
              (PHDR$M_PF_X bit set in the segment header). Segment
              data is displayed as machine instructions.
   DYNAMIC    Analyzes and displays the segment of type PT_DYNAMIC.
   EXTENSIONS Analyzes and displays segments of type IA_64_ARCHEXT.
   HEADERS    The default keyword. Analyzes and displays the ELF
              header and segment header details.
   LOAD       Analyzes and displays segments of type PT_LOAD. If the
              segment header indicates this is an executable segment
              (PHDR$M_PF_X bit set in the segment header), the
              contents will be formatted as machine instructions,
              otherwise the contents are formatted as hexadecimal
              data.
   NULL       Analyzes and displays segments of type PT_NULL. No a
              data will be displayed for segments of this type.
   NUMBERS=   Analyzes and displays individual segments, as follows:
   (number
   [,...])    o  The selected segments have a detailed display of
                 header and content information. For section numbers
                 that do not exist in the module, an informational
                 message is displayed.

              o  One or more numeric values may be specified.

              o  Segment numbers may be specified in decimal, octal
                 (using the %O prefix), or hexadecimal (using the %X
                 prefix).
 

/SELECT

      /SELECT=(keyword[,...])

   Allows for the collection of specific image file information and
   displays the selected keyword items in the order specified.

   Analyze creates DCL symbols for all selectable information with
   the /SELECT qualifier. The symbol names consist of the prefix
   ANALYZE$ and a descriptive name of the information they hold.
   The symbol value is the selected information, usually printed
   to SYS$OUTPUT. Effectively, all of the printed information
   is duplicated in the symbols. For unselected information, the
   corresponding symbols will contain the null string.

   The keywords are as follows:

   Keyword         Description

   ARCHITECTURE    Writes the architecture information into the DCL
                   symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS
                   IA64" if the file is an OpenVMS I64 image file.
                   Returns "OpenVMS Alpha" if the file is an OpenVMS
                   Alpha image file. Returns "OpenVMS VAX" if the
                   file is an OpenVMS VAX image file.

   BUILD_          Writes build identification information into
   IDENTIFICATION  the DCL symbol ANALYZE$BUILD_IDENTIFICATION.
                   For OpenVMS I64 and Alpha image files, returns
                   the image build identification stored in the
                   image file, enclosed in quotation marks. For
                   OpenVMS VAX image files, the null string that
                   is represented by adjacent quotation marks is
                   returned.

   FILE_TYPE       Writes file type information into the DCL symbol
                   ANALYZE$FILE_TYPE. Returns "Image" if the file is
                   an OpenVMS I64, Alpha, or VAX image file.

   IDENTIFICATION  The possible keywords are as follows:
   [=keyword]      
                   o  IMAGE (default) - Writes the image
                      identification information into the DCL symbol
                      ANALYZE$IDENTIFICATION. Returns the image
                      identification that is stored in the image
                      file, enclosed in quotation marks. Otherwise,
                      returns "Unknown".

                   o  LINKER - Writes the linker identification
                      information into the DCL symbol
                      ANALYZE$LINKER_IDENTIFICATION. Returns the
                      identification of the linker used to link the
                      image.

   IMAGE_TYPE      Writes image type information into the DCL
                   symbol ANALYZE$IMAGE_TYPE. Returns "Shareable"
                   if the file is a shareable image file.
                   Returns "Executable" if the file is either an
                   OpenVMS I64, Alpha, or OpenVMS VAX executable
                   (nonshareable) image file.

   LINK_TIME       Writes link time information into the DCL symbol
                   ANALYZE$LINK_TIME. For image files, returns the
                   image link time that is stored in the image file,
                   enclosed in quotation marks.

   NAME            Writes link time information into the DCL symbol
                   ANALYZE$NAME. For image files, returns the image
                   name that is stored in the image file, enclosed
                   in quotation marks.

   VERSION_        Writes the system and component version numbers
   NUMBERS         into DCL symbols. The DCL symbol names and
   (Alpha and      values are similar to the printed output of
   I64 only)       ANALYZE/IMAGE; that is, there is a symbol for
                   each component. The symbol names consist of the
                   prefix "ANALYZE$SYS$K_" and the component name
                   consists of "BASE_IMAGE", "MEMORY_MANAGEMENT",
                   and so forth. If the analyzed image depends on a
                   component, the component's version number saved
                   in the image is also in the corresponding DCL
                   symbol. The other DCL symbols contain an empty
                   string. The symbol value, the version, consists
                   of a major and minor version number, separated by
                   a dot and enclosed in parantheses.

                   In addition, if the image runs on the same
                   platform as Analyze, then the component's version
                   of the running system are stored in the DCL
                   symbols. Then, within the parentheses, the image
                   and system versions are separated by a slash.
                   In this case, both versions are compared. The
                   comparision is performed by an LEQUAL check for
                   major-/minor-IDs. If there is a mismatch, Analyze
                   prints an informational message. Note also that
                   the system version is saved in the DCL symbol of
                   the BASE_IMAGE component.

                                  NOTE

      The Analyze utility can work on several files. Because
      there is only one set of DCL symbols, the symbols only
      contain information from the last analyzed file. When an
      error occurs, symbol values are undefined. Check for Analyze
      errors first, then use the symbols.
 

3  Examples

   1.$ ANALYZE/IMAGE  LINEDT

     The ANALYZE/IMAGE command in this example produces a
     description and an error analysis of the image LINEDT.EXE.
     Output is sent to the current SYS$OUTPUT device.

   2.$ ANALYZE/IMAGE/OUTPUT=LIALPHEX/FIXUP_SECTION/PATCH_TEXT
      LINEDT, ALPRIN (VAX and Alpha only)

     The ANALYZE/IMAGE command in this example produces a
     description and an error analysis of the fixup sections
     and patch text records of LINEDT.EXE and ALPRIN.EXE in file
     LIALPHEX.ANL. Output is sent to the file LIALPHEX.ANL.

   3.$ ANALYZE/IMAGE/SELECT=(ARCH,FILE,NAME,IDENT,BUILD,LINK) *.EXE
     DISK:[DIRECTORY]ALPHA.EXE;1
     OpenVMS ALPHA
     Image
     "Test image ALPHA"
     "A11-27"
     "X5SC-SSB-0000"
     14-JUN-2004 07:16:19.24
     DISK:[DIRECTORY]VAX.EXE;1
     OpenVMS VAX
     Image
     "Test image VAX"
     "V11-27"
     ""
     15-JUN-2004 13:18:40:70

     On an Alpha system, this example displays the information
     requested about the executable files ALPHA.EXE and VAX.EXE.

