The ANALYZE commands invoke utilities to examine various
components of an OpenVMS system. They perform the following
functions:
o Invoke the Audit Analysis Utility to extract selective
information from the system security audit journal (see /AUDIT).
o Invoke the System Dump Analyzer (SDA) to examine the specified
dump file (see /CRASH_DUMP).
o Invoke the Analyze/Disk_Structure Utility to examine disk
volumes (see /DISK_STRUCTURE).
o Invoke the Error Log Viewer (ELV) to selectively report the
contents of an error log file (see /ERROR_LOG/ELV). (Alpha/I64 only)
o Describe the contents of an image file or shareable image file
(see /IMAGE).
o Invoke the Bad Block Locator (BAD) Utility to find disk blocks
that cannot be used to store data (see /MEDIA).
o Describe the contents of an object file (see /OBJECT).
o Invoke the OpenVMS Debugger for analysis of a process dump file
(see /PROCESS_DUMP).
o Analyze the internal structure of an RMS file (see /RMS_FILE).
o Display the data collected by the System Service Logging
utility (see /SSLOG). (Alpha/I64 only)
o Invoke the System Dump Analyzer (SDA) to examine the running system
(see /SYSTEM).
The default analyze function is to examine object modules
(ANALYZE/OBJECT).
1 /AUDIT
The Audit Analysis utility (ANALYZE/AUDIT) processes event
messages in security audit log files to produce reports of
security-related events on the system.
Format
ANALYZE/AUDIT [file-spec[,...]]
file-spec[,...]
Specifies one or more security audit log files as input to
ANALYZE/AUDIT. If you specify more than one file name, separate
the names with commas.
If you omit the file-spec parameter, the utility searches for the
default audit log file SECURITY.AUDIT$JOURNAL.
The default audit log file is created in the SYS$COMMON:[SYSMGR]
directory. To use the file, specify SYS$MANAGER on the
ANALYZE/AUDIT command line. If you do not specify a directory,
the utility searches for the file in the current directory.
You can include wildcard characters, such as the asterisk (*) or
percent sign (%), in the file specification.
The audit log file can be located in any directory. To display
the current location, use the DCL command SHOW AUDIT/ALL.
1.1 – Qualifiers
Qualifier Description
/BEFORE Controls whether records dated earlier than the
specified time are selected
/BINARY Controls whether output is a binary file
/BRIEF Controls whether a brief, single-line record
format is used in ASCII displays
/EVENT_TYPE Selects the classes of events to be extracted from
the security log file
/FULL Controls whether a full format is used in ASCII
displays
/IGNORE Excludes records from the report that match the
specified criteria
/INTERACTIVE Controls whether interactive command mode is
enabled when ANALYZE/AUDIT is invoked
/OUTPUT Specifies where to direct output from
ANALYZE/AUDIT
/PAUSE Specifies the length of time each record is
displayed in a full format display
/SELECT Specifies the criteria for selecting records
/SINCE Indicates that the utility must operate on
records dated with the specified time or after
the specified time
/SUMMARY Specifies that a summary of the selected records
be produced after all records are processed
1.2 /BEFORE
Controls whether records dated earlier than the specified time
are selected.
Format
/BEFORE[=time]
/NOBEFORE
time
Specifies the time used to select records. Records dated earlier
than the specified time are selected. You can specify an absolute
time, delta time, or a combination of the two. Observe the syntax
rules for date and time described in the OpenVMS User's Manual.
1.2.1 – Examples
1.$ ANALYZE/AUDIT /BEFORE=25-NOV-2005 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records dated earlier
than November 25, 2005.
2.$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records generated
between noon and 2 P.M. today.
1.3 /BINARY
Controls whether output is a binary file.
Format
/BINARY
/NOBINARY
1.3.1 – Example
$ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT05.AUDIT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all audit records generated
today and writes the records in binary format to 25OCT05.AUDIT.
1.4 /BRIEF
Controls whether a brief, single-line record format is used in
ASCII displays.
Format
/BRIEF (default)
1.4.1 – Example
$ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example produces an ASCII file in brief
format by default. The report is written to the AUDIT.LIS file.
1.5 /EVENT_TYPE
Selects the classes of events to be extracted from the security
log file. If you omit the qualifier or specify the ALL keyword,
the utility includes all enabled event classes in the report.
Format
/EVENT_TYPE=(event-type[,...])
event type[,...]