   4.$ ANALYZE/IMAGE/SELECT=(ARCHITECTURE,IDENT,NAME) HELLO 1

     USER:[JOE]HELLO.EXE;1
     OpenVMS IA64
     "V1.0"
     "HELLO"
     $
     $ SHOW SYMBOL ANALYZE$*
       ANALYZE$ARCHITECTURE = "OpenVMS IA64"
       ANALYZE$BUILD_IDENTIFICATION = ""
       ANALYZE$FILE_TYPE = ""
       ANALYZE$IDENTIFICATION = ""V1.0""
       ANALYZE$IMAGE_TYPE = ""
       ANALYZE$LINKER_IDENTIFICATION = ""
       ANALYZE$LINK_TIME = ""
       ANALYZE$NAME = ""HELLO""
     $
     $ ANALYZE/IMAGE/SELECT=(IDENT=(IMAGE,LINKER),IMAGE,LINK) HELLO 2
     USER:[JOE]HELLO.EXE;1
     "V1.0"
     "Linker I01-54"
     Executable
      7-JUN-2004 11:47:08.10
     $
     $ SHOW SYMBOL ANALYZE$*
       ANALYZE$ARCHITECTURE = ""
       ANALYZE$BUILD_IDENTIFICATION = ""
       ANALYZE$FILE_TYPE = ""
       ANALYZE$IDENTIFICATION = ""V1.0""
       ANALYZE$IMAGE_TYPE = "Executable"
       ANALYZE$LINKER_IDENTIFICATION = ""Linker I01-54""
       ANALYZE$LINK_TIME = " 7-JUN-2004 11:47:08.10"
       ANALYZE$NAME = ""
     $
     $ ANALYZE/IMAGE/SELECT=FILE HELLO.* 3
     USER:[JOE]HELLO.C;1
     %ANALYZE-E-ILLFIL, Illegal file format encountered
     USER:[JOE]HELLO.EXE;1
     Image
     USER:[JOE]HELLO.MAP;1
     %ANALYZE-E-ILLFIL, Illegal file format encountered
     USER:[JOE]HELLO.OBJ;1
     Object
     $
     $ SHOW SYMBOL ANALYZE$*
       ANALYZE$ARCHITECTURE = ""
       ANALYZE$BUILD_IDENTIFICATION = ""
       ANALYZE$FILE_TYPE = "Object"
       ANALYZE$IDENTIFICATION = ""
       ANALYZE$IMAGE_TYPE = ""
       ANALYZE$LINKER_IDENTIFICATION = ""
       ANALYZE$LINK_TIME = ""
        ANALYZE$NAME =
     $

     This I64 example displays the information requested for the
     executable file, HELLO.EXE. The following text is keyed to the
     callout numbers at the ends of each ANALYZE/IMAGE command line
     in the example:

     1  Only the selected information can be found in the DCL
        symbols. The information in the symbols is identical to
        what is printed to SYS$OUTPUT, that is, if quoted strings
        are printed there are quotes strings in the symbol.

     2  If the new linker identification is selected, it is
        necessary to use IDENT with a keyword list.

     3  When using wildcards, errors in the analyzed file (for
        example illegal file format errors) do not terminate
        Analyze. Only the information from the last analyzed file
        can be found in the DCL symbols.
 


2  /MEDIA
  Invokes the Bad Block Locator utility (BAD), which analyzes
  block-addressable devices and records the location of blocks that
  cannot reliably store data. The /MEDIA qualifier is required. For
  a complete description of BAD, including information about the
  ANALYZE/MEDIA command and its qualifiers, see the OpenVMS Bad Block
  Locator Utility Manual. This manual is posted with other archived 
  manuals on the OpenVMS Documentation website.

  Format

    ANALYZE/MEDIA device


  device

  Specifies the device that BAD will analyze. The device has the form:

       ddcu: or logical-name

3 Qualifiers

/BAD_BLOCKS

 /BAD_BLOCKS[=LIST]

  Adds the specified bad blocks to the detected bad block file
  (DBBF). If the /BAD_BLOCK qualifier is specified along with the
  /EXERCISE qualifier, the medium is tested once the bad blocks are
  added to the DBBF.

  If you do not specify a value for the /BAD_BLOCK qualifier, you are
  prompted as follows:

       BAD_BLOCKS =

  In prompt mode, BAD reports any duplicate bad blocks.


  Qualifier Value

  List

       Specifies the bad block locations to be added to the DBBF. Valid
       codes for specifying bad block locations are:

       Code                  Meaning

       LBN                   Specifies the logical block number (LBN)
                             of a single bad block.

       LBN:count             Specifies a range of contiguous bad blocks  
                             starting at the logical block number (LBN) 
                             and continuing for "count" blocks.

       SEC.TRK.CYL           Specifies the physical disk address (sector, 
                             track, and cylinder) of a single bad 
                             sector. This code is valid only for last
                             track devices.
                             
       SEC.TRK.CYL:count     Specifies a range of bad sectors starting
                             at the specified physical disk address
                             (sector, track, and cylinder) and 
                             continuing for "count" sectors. This code 
                             is valid only for last track devices.

                             You can specify these formats in any
                             integer combination or radix combination.

                                  Note

          The term "block" denotes a standard unit of 512
          bytes, whereas the term "sector" denotes the
          physical size of the device sector, which is not
          always the same for all devices. For example, an
          RL02 has a sector size of 256 bytes, while an RK07
          has a standard sector size of 512 bytes.

/EXERCISE

 /EXERCISE=(FULL,[NO]KEEP,PATTERN)
 /NOEXERCISE (default)

  Controls whether the media should actually be tested. You can
  update the DBBF without erasing the contents of the volume by 
  using the /NOEXERCISE qualifier along with the /BAD_BLOCKS
  qualifier.


  Qualifier Keywords

  FULL

       Causes BAD to test the media using three test patterns (0s,
       1s, and "worst case") instead of the default single "worst
       case" pattern. The FULL keyword can be used only with
       /EXERCISE.  Note that the "worst case" test pattern always
       remains on media tested with the /EXERCISE qualifier.

  KEEP

       Ensures the preservation of the current software detected bad
       block file (SDBBF). The keep keyword is the default when
       /NOEXERCISE is specified.

  NOKEEP

       Causes BAD to create a new SDBBF. The NOKEEP keyword is the
       default when /EXERCISE is specified. This keyword cannot be
       used with the /NOEXERCISE qualifier.

  PATTERN=(value[,...])

       Allows users to specify the value of a test pattern to be 
       used as "worst case". Up to an octaword of test pattern 
       data may be specified in decimal (%D), hexadecimal (%X), 
       or octal (%O) radixes. The default radix is decimal.      

       The pattern is specified in longwords. If two or more 
       longwords are specified, they must be enclosed in 
       parentheses and separated by commas.

/LOG

 /LOG
 /NOLOG (default)

  Specifies whether a message is sent to the current SYS$OUTPUT
  device and SYS$ERROR, indicating the total number of bad blocks
  detected by BAD.