Specifies the classes of events used to select records. You can
specify any of the following event types:
[NO]ACCESS Access to an object, such as a file
[NO]ALL All event types
[NO]AUDIT Use of the SET AUDIT command
[NO]AUTHORIZATION Change to the authorization database
(SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT,
or NET$PROXY.DAT)
[NO]BREAKIN Break-in detection
[NO]CONNECTION Establishment of a network connection through
the System Management utility (SYSMAN),
DECwindows, or interprocess communication
(IPC) software
[NO]CREATE Creation of an object
[NO]DEACCESS Completion of access to an object
[NO]DELETE Deletion of an object
[NO]INSTALL Modification of the known file list with the
Install utility (INSTALL)
[NO]LOGFAIL Unsuccessful login attempt
[NO]LOGIN Successful login
[NO]LOGOUT Successful logout
[NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT
[NO]NCP Modification of the DECnet network
configuration databases
[NO]NETPROXY Modification of the network proxy
authorization file (NETPROXY.DAT or
NET$PROXY.DAT)
[NO]PRIVILEGE Privilege auditing
[NO]PROCESS Use of one or more of the process control
system services: $CREPRC, $DELPRC, $SCHDWK,
$CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID,
$REVOKID, $GETJPI, $FORCEX, $SETPRI
[NO]RIGHTSDB Modification of the rights database
(RIGHTSLIST.DAT)
[NO]SYSGEN Modification of system parameters through the
System Generation utility (SYSGEN) or AUTOGEN
[NO]SYSUAF Modification of the system user authorization
file (SYSUAF.DAT)
[NO]TIME Change in system or cluster time
Specifying the negated form of an event class (for example,
NOLOGFAIL) excludes the specified event class from the audit
report.
1.5.1 – Examples
1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example extracts all records of
unsuccessful login attempts, which match the LOGFAIL class,
and compiles a brief report.
2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example builds a report in brief format of
all audit records except those in the LOGIN and LOGOUT event
classes.
1.6 /FULL
Controls whether a full format is used in ASCII displays. If you
specify /NOFULL or omit the qualifier, records are displayed in
the brief format.
Format
/FULL
/NOFULL (default)
1.6.1 – Example
$ ANALYZE/AUDIT /FULL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example displays the full contents of each
selected record.
1.7 /IGNORE
Excludes records from the report that match the specified
criteria.
Format
/IGNORE=criteria[,...]
criteria[,...]
Specifies that all records are selected except those matching any
of the specified exclusion criteria. See the /SELECT qualifier
description for a list of the possible criteria to use with the
/IGNORE qualifier.
1.8 /INTERACTIVE
Controls whether interactive command mode is enabled when
ANALYZE/AUDIT is invoked.
Format
/INTERACTIVE (default)
/NOINTERACTIVE
1.8.1 – Examples
1.$ ANALYZE/AUDIT/FULL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example produces a full format display
of the selected records. New records are displayed every 3
seconds. (See the /PAUSE qualifier description to find how to
modify the duration of each record display.) Press Ctrl/C to
interrupt the display and to enter interactive commands.
2.$ ANALYZE/AUDIT/FULL/NOINTERACTIVE -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example invokes the utility in
noninteractive mode. It displays the first record selected and
prompts you to press the Return key to display each additional
selected record. Control returns to the DCL command level when
all selected records have been displayed.
1.9 /OUTPUT
Specifies where to direct output from ANALYZE/AUDIT. If you omit
the qualifier, the report is sent to SYS$OUTPUT.
Format
/OUTPUT[=file-spec]
/NOOUTPUT
file-spec[,...]
Specifies the name of the file that is to contain the selected
records. If you omit the device and directory specification, the
utility uses the current device and directory specification. If
you omit the file name and type, the default file name AUDIT.LIS
is used. If the output is binary (/BINARY) and you omit the
/OUTPUT qualifier, the binary information is written to the file
AUDIT.AUDIT$JOURNAL.
1.9.1 – Example
$ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects audit records from the
system audit log file and writes them to the binary file
BIN122588.DAT.
1.10 /PAUSE
Specifies the length of time each record is displayed in a full-
format display.
Format
/PAUSE=seconds
seconds
Specifies the duration (in seconds) of the full-screen display.
A value of 0 specifies that the system should not pause before
displaying the next record. By default, the utility displays a
record for 3 seconds.
1.10.1 – Example
$ ANALYZE/AUDIT /FULL/PAUSE=1 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example displays a selected record in full
format every second. You can interrupt the display and enter
interactive commands at any time by pressing Ctrl/C.
1.11 /SELECT
Specifies the criteria for selecting records from the audit log
file. For a description of how to generate audit records, see the
VSI OpenVMS Guide to System Security.
Format
/SELECT=criteria[,...]
/NOSELECT
criteria[,...]
Specifies the criteria for selecting records. For each specified
criterion, ANALYZE/AUDIT has two selection requirements:
o The packet corresponding to the criterion must be present in
the record.
o One of the specified values must match the value in that
packet.