/OUTPUT

 /OUTPUT[=filespec]

  Specifies whether the contents of the DBBF are written to the
  specified file.  If you omit the /OUTPUT qualifier, no output 
  is generated.

  If you specify /OUTPUT but omit the filespec, the contents of 
  the DBBF are written to the current SYS$OUTPUT device.

  When you specify /OUTPUT, the /SHOW=AFTER qualifier is implied.


  Qualifier Value

  filespec

       Identifies the output file for storing the results of the 
       medium analysis. If you specify a file type and omit the
       file name, the default file name ANALYZE is used. The default 
       file type is ANL. If you omit the filespec, the results are
       output to the current SYS$OUTPUT device.

       No wildcard characters are allowed in the file specification.

/RETRY

 /RETRY
 /NORETRY (default)

  Enables the device driver to retry soft errors.

/SHOW

 /SHOW[=(keyword[,...])]

  Lists the contents of the DBBF before or after (or both) the 
  medium is exercised or modified.                            


  Qualifier Keywords

  [NO]BEFORE,[NO]AFTER

      Specifies whether the contents of the DBBF are listed before or
      after (or both) the medium is exercised. After is the default.

3 Examples

  In examples 1 and 2, the contents of the data region on the medium
  are not altered or destroyed; in examples 3, 4, and 5, all the data
  on the medium is destroyed.

  1.   $ ANALYZE/MEDIA/BAD_BLOCKS=(4.4.4:3) DBA1:

  The /BAD_BLOCKS qualifier in this example specifies a range of 3
  bad blocks beginning at the physical disk address sector 4, track
  4, cylinder 4.  This range is added to the DBBF.

  2.   $ ANALYZE/MEDIA/LOG DBB1:
       DEVICE DBB1: CONTAINS A TOTAL OF 340670 BLOCKS; 11 DEFECTIVE
       BLOCKS DETECTED.

  The command in this example requests BAD to report the total 
  number of bad blocks recorded in DBBFs for the disk mounted on
  DBB1:. The medium is not exercised or altered in any way.

  3.   $ ANALYZE/MEDIA/EXERCISE/BAD_BLOCKS=(2) DBB1:

  The command in this example adds the bad block specification to 
  the DBBF and then tests the media. The bad block in this example
  is located at logical block number (LBN) 2.

  4.   $ ANALYZE/MEDIA/EXERCISE=KEEP DBA1:

  This command tests the media while preserving the current SDBBF.

  5.   $ ANALYZE/MEDIA/EXERCISE/RETRY DBB1:

  The command in this example directs the device driver to retry soft
  errors.
   

2  /OBJECT
   Analyzes the contents of an object file on OpenVMS VAX and Alpha
   systems, and an Executable and Linkable Format (ELF) object
   file on OpenVMS I64 systems, and identifies obvious errors. The
   /OBJECT qualifier is required.

   For general information about object files, refer to the
   description of the linker in the HP OpenVMS Linker Utility
   Manual. (Use the ANALYZE/IMAGE command to analyze the contents
   of an image file.)

   Format

     ANALYZE/OBJECT  filespec[,...]
 

3  Parameter
 

filespec[,...]

   Specifies the object files or object module libraries you want
   analyzed (the default file type is .OBJ). Use commas (,)  or plus
   signs (+)  to separate file specifications. The asterisk (*) and
   the percent sign (%) wildcard characters are allowed in the file
   specification.
 

3  Description
   The ANALYZE/OBJECT command describes the contents of one or more
   object modules contained in one or more files. It also performs
   a partial error analysis. This analysis determines whether all
   records in an object module conform in content, format, and
   sequence to the specifications of the I64, Alpha, or VAX Object
   Language.

   On OpenVMS I64 systems, the ANALYZE/OBJECT command automatically
   distinguishes I64, Alpha, and VAX objects by examining the format
   of the object modules header.

   ANALYZE/OBJECT is intended primarily for programmers compilers,
   debuggers, or other software involving the operating system's
   object modules. It checks that that the ELF object format (I64)
   or the object language records (VAX and Alpha) generated by
   the object modules are acceptable to the Linker utility, and
   it identifies certain errors in the file. It also provides a
   description of the records in the object file or object module
   library. For more information on the linker and on the Alpha
   and VAX object languages, refer to the HP OpenVMS Linker Utility
   Manual. Information on the I64 object format will be available in
   a future release.

                                 NOTES

      For I64 images and objects, the Analyze utility determines
      whether the file it analyzes is an image file or object
      file. Although Analyze allows you to specify ANALYZE/IMAGE
      on an ELF object file, use ANALYZE/IMAGE for ELF image files
      and ANALYZE/OJBECT for ELF object files.

      The OpenVMS VAX and OpenVMS Alpha versions of ANALYZE/OBJECT
      are not fully capable of analyzing non-platform objects (for
      example I64 objects on VAX or Alpha).

      The output format of ANALYZE/OBJECT for ELF objects may
      change. Further, the default behavior for analyzing ELF
      objects differs from the behavior for analyzing Alpha or VAX
      objects. For ELF objects, a summary of the major ELF tables
      is displayed. With this information, you can select specific
      sections for further analysis. To locate errors, the entire
      object should be analyzed by selecting all sections.

      When you analyze I64 objects on I64 platforms,
      ANALYZE/OBJECT accepts either VAX- or Alpha-only qualifiers,
      but ignores any effect of these qualifiers.

   The ANALYZE/OBJECT command analyzes the object modules in order,
   record by record, from the first to the last record in the object
   module. Fields in each record are analyzed in order from the
   first to the last field in the record. After the object module
   is analyzed, you should compare the content and format of each
   type of record to the required content and format of that record
   as described by the OpenVMS I64, Alpha, or OpenVMS VAX Object
   Language. This comparison is particularly important if the
   analysis output contains a diagnostic message.

   ANALYZE/OBJECT displays the following information for object
   modules:

   o  Module architecture and type

   o  Module name

   o  Module version

   o  Module creation date and time

   o  Language processor creator

   Linking an object module differs from analyzing an object module.
   The object's contents are not interpreted; rather, only the meta
   information is checked for consistancy. As a result, even if
   the analysis is error free, the linking operation may not be. In
   particular, the analysis does not check the following for VAX and
   Alpha objects:

   o  That data arguments in TIR commands are in the correct format

   o  That "Store Data" TIR commands are storing within legal
      address limits

   Therefore, as a final check, you should still link an object
   module whose analysis is error free.

   If an error is found, however, the first error of the worst
   severity that is discovered is returned. For example, if a
   warning (A) and two errors (B and C) are signaled, then the first
   error (B) is returned as the image exit status, which is placed
   in the DCL symbol $STATUS at image exit.