For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as
the criteria, ANALYZE/AUDIT selects an event record containing
the SYSTEM=DBASE packet and a USER packet with either the PUTNAM
value or the WU value.
If you omit the /SELECT qualifier, all event records selected
through the /EVENT_TYPE qualifier are extracted from the audit
log file and included in the report.
You can specify any of the following criteria:
1.11.1 – ACCESS
ACCESS=(type,...)
Specifies the type of object access upon which the selection
is based. Access is object-specific and includes the following
types:
Associate Execute Read
Control Lock Submit
Create Logical Use
Delete Manage Write
Physical
The VSI OpenVMS Guide to System Security describes each of these
types.
1.11.2 – ACCOUNT
ACCOUNT=(name,...)
Specifies the account name upon which selection is based. You can
use wildcards, such as an asterisk (*) or percent sign (%), to
represent all or part of the name.
1.11.3 – ACCOUNT
ACCOUNT=(name,...)
Specifies the alarm journal name on which selection is based. You
can use wildcards to represent all or part of the alarm name.
1.11.4 – ASSOCIATION_NAME
ASSOCIATION_NAME=(IPC-name,...)
Specifies the name of the interprocess communication (IPC)
association.
1.11.5 – AUDIT_NAME
AUDIT_NAME=(journal-name,...)
Specifies the audit journal name on which selection is based. You
can use wildcards to represent all or part of the audit journal
name.
1.11.6 – COMMAND_LINE
COMMAND_LINE=(command,...)
Specifies the command line that the user entered.
1.11.7 – CONNECTION_IDENTIFICATION
CONNECTION_IDENTIFICATION=(IPC-name,...)
Specifies the name for the interprocess communication (IPC)
connection.
1.11.8 – DECNET_LINK_IDENTIFICATION
DECNET_LINK_IDENTIFICATION=(value,...)
Specifies the number of the DECnet logical link.
1.11.9 – DECNET_OBJECT_NAME
DECNET_OBJECT_NAME=(object-name,...)
Specifies the name of the DECnet object.
1.11.10 – DECNET_OBJECT_NUMBER
DECNET_OBJECT_NUMBER=(value,...)
Specifies the number of the DECnet object.
1.11.11 – DEFAULT_USERNAME
DEFAULT_USERNAME=(username,...)
Specifies the default local user name for incoming network proxy
requests.
1.11.12 – DEVICE_NAME
DEVICE_NAME=(device-name,...)
Specifies the name of a device in audit records that have a
DEVICE_NAME packet. Note that this does not select the device
name when it occurs in other packet types, such as in a file name
or in the TARGET_DEVICE_NAME packet.
1.11.13 – DIRECTORY_ENTRY
DIRECTORY_ENTRY=(directory,...)
Specifies the directory entry associated with file system
operation.
1.11.14 – DIRECTORY_NAME
DIRECTORY_NAME=(directory,...)
Specifies the name of the directory file.
1.11.15 – DISMOUNT_FLAGS
DISMOUNT_FLAGS=(flag-name,...)
Identifies the names of the volume dismounting flags to be used
in selecting records. Specify one or more of the following flag
names: Abort, Cluster, Nounload, and Unit.
1.11.16 – EVENT_CLUSTER_NAME
EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)
Specifies the name of the event flag cluster.
1.11.17 – FACILITY
FACILITY=(facility-name,...)
Specifies that only events audited by the named facility be
selected. Provide a name or a number but, in either case, the
facility has to be defined through the logical AUDSERV$FACILITY_
NAME as a decimal number; the system uses the number 0.
1.11.18 – FIELD_NAME
FIELD_NAME=(field-name,...)
Specifies the name of the field that was modified. ANALYZE/AUDIT
uses the FIELD_NAME criterion with packets containing the
original data and the new data (specified by the NEW_DATA
criterion).
A FIELD_NAME is a character string that describes the content
of the field. A search for "NEW:" in a full audit report will
display records that contain the FIELD_NAME values that can be
specified for this option. Examples of FIELD_NAME values are
Account, Default Directory, Flags, and Password Date.
For sensitive information, see SENSITIVE_FIELD_NAME.
1.11.19 – FILE_NAME
FILE_NAME=(file-name)
Specifies the name of the file that caused the audit.
Describes audit records for the specified file by using a
slightly different display format than is provided by the
/OBJECT=NAME=object-name keyword.
1.11.20 – FILE_IDENTIFICATION
FILE_IDENTIFICATION=(identification-value)
Specifies the value of the file's identification. To calculate
the value, start with the value listed for File ID when you use
the FILE_NAME keyword. For example, the display lists the File ID
as:
File ID: (3024,5,0)
Use the following formula to calculate the value:
(((0 * 65536) + 5)* 65536) + 3024 = 330704
1.11.21 – FLAGS
FLAGS=(flag-name,...)
Identifies the names of the audit event flags associated with the
audited event. These names should be used in selecting records.
Specify one or more of the following flags: ACL, Alarm, Audit,
Flush, Foreign, Internal, and Mandatory.
1.11.22 – HOLDER
HOLDER=keyword(,...)
Specifies the characteristics of the identifier holder to be used
when selecting event records. Choose from the following keywords:
NAME=username Specifies the name of the holder. You can
represent all or part of the name with a
wildcard.
OWNER=uic Specifies the user identification code
(UIC) of the holder.
1.11.23 – IDENTIFIER
IDENTIFIER=keyword(,...)
Identifies which attributes of an identifier should be used when
selecting event records. Choose from the following keywords:
ATTRIBUTES=name Specifies the name of the particular
attribute. Valid attribute names are as
follows: Dynamic, Holder_Hidden, Name_
Hidden, NoAccess, Resource, and Subsystem.
NAME=identifier Specifies the original name of the
identifier. You can represent all or part
of the name with a wildcard.
NEW_NAME=identifier Specifies the new name of the identifier.
You can represent all or part of the name
with a wildcard.
NEW_ATTRIBUTES=name Specifies the name of the new attribute.
Valid attribute names are Dynamic, Holder_
Hidden, Name_Hidden, NoAccess, Resource,
and Subsystem.
VALUE=value Specifies the original value of the
identifier.
NEW_VALUE=value Specifies the new value of the identifier.
1.11.24 – IDENTIFIERS_MISSING
IDENTIFIERS_MISSING=(identifier,...)
Specifies the identifiers missing in a failure to access an
object.
1.11.25 – IDENTIFIERS_USED
IDENTIFIERS_USED=(identifier,...)
Specifies the identifiers used to gain access to an object. An
event record matches if the specified list is a subset of the
identifiers recorded in the event record.
1.11.26 – IMAGE_NAME
IMAGE_NAME=(image-name,...)
Identifies the name of the image to be used when selecting event
records. You can represent all or part of the image name with a
wildcard.
1.11.27 – INSTALL
INSTALL=keyword(,...)
Specifies that installation event packets are to be considered
when selecting event records. Choose from the following keywords:
FILE=filename Specifies the name of the installed file.
You can represent all or part of the name
with a wildcard.
Note that on Alpha systems prior to
Version 6.1, audit log files record the
installed file name within an object
name packet. To select the installed
file, you must use the expression
OBJECT=(NAME=object-name) instead of
FILE=filename.
FLAGS=flag-name Specifies the names of the flags, which
correspond to qualifiers of the Install
utility (INSTALL); for example, OPEN
corresponds to /OPEN.
PRIVILEGES=privilege- Specifies the names of the privileges with
name which the file was installed.
1.11.28 – LNM_PARENT_NAME
LNM_PARENT_NAME=(table-name,...)
Specifies the name of the parent logical name table.
1.11.29 – LNM_TABLE_NAME
LNM_TABLE_NAME=(table-name,...)
Specifies the name of the logical name table.
1.11.30 – LOCAL
LOCAL=(characteristic,...)
Specifies the characteristics of the local (proxy) account to be
used when selecting event records. The following characteristic
is supported:
USERNAME=username Specifies the name of the local account.
You can represent all or part of the name
with a wildcard.
1.11.31 – LOGICAL_NAME
LOGICAL_NAME=(logical-name,...)
Specifies the logical name of the mounted (or dismounted) volume
upon which selection is based. You can represent all or part of
the logical name with a wildcard.
1.11.32 – MAILBOX_UNIT
MAILBOX_UNIT=(number,...)
Specifies the number of the mailbox unit.
1.11.33 – MOUNT_FLAGS
MOUNT_FLAGS=(flag-name,...)
Specifies the names of the volume mounting flags upon which
selection is based. Possible flag names include the following
names:
CACHE=(NONE,WRITETHROUGH)
CDROM
CLUSTER
COMPACTION
DATACHECK=(READ,WRITE)
DSI
FOREIGN
GROUP
INCLUDE
INITIALIZATION=(ALLOCATE,CONTINUATION)
MESSAGE
NOASSIST
NOAUTOMATIC
NOCOMPACTION
NOCOPY
NOHDR3
NOJOURNAL
NOLABEL
NOMOUNT_VERIFICATION
NOQUOTA
NOREBUILD
NOUNLOAD
NOWRITE
{ ACCESSIBILITY }
{ EXPIRATION }
{ IDENTIFICATION }
{ }
{ LIMITED_SEARCH }
OVERRIDE=(options[,...]) { LOCK }
{ NO_FORCED_ERROR }
{ }
{ OWNER_IDENTIFIER }
{ SECURITY }
{ SETID }
{ }
POOL
QUOTA
SHARE
SUBSYSTEM
SYSTEM
TAPE_DATA_WRITE
XAR
The names NOLABEL and FOREIGN each point to the FOREIGN
flag. The reason for this is that the MOUNT/NOLABEL
and MOUNT/FOREIGN commands each set the FOREIGN flag.