   ANALYZE/OBJECT uses positional qualifiers; that is, qualifiers
   whose function depends on their position in the command line.
   When a positional qualifier precedes all of the input files in
   a command line, it affects all input files. For example, the
   following command line requests that the analysis include the
   global symbol directory records in files A, B, and C:

   $ ANALYZE/OBJECT/GSD A,B,C

   Conversely, when a positional qualifier is associated with only
   one file in the parameter list, only that file is affected. For
   example, the following command line requests that the analysis
   include the global symbol directory records in file B only:

   $ ANALYZE/OBJECT A,B/GSD,C

   For VAX and Alpha objects, typically, all records in an object
   module are analyzed. However, when the /DBG, /EOM, /GSD, /LNK,
   /MHD, /TBT, or /TIR qualifier is specified, only the record types
   indicated by the qualifiers are analyzed. All other record types
   are ignored.

   By default, the analysis includes all record types unless
   you explicitly request a limited analysis using appropriate
   qualifiers.

                                  NOTE

      For VAX and Alpha End-of-Module (EOM) records and module
      header (MHD) records are always analyzed, no matter which
      qualifiers you specify.

      For I64 objects the Elf header, the section header table
      and the note section are always analyzed, no matter which
      qualifiers you specify.
 

3  Qualifiers
 

/DISASSEMBLE

      /DISASSEMBLE (I64 only)

   Positional qualifier.

   Displays all sections of type SHT_PROGBITS where the executable
   flag is set (SHDR$M_SHF_EXECINSTR in the section header). The
   section data will be displayed as machine instructions with
   symbolization of labels, branch targets, and so on. All local and
   global symbols from the symbol table are used for symbolization.
   The output is similar to compiler generated machine code
   listings.

                                  NOTE

      This qualifier is accepted only for objects. I64 images
      contain only global symbols, if any at all. In addition,
      output produced with this qualifier differs from output
      produced by ANALYZE/OBJECT/SECTIONS=CODE, which provides
      machine code output for the same sections, although without
      symbolization.
 

/DBG

      /DBG (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all debugger
   information records. If you want the analysis to include debugger
   information for all files in the parameter list, insert the /DBG
   qualifier immediately following the /OBJECT qualifier. If you
   want the analysis to include debugger information selectively,
   insert the /DBG qualifier immediately following each of the
   selected file specifications.
 

/EOM

      /EOM (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should be limited to MHD records, EOM
   records, and records explicitly specified by the command. If you
   want this to apply to all files in the parameter list, insert the
   /EOM qualifier immediately following the /OBJECT qualifier.

   To make the /EOM qualifier applicable selectively, insert it
   immediately following each of the selected file specifications.

                                  NOTE

      End-of-module records can be EOM or EOMW records. Refer to
      the HP OpenVMS Linker Utility Manual for more information.
 

/FLAGVALUES

      /FLAGVALUES (I64 only)

   Several fields in an ELF module represent bit flags. Where
   possible, these bit-flag values are examined and displayed
   individually. By default, only the flag values that are set to
   1 (ON) are displayed.

   The keywords are as follows:

   Keyword    Description

   ON         The keyword ON displays all flags whose value is 1.
   OFF        The keyword OFF displays all flags whose value is 0.
   ALL        The keyword ALL displays all flag values. The keywords
              ON and OFF, in contrast, indicate the value of each
              specific flag bit.
 

/GSD

      /GSD (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all global symbol
   directory (GSD) records.

   If you want the analysis to include GSD records for each file
   in the parameter list, specify the /GSD qualifier immediately
   following the /OBJECT qualifier.

   If you want the analysis to include GSD records selectively,
   insert the /GSD qualifier immediately following each of the
   selected file specifications.
 

/INCLUDE

      /INCLUDE [=(module[,...])]

   When the specified file is an object module library, use this
   qualifier to list selected object modules within the library for
   analysis. If you omit the list or specify an asterisk (*),  all
   modules are analyzed. If you specify only one module, you can
   omit the parentheses.
 

/INTERACTIVE

      /INTERACTIVE
      /NOINTERACTIVE (default)

   Controls whether the analysis occurs interactively. In
   interactive mode, as each record is analyzed, the results are
   displayed on the screen, and you are asked whether you want to
   continue.
 

/LNK

      /LNK (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all link option
   specification (LNK) records.

   If you want the analysis to include LNK records for each file
   in the parameter list, specify the /LNK qualifier immediately
   following the /OBJECT qualifier.

   If you want the analysis to include LNK records selectively,
   insert the /LNK qualifier immediately following each of the
   selected file specifications.
 

/MHD

      /MHD (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should be limited to MHD records,
   EOM records, and records explicitly specified by the command.
   If you want this analysis to apply to all files in the parameter
   list, insert the /MHD qualifier immediately following the /OBJECT
   qualifier.

   To make the /MHD qualifier applicable selectively, insert
   immediately following each of the selected file specifications.
 

/PAGE_BREAK

      /PAGE_BREAK=keyword (I64 only)

   Specifies if and where page breaks (form feeds) are inserted in
   the report file. This qualifier is only useful if /OUTPUT is used
   to write a report file. It is ignored if /INTERACTIVE is used to
   specify an interactive analysis.

   Keywords include NONE, which sets no page breaks; PRINTABLE_
   REPORT, which creates page breaks as in listing files, and
   SEPARATE_INFORMATION, which sets page breaks between section
   information.
 

/OUTPUT

      /OUTPUT [=filespec]

   Directs the output of the object analysis (the default is
   SYS$OUTPUT). If you specify a file type and omit the file name,
   the default file name ANALYZE is used. The default file type is
   .ANL.

   The asterisk (*) and the percent sign (%) wildcard characters are
   not allowed in the file specification.
 

/SECTIONS

      /SECTIONS [=(keyword[,...])] (I64 only)

   Selects individual program sections or section types to display.

                                  NOTE

      This qualifier and its keywords can only be used to form an
      inclusion list of sections to be displayed. This qualifier
      is not negatable and cannot be used to form an exclusion
      list. If no values are specified, the default keyword is
      HEADERS.