Therefore, if you used MOUNT/NOLABEL, and you use
ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will
display the FOREIGN flag.
1.11.34 – NEW_DATA
NEW_DATA=(value,...)
Specifies the value to use after the event occurs. Use this
criterion with the FIELD_NAME criterion.
When you use the Authorize utility (AUTHORIZE) to copy a user
name, NEW_DATA specifies the newly created user name.
For sensitive information, see SENSITIVE_NEW_DATA.
1.11.35 – NEW_IMAGE_NAME
NEW_IMAGE_NAME=(image-name,...)
Specifies the name of the image to be activated in the newly
created process, as supplied to the $CREPRC system service.
1.11.36 – NEW_OWNER
NEW_OWNER=(uic,...)
Specifies the user identification code (UIC) to be assigned to
the created process, as supplied to the $CREPRC system service.
1.11.37 – OBJECT
OBJECT=keyword(,...)
Specifies which characteristics of an object should be used when
selecting event records. Choose any of the following keywords:
CLASS=class-name Specifies the general object class as one
of the following classes:
Capability
Device
Event_cluster
File
Group_global_section
Logical_name_table
Queue
Resource_domain
Security_class
System_global_section
Volume
You must enter the full class name (for
example, CLASS=logical_name_table) or use
wildcard characters to supply a portion of
the class name (for example, CLASS=log*).
NAME=object-name Specifies the name of the object. You can
represent all or part of the name with a
wildcard. If you do not use a wildcard,
specify the full object name (for example,
BOSTON$DUA0:[RWOODS]MEMO.MEM;1).
OWNER=value Specifies the UIC or general identifier of
the object.
TYPE=type Specifies the general object class (type
of object). The available classes are as
follows:
Capability
Device
File
Group_global_section
Logical_name_table
Queue
System_global_section
The CLASS keyword supersedes the TYPE
keyword. However, TYPE is required to
select audit records in files created
prior to OpenVMS Alpha Version 6.1.
1.11.38 – PARENT
PARENT=keyword(,...)
Specifies which characteristics of the parent process are used
when selecting event records generated by a subprocess. Choose
from the following keywords:
IDENTIFICATION=value Specifies the process identifier (PID) of
the parent process.
NAME=process-name Specifies the name of the parent process.
You can represent all or part of the name
with a wildcard.
OWNER=value Specifies the owner (identifier value) of
the parent process.
USERNAME=username Specifies the user name of the parent
process. You can represent all or part of
the name with a wildcard.
1.11.39 – PASSWORD
PASSWORD=(password,...)
Specifies the password used when the system detected a break-in
attempt.
1.11.40 – PRIVILEGES_MISSING
PRIVILEGES_MISSING=(privilege-name,...)
Specifies privileges the caller needed to perform the operation
successfully. Specify any of the system privileges, as described
in the VSI OpenVMS Guide to System Security.
1.11.41 – PRIVILEGES_USED
PRIVILEGES_USED=(privilege-name,...)
Specifies the privileges of the process to be used when selecting
event records. Specify any of the system privileges, as described
in the VSI OpenVMS Guide to System Security. Also include the
STATUS keyword in the selection criteria so the report can
demonstrate whether the privilege was involved in a successful
or an unsuccessful operation.
1.11.42 – PROCESS
PROCESS=(characteristic,...)
Specifies the characteristics of the process to be used
when selecting event records. Choose from the following
characteristics:
IDENTIFICATION=value Specifies the PID of the process.
NAME=process-name Specifies the name of the process. You can
represent all or part of the name with a
wildcard.
1.11.43 – REMOTE
REMOTE=keyword(,...)
Specifies that some characteristic of the network request is to
be used when selecting event records. Choose from the following
keywords:
ASSOCIATION_NAME=IPC-name Specifies the interprocess
communication (IPC) association name.
LINK_IDENTIFICATION=value Specifies the number of the DECnet
logical link.
IDENTIFICATION=value Specifies the DECnet node address.
NODENAME=node-name Specifies the DECnet node name. You
can represent all or part of the name
with a wildcard.
USERNAME=username Specifies the remote user name. You
can represent all or part of the
remote user name with a wildcard.
1.11.44 – REQUEST_NUMBER
REQUEST_NUMBER=(value,...)
Specifies the request number associated with the DCL command
REQUEST/REPLY.
1.11.45 – SECTION_NAME
SECTION_NAME=(global-section-name,...)
Specifies the name of the global section.
1.11.46 – SENSITIVE_FIELD_NAME
SENSITIVE_FIELD_NAME=(field-name,...)
Specifies the name of the field that was modified. ANALYZE/AUDIT
uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with
packets containing the original data and the new data (specified
by the SENSITIVE_NEW_DATA criterion).
1.11.47 – SENSITIVE_NEW_DATA
SENSITIVE_NEW_DATA=(value,...)
Specifies the value to use after the event occurs. Use this
criterion with the SENSITIVE_FIELD_NAME criterion.
1.11.48 – SNAPSHOT_BOOTFILE
SNAPSHOT_BOOTFILE=(filename,...)
Specifies the name of the file containing a snapshot of the
system.
1.11.49 – SNAPSHOT_SAVE_FILENAME
SNAPSHOT_SAVE_FILENAME=(filename,...)
Specifies the name of the system snapshot file for a save
operation that is in progress.
1.11.50 – STATUS
STATUS=(type,...)
Specifies the type of success status to be used when selecting
event records. Choose from the following status types:
SUCCESSFUL Specifies any success status.
FAILURE Specifies any failure status.
CODE=(value) Specifies a specific completion status.
Note that if you specify CODE more than once, only the last value
is matched.
1.11.51 – SUBJECT_OWNER
SUBJECT_OWNER=(uic,...)
Specifies the owner (UIC) of the process causing the event.
1.11.52 – SUBTYPE
SUBTYPE=(subtype,...)
Specifies that the criteria be limited to the value or values
specified as a subtype. The following table lists events and
their related subtypes. After SUBTYPE, enter the subtypes as they
appear in the list-for example, SUBTYPE=ALARM_STATE. (In other
words, do not enter a prefix.)
Symbols for Event Types
and Subtypes Meaning
NSA$C_MSG_AUDIT Systemwide change to auditing
ALARM_STATE Events enabled as alarms
AUDIT_DISABLED Audit events disabled
AUDIT_ENABLED Audit events enabled
AUDIT_INITIATE Audit server startup
AUDIT_LOG_FIRST First entry in audit log (backward
link)
AUDIT_LOG_FINAL Final entry in audit log (forward link)
AUDIT_STATE Events enabled as audits
AUDIT_TERMINATE Audit server shutdown
SNAPSHOT_ABORT* System snapshot attempt has aborted
SNAPSHOT_ACCESS* Snapshot file access/deaccess
SNAPSHOT_SAVE* System snapshot save in progress
SNAPSHOT_STARTUP* System booted from a snapshot file
* Obsolete as of OpenVMS Version 7.1
NSA$C_MSG_BREAKIN Break-in attempt detected
BATCH Batch process
DETACHED Detached process
DIALUP Dialup interactive process
LOCAL Local interactive process
NETWORK Network server task
REMOTE Interactive process from another
network node
SUBPROCESS Subprocess
NSA$C_MSG_CONNECTION Logical link connection or termination
CNX_ABORT Connection aborted
CNX_ACCEPT Connection accepted
CNX_DECNET_CREATE DECnet logical link created
CNX_DECNET_DELETE DECnet logical link disconnected
CNX_DISCONNECT Connection disconnected
CNX_INC_ABORT Incoming connection request aborted
CNX_INC_ACCEPT Incoming connection request accepted
CNX_INC_DISCONNECT Incoming connection disconnected
CNX_INC_REJECT Incoming connection request rejected
CNX_INC_REQUEST Incoming connection request
CNX_IPC_CLOSE Interprocess communication association
closed
CNX_IPC_OPEN Interprocess communication association
opened
CNX_REJECT Connection rejected
CNX_REQUEST Connection requested
NSA$C_MSG_INSTALL Use of the Install utility (INSTALL)
INSTALL_ADD Known image installed
INSTALL_REMOVE Known image deleted
NSA$C_MSG_LOGFAIL Login failure
See subtypes for
NSA$C_MSG_BREAKIN
NSA$C_MSG_LOGIN Successful login
See subtypes for
NSA$C_MSG_BREAKIN
NSA$C_MSG_LOGOUT Successful logout
See subtypes for
NSA$C_MSG_BREAKIN
NSA$C_MSG_MOUNT Volume mount or dismount
VOL_DISMOUNT Volume dismount
VOL_MOUNT Volume mount
NSA$C_MSG_NCP Modification to network configuration
database