   The keywords are as follows:

   Keyword            Description

   ALL                Displays a detailed analysis of every section
                      in the module. Note that this keyword can
                      generate a large amount of output.
   CODE               Displays all sections of type SHT_PROGBITS
                      where the executable flag is set (SHDR$M_
                      SHF_EXECINSTR in the section header). The
                      section data will be displayed as machine
                      instructions.
   DEBUG              Analyzes and displays sections consisting
   [=(suffix[,...])]  of debug formatted debug information. In
                      addition, you can use a list of debug section
                      name suffixes to selectively format DEBUG
                      information. The suffix can be specified as
                      follows:

                      o  ABBREV-Formats DEBUG abbreviations

                      o  ARANGES-Formats DEBUG address lookup tables

                      o  FRAME-Formats DEBUG frame descriptors for
                         unwinding

                      o  INFO-Formats DEBUG symbols

                      o  LINE-Formats DEBUG source line info

                      o  PUBNAMES-Formats DEBUG name lookup tables

                      o  PUBTYPES-Formats DEBUG type lookup tables

   EXTENSIONS         Analyzes and displays sections of type SHT_
                      IA64_EXT. The data is displayed in hexadecimal
                      format.
   GROUP              Analyzes and displays sections of type SHT_
                      GROUP. Sections of this type consist of a list
                      of the section numbers of sections belonging
                      to that group.
   HEADERS            The default keyword. Displays the ELF header
                      and the section header details.
   LINKAGES           Analyzes and displays sections of type SHT_
                      VMS_LINKAGES.The data is displayed as a list
                      of linkage descriptors.
   NOBITS             Analyzes and displays sections of type SHT_
                      NOBITS. There is no module data associated
                      with sections of this type.
   NOTE               Analyzes and displays sections of type SHT_
                      NOTE. The data for this section is displayed
                      as a list of formatted OpenVMS note entries.
   NULL               Displays all sections of type PT_NULL. No a
                      data will be displayed for segments of this
                      type.
   NUMBERS= (number   Displays individual sections, as follows:
   [,...])
                      o  The selected sections will have a detailed
                         display of their header and their contents.
                         An informational message is displayed for
                         section numbers that do not exist in the
                         module.

                      o  One or more numeric values may be
                         specified.

                      o  Section numbers may be specified in
                         decimal, octal (using the %O prefix), or
                         hexadecimal (using the %X prefix).

   PROGBITS           Displays all sections of type SHT_PROGBITS,
                      except unwind sections.

                      Formatting for the sections of type SHT_
                      PROGBITS depends on the EXECINSTR flag
                      (SHDR$M_SHF_EXECINSTR) in its section header.
                      If this bit set, the section data will be
                      displayed as machine instructions. Otherwise
                      it will be displayed as hexadecimal data.

                      Unwind sections will be displayed if
                      /SECTIONS=UNWIND is specified.
   RELOCATIONS        Analyzes and displays sections of type SHT_
                      RELA. The data for this section is displayed
                      as table of relocation entries.
   STRTAB             Analyzes and displays sections of type SHT_
                      STRTAB. The data for this section is displayed
                      as a string table.
   SYMTAB             Displays sections of type SHT_SYMTAB. The
                      data for this section is displayed as a symbol
                      table.
   TRACE              Analyzes and displays sections consisting of
   [=(suffix[,...])]  traceback information.

                      In addition, you can use a list of trace
                      section name suffixes to selectively format
                      TRACE information. The trace section names,
                      which appear as ".trace_suffix", can be
                      viewed in the summary table. The suffix can be
                      specified as shown below. In addition, because
                      there is one common debug and traceback
                      section, ".debug_line", the suffix "line"
                      can be specified as shown below as well:

                      o  ABBREV-Formats TRACE abbreviations

                      o  ARANGES-Formats TRACE address lookup tables

                      o  INFO-Formats TRACE symbols

                      o  LINE-Formats TRACE source line info

   UNWIND             Analyzes and displays sections of type SHT_
                      IA64_UNWIND. Each section of this type has an
                      associated Unwind Information section of type
                      SHT_PROGBITS. This associated section is also
                      displayed.
 

/SELECT

      /SELECT=(keyword[,...])

   Allows for the collection of specific object file information and
   displays the selected keyword items in the order specified.

                                  NOTE

      The /SELECT qualifier can be used on object and image
      files. The same keywords are valid selections. However,
      some information can not be in an object, such as the link
      date and time. Therfore, for some keywords the Analyze
      utility returns "Unknown.". In the following table, only
      the keywords (which are useful for object files) and their
      return values are listed.

   Analyze creates DCL symbols for all selectable information with
   the /SELECT qualifier. The symbol names consist of the prefix
   ANALYZE$ and a descriptive name of the information they hold.
   The symbol value is the selected information, usually printed
   to SYS$OUTPUT. Effectively, all of the printed information
   is duplicated in the symbols. For unselected information, the
   corresponding symbols will contain the null string.

   The keywords are as follows:

   Keyword         Description

   ARCHITECTURE    Writes the architecture information into the DCL
                   symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS
                   IA64" if the file is an OpenVMS I64 object file.
                   Returns "OpenVMS Alpha" if the file an OpenVMS
                   Alpha object file. Returns "OpenVMS VAX" if the
                   file is an OpenVMS VAX object file.
   FILE_TYPE       Writes file type information into the DCL symbol
                   ANALYZE$FILE_TYPE. Returns "Object" if the file
                   is an OpenVMS I64, Alpha, or VAX object file.
 

/TBT

      /TBT (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all module traceback
   (TBT) records.

   If you want the analysis to include TBT records for each file
   in the parameter list, specify the /TBT qualifier immediately
   following the /OBJECT qualifier.

   If you want the analysis to include TBT records selectively,
   insert the /TBT qualifier immediately following each of the
   selected file specifications.
 

/TIR

      /TIR (VAX and Alpha only)

   Positional qualifier.

   Specifies that the analysis should include all text information
   and relocation (TIR) records.

   If you want the analysis to include TIR records for each file
   in the parameter list, specify the /TIR qualifier immediately
   following the /OBJECT qualifier.

   If you want the analysis to include TIR records selectively,
   insert the /TIR qualifier immediately following the selected file
   specifications.
 

3  Examples

   1.$ ANALYZE/OBJECT/INTERACTIVE  LINEDT

     In this example, the ANALYZE/OBJECT command produces a
     description and a partial error analysis of the object file
     LINEDT.OBJ. Output is to the terminal, because the /INTERACTIVE
     qualifier has been used. As each item is analyzed, the utility
     displays the results on the screen and asks if you want to
     continue.

   2.$ ANALYZE/OBJECT/OUTPUT=LIOBJ/DBG  LINEDT (VAX and Alpha only)

     In this example, the ANALYZE/OBJECT command analyzes only the
     debugger information records of the file LINEDT.OBJ. Output is
     to the file LIOBJ.ANL.

   3.$ ANALYZE/OBJECT/SELECT=(ARCH,FILE) *.OBJ
     DISK:[DIRECTORY]ALPHA.OBJ;1
        OpenVMS ALPHA
        Object
        DISK:[DIRECTORY]VAX.OBJ;1
        OpenVMS VAX
        Object

     This example displays the information requested about the
     object files ALPHA.OBJ and VAX.OBJ.

2  /PROCESS_DUMP
   Invokes the OpenVMS Debugger to analyze a process dump file that 
   was created when an image failed during execution. (Use the /DUMP
   qualifier with the RUN or the SET PROCESS command to generate a
   dump file.)

   Note that on Alpha systems, you can also force a process to dump by 
   using the DUMP/PROCESS command.

   The ANALYZE/PROCESS_DUMP command can display a process dump file
   for either an Alpha or a VAX image. For a complete description 
   of the debugger, including information about the DEBUG command, 
   refer to the OpenVMS Debugger Manual.

   Requires read (R) access to the dump file.

   Format

     ANALYZE/PROCESS_DUMP  dump-file
 

   dump-file

   Specifies the dump file to be analyzed with the debugger.
 

3  Qualifiers
 

/FULL

   On VAX and Alpha systems, displays all known information about the 
   failing process.
 

/IMAGE

      /IMAGE=image-name
      /NOIMAGE

   On VAX systems, specifies the image to be activated to set up the 
   process context for the analysis. If you use the /NOIMAGE qualifier, 
   the DELTA debugger will be used for the analysis. 

   By default, symbols are taken from the image with the same name as 
   the image that was running at the time of the dump.


/IMAGE_PATH

     /IMAGE_PATH[=directory-spec] dump-file
     /NOIMAGE_PATH

   On Alpha systems, specifies the search path the debugger is to use 
   to find the debugger symbol table (DST) file.  As in prior debuggers, 
   the debugger builds an image list from the saved process image list.  
   When you set an image (the main image is automatically set), the 
   debugger attempts to open that image in order to find the DST file.

   If you include the /IMAGE_PATH=directory-spec qualifier, the
   debugger searches for the DST file in the specified directory.  
   The debugger first tries to translate directory-spec as the logical
   name of a directory search list.  If that fails, the debugger 
   interprets directory-spec as a directory specification, and searches 
   that directory for matching .DSF or .EXE files.  A .DSF file takes 
   precedence over an .EXE file.  The name of the .DSF or .EXE file 
   must match the image.

   If you do not include the /IMAGE_PATH=directory-spec qualifier,
   the debugger looks for the DST file first in the directory that 
   contains the dump file.  If that fails, the debugger searches 
   directory SYS$SHARE and then directory SYS$MESSAGE.  If the debugger 
   fails to find a DST file for an image, the symbolic information 
   available to the debugger is limited to global and universal symbol 
   names.

   Version 7.3 and later debuggers check for dumpfile image specification 
   and DST file link date-time mismatches and issue a warning if one is
   discovered.

   The dump-file parameter is the name of the process dump file to
   be analyzed.  Note that the process dump file file type must be .DMP 
   and the DST file type must be either .DSF or .EXE.

                            Restrictions

       You cannot use a logical to redirect the search for an image
       and use the /IMAGE_PATH qualifier at the same time.  If you
       use the /IMAGE_PATH qualifier, then all images that are not
       in their original locations must be found through that path.
       Individual image logicals (for example, the "SH" in "DEFINE
       SH SYS$LOGIN:SH.EXE") are not processed. 

       Additionally, you cannot input a directory search path
       directly to the /IMAGE_PATH qualifier, as it does not
       process a directory list separated by commas; however, you
       can specify a logical that translates into a directory
       search path. 


/INTERACTIVE

      /INTERACTIVE
      /NOINTERACTIVE (default)

   On VAX systems, causes the display of information to pause when your 
   terminal screen is filled. Press Return to display additional
   information.  By default, the display is continuous.
 

/MISCELLANEOUS

   On VAX systems, displays process information and registers at the 
   time of the dump.  Refer to the $GETJPI system service for further 
   explanation of the process information displayed.


/RELOCATION

   On VAX systems, displays the addresses to which data structures saved 
   in the dump are mapped in P0 space. (Examples of such data structures 
   are the stacks.) The data structures in the dump must be mapped into P0
   space so that the debugger can use those data structures in P1 space.
 
3  Examples

   1.$ ANALYZE/PROCESS/FULL ZIPLIST

      R0 = 00018292  R1 = 8013DE20  R2 = 7FFE6A40   R3 = 7FFE6A98
      R4 = 8013DE20  R5 = 00000000  R6 = 7FFE7B9A   R7 = 0000F000
      R8 = 00000000  R9 = 00000000  R10 = 00000000  R11 = 00000000
      SP = 7FFAEF44  AP = 7FFAEF48  FP  = 7FFAEF84
      FREE_P0_VA  00001600    FREE_P1_VA  7FFAC600
      Active ASTs  00         Enabled ASTs 0F
      Current Privileges  FFFFFF80  1010C100
      Event Flags  00000000  E0000000
      Buffered I/O count/limit 6/6
      Direct I/O count/limit   6/6
      File count/limit         27/30
      Process count/limit      0/0
      Timer queue count/limit  10/10
      AST count/limit          6/6
      Enqueue count/limit      30/30
      Buffered I/O total 7      Direct I/O total 18

      Link Date  27-DEC-2000 15:02:00.48  Patch Date  17-NOV-2000 00:01:53
      ECO Level  0030008C  00540040  00000000  34303230
      Kernel stack 00000000 pages at 00000000 moved to 00000000
      Exec stack 00000000 pages at 00000000 moved to 00000000
      Vector page 00000001 page at 7FFEFE00 moved to 00001600
      PIO (RMS) area 00000005 pages at 7FFE1200 moved to 00001800
      Image activator context 00000001 page at 7FFE3400 moved to 00002200
      User writable context 0000000A pages at 7FFE1C00 moved to 00002400
     Creating a subprocess
              VAX DEBUG Version 5.4
     DBG>

   This example shows the output of the ANALYZE/PROCESS command when used 
   with the /FULL qualifier on a VAX system. The file specified, ZIPLIST, 
   contains the dump of a process that encountered a fatal error. The 
   DBG> prompt indicates that the debugger is ready to accept commands.


2  /RMS_FILE
   Invokes the Analyze/RMS_File utility to inspect and analyze the
   internal structure of an RMS file. The /RMS_FILE qualifier is
   required. For a complete description of the Analyze/RMS_File
   utility, including more information about the ANALYZE/RMS_FILE
   command and its qualifiers, see the OpenVMS Record Management
   Utilities Reference Manual.

   ANALYZE/RMS_FILE  filespec[,...]
 

3  Parameter
 

filespec[,...]

   Specifies the data file to be analyzed. The default file type
   is .DAT. You can use multiple file specifications and wildcard
   characters with the /CHECK qualifier, the /RU_JOURNAL qualifier,
   the /STATISTICS qualifier, and the /SUMMARY qualifier, but not
   with the /FDL qualifier or the /INTERACTIVE qualifier.
 