NCP_COMMAND Network Control Program (NCP) command
issued
NSA$C_MSG_NETPROXY Modification to network proxy database
NETPROXY_ADD Record added to network proxy
authorization file
NETPROXY_DELETE Record removed from network proxy
authorization file
NETPROXY_MODIFY Record modified in network proxy
authorization file
NSA$C_MSG_OBJ_ACCESS Object access attempted
OBJ_ACCESS Access attempted to create, delete, or
deaccess an object
NSA$C_MSG_OBJ_CREATE Object creation attempted
OBJ_CREATE Access attempted to create an object
NSA$C_MSG_OBJ_DEACCESS Object deaccessed
OBJ_DEACCESS Attempt to complete access to an object
NSA$C_MSG_OBJ_DELETE Object deletion attempted
OBJ_DELETE Object deletion attempted
NSA$C_MSG_PROCESS Process controlled through a system
service
PRC_CANWAK Process wakeup canceled
PRC_CREPRC Process created
PRC_DELPRC Process deleted
PRC_FORCEX Process exit forced
PRC_GETJPI Process information gathered
PRC_GRANTID Process identifier granted
PRC_RESUME Process resumed
PRC_REVOKID Process identifier revoked
PRC_SCHDWK Process wakeup scheduled
PRC_SETPRI Process priority altered
PRC_SIGPRC Process exception issued
PRC_SUSPND Process suspended
PRC_TERM Process termination notification
requested
PRC_WAKE Process wakeup issued
NSA$C_MSG_PRVAUD Use of privilege
PRVAUD_FAILURE Unsuccessful use of privilege
PRVAUD_SUCCESS Successful use of privilege
NSA$C_MSG_RIGHTSDB Modification to the rights database
RDB_ADD_ID Identifier added to rights database
RDB_CREATE Rights database created
RDB_GRANT_ID Identifier granted to user
RDB_MOD_HOLDER List of identifier holders modified
RDB_MOD_ID Identifier name or attributes modified
RDB_REM_ID Identifier removed from rights database
RDB_REVOKE_ID Identifier taken away from user
NSA$C_MSG_SYSGEN Use of the System Generation utility
(SYSGEN)
SYSGEN_SET System parameter modified
NSA$C_MSG_SYSTIME Modification to system time
SYSTIM_SET System time set
SYSTIM_CAL System time calibrated
NSA$C_MSG_SYSUAF Modification to system user
authorization file (SYSUAF)
SYSUAF_ADD Record added to system user
authorization file
SYSUAF_COPY Record added to system user
authorization file
SYSUAF_DELETE Record deleted from system user
authorization file
SYSUAF_MODIFY Record modified in system user
authorization file
SYSUAF_RENAME Record renamed in system user
authorization file
1.11.53 – SYSTEM
SYSTEM=keyword(,...)
Specifies the characteristics of the system to be used when
selecting event records. Choose from the following keywords:
IDENTIFICATION=value Specifies the numeric identification of
the system.
NAME=nodename Specifies the node name of the system.
1.11.54 – SYSTEM_SERVICE_NAME
SYSTEM_SERVICE_NAME=(service-name,...)
Specifies the name of the system service associated with the
event.
1.11.55 – TARGET_DEVICE_NAME
TARGET_DEVICE_NAME=(device-name,...)
Specifies the target device name used by a process control system
service.
1.11.56 – TARGET_PROCESS_IDENTIFICATION
TARGET_PROCESS_IDENTIFICATION=(value,...)
Specifies the target process identifier (PID) used by a process
control system service.
1.11.57 – TARGET_PROCESS_NAME
TARGET_PROCESS_NAME=(process-name,...)
Specifies the target process name used by a process control
system service.
1.11.58 – TARGET_PROCESS_OWNER
TARGET_PROCESS_OWNER=(uic,...)
Specifies the target process owner (UIC) used by a process
control system service.
1.11.59 – TARGET_USERNAME
TARGET_USERNAME=(username,...)
Specifies the target user name used by a process control system
service.
1.11.60 – TERMINAL
TERMINAL=(device-name,...)
Specifies the name of the terminal to be used when selecting
event records. You can represent all or part of the terminal name
with a wildcard.
1.11.61 – TRANSPORT_NAME
TRANSPORT_NAME=(transport-name,...)
Specifies the name of the transport: interprocess communication
(IPC) or System Management Integrator (SMI), which handles
requests from the System Management utility.
On VAX systems, it also can specify the DECnet transport name
(NSP).
1.11.62 – UAF_SOURCE
UAF_SOURCE=(record-name,...)