3  Qualifiers
 

/CHECK

   Checks the integrity of the file and generates a report of any
   errors in its structure. The report produced by the /CHECK
   qualifier includes a list of any errors and a summary of the
   file's structure. If you do not specify an output file, the
   report is written to the current SYS$OUTPUT device, which is
   generally your terminal. You can use wildcards and multiple file
   specifications. If you specify /NOOUTPUT, you only get a message
   indicating whether the file has errors.

   The check function is active by default when you use the ANALYZE
   /RMS_FILE command without any qualifiers. The /CHECK qualifier
   is not compatible with the /FDL qualifier, the /INTERACTIVE
   qualifier, the /STATISTICS qualifier, or the /SUMMARY qualifier.
   If /CHECK is used with any of the other qualifiers, /FDL takes
   precedence, next is /INTERACTIVE, then /STATISTICS, and lastly
   /SUMMARY.

/FDL

   Generates an FDL file describing the RMS data file being
   analyzed. By default, the /FDL qualifier creates a file with the
   file type .FDL and the same file name as the input data file. To
   assign a different type or name to the FDL file, use the /OUTPUT
   qualifier. If the data file is corrupted, the FDL file contains
   the Analyze/RMS_File utility error messages.

   For indexed files, the FDL file contains special analysis
   sections you can use with the EDIT/FDL Optimize script to make
   better design decisions when you reorganize the file.

   You cannot use wildcards or multiple file specifications with
   the /FDL qualifier. The /FDL qualifier is not compatible with the
   /CHECK qualifier, the /INTERACTIVE qualifier, the /STATISTICS
   qualifier, the /SUMMARY qualifier, or the /UPDATE_HEADER
   qualifier.  The /FDL qualifier takes precedence over all other
   qualifiers.
 

/INTERACTIVE

   Begins an interactive examination of the file's structure. You
   cannot use wildcards or multiple file specifications. For help
   with the interactive commands, enter the HELP command at the
   ANALYZE> prompt.

   Do not use this qualifier with the /CHECK, /FDL, /STATISTICS,
   /SUMMARY, or /UPDATE_HEADER qualifiers.  If used with the /FDL
   qualifier, the /FDL takes precedence.  All other qualifiers are
   ignored when used with /INTERACTIVE.
 

/OUTPUT

   /OUTPUT=filesspec
   /NOOUTPUT

   Identifies the destination file for the results of the analysis.
   The /NOOUTPUT qualifier specifies that no output file is to be
   created. In all cases, the Analyze/RMS_File utility displays a
   message indicating whether the data file has errors.

   /CHECK          Places the integrity report in the output file.
                   The default file type is .ANL, and the default
                   file name is ANALYZE. If you omit the output-
                   filespec parameter, output is written to the
                   current SYS$OUTPUT device, which is generally
                   your terminal.
   /FDL            Places the resulting FDL specification in the
                   output file. The default file type is .FDL, and
                   the default file name is that of the input file.
   /INTERACTIVE    Places a transcript of the interactive session in
                   the output file. The default file type is .ANL,
                   and the default file name is ANALYZE. If you omit
                   the output-filespec parameter, no transcript of
                   your interactive session is produced.
   /RU_JOURNAL     Places the recovery-unit journal information in
                   the output file. The default file type is .ANL,
                   and the default file name is ANALYZE. If you
                   omit the output-filespec parameter, output is
                   written to the current SYS$OUTPUT device, which
                   is generally your terminal.
   /STATISTICS     Places the statistics report in the output file.
                   The default file type is .ANL, and the default
                   file name is ANALYZE. If you omit the output-
                   filespec parameter, output is written to the
                   current SYS$OUTPUT device, which is generally
                   your terminal.
   /SUMMARY        Places the summary report in the output file.
                   The default file type is .ANL, and the default
                   file name is ANALYZE. If you omit the output-
                   filespec parameter, output is written to the
                   current SYS$OUTPUT device, which is generally
                   your terminal.
 

/RU_JOURNAL

   Provides information about recovery-unit journaling where
   applicable. You can use the /RU_JOURNAL qualifier on any file,
   but it is inoperative on files not marked for recovery-unit
   journaling.

   This qualifier provides the only way of accessing a file that
   would otherwise be inaccessible because of unresolved recovery
   units. This situation might be the result of an unavailable
   recovery-unit journal file or of unavailable data files that
   were included in the recovery unit.

   To use the /RU_JOURNAL qualifier, your process must have both
   CMEXEC privilege and access to the [SYSJNL] directory (either
   SYSPRV privilege or access for UIC [1,4]).

   This qualifier is compatible with all of the ANALYZE/RMS_FILE
   qualifiers, and you can use it with wildcards and multiple file
   specifications.

   When you specify the /RU_JOURNAL qualifier, the Analyze/RMS_File
   utility provides you with the following data for each active
   recovery unit:

   o  The journal file specification and the journal creation date

   o  The recovery-unit identification, recovery-unit start time,
      cluster system identification number (CSID), and process
      identification (PID)

   o  Information about the files involved in the recovery unit,
      including the file specification, the name of the volume where
      the file resides, the file identification, the date and time
      the file was created, and the current status of the file

   o  The state of the recovery unit - active, none, started,
      committed, or not available (for more information, see the
      RMS Journaling for OpenVMS Manual)

   o  An error statement
 

/STATISTICS

   Specifies that a report is to be produced containing statistics
   about the file. The /STATISTICS qualifier is used mainly on
   indexed files.

   By default, if you do not specify an output file with the /OUTPUT
   qualifier, the statistics report is written to the current
   SYS$OUTPUT device, which is generally your terminal.

   The /STATISTICS qualifier is not compatible with the /CHECK
   qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, or
   the /SUMMARY qualifier.  If /STATISTICS is used with any other
   qualifiers, /FDL takes precedence, and then /INTERACTIVE.  All
   other qualifiers are ignored.  The /STATISTICS qualifier does an 
   implicit check.
 

/SUMMARY

   Specifies that a summary report is to be produced containing
   information about the file's structure and use. The /SUMMARY
   qualifier generates a summary report containing information about
   the file's structure and use.

   If the file has no errors, the output generated from the /SUMMARY
   qualifier is identical to that produced by the /CHECK qualifier.
   Unlike the /CHECK qualifier, however, the /SUMMARY qualifier does
   not check the structure of your file, so output is generated more
   quickly.

   Do not use this qualifier with the /CHECK qualifier, the /FDL
   qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier,
   or the /UPDATE_HEADER qualifier.  If /SUMMARY is used with any
   other qualifiers, /FDL takes precedence, next is /INTERACTIVE, 
   and then /STATISTICS.
 

/UPDATE_HEADER

   Attempts to update the following attributes in the header of
   the file: longest record length (LRL) and/or file length hint
   attribute.

   You must use this qualifier in combination with either
   /STATISTICS or /CHECK (the default).

   This qualifier only applies to sequential file organizations and
   is ignored for any other file organization. The /UPDATE_HEADER
   qualifier attempts to update the LRL and/or file hint attribute
   in the file header if the calculated value(s) differ from the
   current value(s) in the file header. The /UPDATE_HEADER qualifier
   applies to:

   o  An LRL request - if the file is sequential and has a record
      format other than undefined (UDF).

   o  A HINT request - if the file is sequential, the record format
      is either variable (VAR) or variable with fixed control (VFC),
      and the file is located on an ODS-5 disk device.

   It is not supported for remote accesses; requests are ignored.

   The /UPDATE_HEADER qualifier requires either the STATISTICS or
   CHECK (default) functions since calculating new values for the
   LRL and/or file length hint presumes that all the records in the
   sequential file are processed. It is not compatible with the /FDL
   qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier.

   Any errors returned by the file system when an attempt to update
   the file header fails are ignored. If the update succeeds, the
   updated values are displayed at the end of the report.
 

3  EXAMPLES

   1.$ ANALYZE/RMS_FILE/CHECK CUSTFILE

   This command checks the file CUSTFILE.DAT for errors and displays
   the report on the terminal.

   2.$ ANALYZE/RMS_FILE/FDL ADDRFILE

   This command generates an FDL file named ADDRFILE.FDL from the
   data file ADDRFILE.DAT.

   3.$ ANALYZE/RMS_FILE DENVER::DB1:[PROD]RUN.DAT

   This command analyzes the structure of the file RUN.DAT residing
   at remote node DENVER.

   4.$ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A

     FILE HEADER

          File Spec: DISK$REGRES:[REGRES]A.A;3
          ...

        RMS FILE ATTRIBUTES

                 File Organization: sequential
                 Record Format: variable
                 Record Attributes:  carriage-return
                 Maximum Record Size: 0
                 Longest Record: 52
                 Blocks Allocated: 4, Default Extend Size: 0
                 End-of-File VBN: 1, Offset: %X'008E'
                 File Monitoring: disabled
                 File Length Hint (Record Count):    6 (invalid)
                 File Length Hint (Data Byte Count): 42 (invalid)
                 Global Buffer Count: 0

            The analysis uncovered NO errors.

                 UPDATED File Length Hint (Record Count) to:    10
                 UPDATED File Length Hint (Data Byte Count) to: 118

      ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A

2  /SSLOG
   Valid for Alpha and I64 systems only. 

   Displays the collected data.

   Format:

     ANALYZE/SSLOG  [/BRIEF | /FULL | /NORMAL | /STATISTICS]
                    [/OUTPUT=filename] [/SELECT=(option[,...])]
                    [/WIDE] [filespec]

   filespec

   Optional name of the log file to be analyzed. The default
   filename is SSLOG.DAT.
 

3  Qualifiers

/BRIEF

   Displays abbreviated logged information.
 

/FULL

   Displays logged information, error status messages and sequence
   numbers.
 

/NORMAL

      /NORMAL (Default)

   Displays basic logged information.
 

/STATISTICS

      /STATISTICS[=BY_STATUS]

   Displays statistics on system services usage; accepts BY_
   STATUS keyword. Outputs a summary of the services logged with
   a breakdown by access mode. Output is ordered with the most
   frequently requested services first. If BY_STATUS is included,
   the summary is further separated by completion status. Output is
   displayed up to 132 columns wide.
 

/OUTPUT

      /OUTPUT=filename

   Identifies the output file for storing the results of the log
   analysis. An asterisk (*) and percent sign (%) are not allowed
   as wildcards in the file specification. There is no default file
   type or filename. If you omit the qualifier, results are output
   to the current SYS$OUTPUT device.
 

/SELECT

      /SELECT=([option[,...]])

   Selects entries based on your choice of options. You must specify
   at least one of the following:

   Keyword                Meaning

   ACCESS_MODE=mode       Selects data by access mode.

   IMAGE=image-name       Selects data by image name.

   STATUS[=n]             Selects data by status. n is optional.
                          /SELECT=STATUS displays all entries that
                          have an error status.

   SYSSER=service-name    Selects data by service name.
 

/WIDE

   Provides for a display of logged information up to 132 columns
   wide.
 

3  Description
   The ANALYZE/SSLOG command displays the collected logged data.
   Note that a system service log must be analyzed on the same
   platform type as the one on which it was created; for example,
   a log created on an OpenVMS Alpha system must be analyzed on an
   OpenVMS Alpha system.

   For examples with explanations, see the System Service Logging
   chapter of the HP OpenVMS System Analysis Tools Manual.


2  /SYSTEM
   Invokes the System Dump Analyzer utility, which analyzes a running system.
   The /SYSTEM qualifier is required.
   
   Requires CMKRNL (change-mode-to-kernel) privilege. Also requires PFNMAP
   (map-by-PFN) privilege to access memory by physical address.

   For more information about the System Dump Analyzer utility on Alpha and
   Integrity server systems, see the HP OpenVMS System Analysis Tools Manual 
   or online help.

   Format:

     ANALYZE/SYSTEM 


3  /SYMBOL
   Specifies an alternate system symbol table for SDA to use.

   Format:

     ANALYZE/SYSTEM/SYMBOL=system-symbol-table

   system-symbol-table

   The file specification of the SDA system symbol table required 
   by SDA to analyze a running system. The specified system-symbol-table 
   must contain those symbols required by SDA to find certain 
   locations in the executive image.

   On Alpha and I64 systems, if you do not specify the /SYMBOL qualifier,
   SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols
   into the SDA symbol table.  

   On VAX systems, if you do not specify the /SYMBOL qualifier, SDA 
   uses SYS$SYSTEM:SYS.STB by default.  

   When you specify the /SYMBOL qualifier, SDA assumes the default disk 
   and directory to be SYS$DISK and [default-dir]; that is, the disk 
   and directory specified in your last SET DEFAULT command.  If no 
   device and directory are given in the file name and the file is not 
   found in the current default directory, SDA attempts to open the file 
   SDA$READ_DIR:filename.type. If no type has been given in the file 
   name, SDA assumes .EXE. If you specify a file for this parameter that 
   is not a system symbol table, SDA halts with a fatal error.    

3  Examples

   1.  $ ANALYZE/SYSTEM
 
       OpenVMS (TM) system analyzer

       SDA>
 
       This command invokes SDA to analyze the running system.


   2.  On Alpha and I64 systems:

       $ ANALYZE/SYSTEM/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM

       This command invokes SDA to analyze the running system, using 
       the base image in SDA$READ_DIR.

   3.  On VAX systems:

       $ ANALYZE/SYSTEM/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM

       This command invokes SDA to analyze the running system, using
       the system symbol table at SYS$CRASH:SYS.STB.