Specifies the user name of the source record for an Authorize
utility (AUTHORIZE) add, modify, or delete operation.
1.11.63 – USERNAME
USERNAME=(username,...)
Specifies the user name to be used when selecting event records.
You can represent all or part of the user name with a wildcard.
1.11.64 – VOLUME_NAME
VOLUME_NAME=(volume-name,...)
Specifies the name of the mounted (or dismounted) volume to be
used when selecting event records. You can represent all or part
of the volume name with a wildcard.
1.11.65 – VOLUME_SET_NAME
VOLUME_SET_NAME=(volume-set-name,...)
Specifies the name of the mounted (or dismounted) volume set to
be used when selecting event records. You can represent all or
part of the volume set name with a wildcard.
1.11.66 – Examples
1.$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records written to the
security audit log file that were generated by user JOHNSON.
2.$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,-
_$ BYPASS) SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects all records written to the
security audit log file that were generated by events through
the use of either SYSPRV or BYPASS privilege.
1.12 /SINCE
Indicates the utility must operate on records dated with the
specified time or after the specified time.
Format
/SINCE[=time]
/NOSINCE
time
Specifies the time used to select records. Records dated the
same or later than the specified time are selected. You can
specify an absolute time, a delta time, or a combination of the
two. Observe the syntax rules for date and time described in the
OpenVMS User's Manual.
If you specify /SINCE without the time, the utility uses the
beginning of the current day.
1.12.1 – Examples
1.$ ANALYZE/AUDIT /SINCE=25-NOV-2005 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects records dated later than
November 25, 2005.
2.$ ANALYZE/AUDIT /SINCE=25-NOV-2005:15:00 -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example selects records written after 3
P.M. on November 25, 2005.
1.13 /SUMMARY
Specifies that a summary of the selected records be produced
after all records are processed.
Note that the /SUMMARY qualifier code is executed after the
Audit Analyzer is finished, that is, after all the records to be
analyzed have been collected and processed. When you specify the
/INTERACTIVE qualifier (which is the default), the Audit Analyzer
never reaches the finished state because /INTERACTIVE prompts you
repeatedly to enter another command (which might result in a new
set of records to be analyzed).
To use the /SUMMARY qualifier, you must also specify
/NOINTERACTIVE, which ensures that the Audit Analyzer reaches
the finished state that allows the SUMMARY code to be executed
and to display the proper information. In a future version of
OpenVMS, the Audit Analyzer will return an error when /SUMMARY
and /INTERACTIVE are specified together.
You can use the /SUMMARY qualifier alone or in combination with
the /BRIEF, the /BINARY, or the /FULL qualifier.
Format
/SUMMARY=presentation
/NOSUMMARY
presentation
Specifies the presentation of the summary. If you do not specify
a presentation criterion, ANALYZE/AUDIT summarizes the number of
audits.
You can specify either of the following presentations:
COUNT
Lists the total number of audit messages for each class of
security event that have been extracted from the security audit
log file. This is the default.
PLOT
Displays a plot showing the class of the audit event, the time
of day when the audit was generated, and the name of the system
where the audit was generated.
1.13.1 – Examples
1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example generates a summary report of all
records processed.
Total records read: 9701 Records selected: 9701
Record buffer size: 1031
Successful logins: 542 Object creates: 1278
Successful logouts: 531 Object accesses: 3761
Login failures: 35 Object deaccesses: 2901
Breakin attempts: 2 Object deletes: 301
System UAF changes: 10 Volume (dis)mounts: 50
Rights db changes: 8 System time changes: 0
Netproxy changes: 5 Server messages: 0
Audit changes: 7 Connections: 0
Installed db changes: 50 Process control audits: 0
Sysgen changes: 9 Privilege audits: 91
NCP command lines: 120
2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example generates a full format listing
of all logged audit messages that match the break-in or log
failure event classes. A summary report is included at the end
of the listing.
3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
This command generates a histogram that you can display on a
character-cell terminal.
2 /CRASH_DUMP
Invokes SDA to analyze the specified dump file.
Format:
/CRASH_DUMP [filespec]
filespec
Name of the file that contains the dump you want to analyze.
If no filespec is given on an ANALYZE/CRASH_DUMP command,
the default is the highest version of SYS$SYSTEM:SYSDUMP.DMP.
If this file does not exist, SDA prompts you for a file name.
If any field of filespec is given, the remaining fields default
to the highest version of SYSDUMP.DMP in your default directory.
2.1 /COLLECTION
Valid for Alpha and Integrity server systems only.
Indicates to SDA that the file ID translation data or unwind data
is to be found in a separate file.
Format:
/COLLECTION = collection-file-name
collection-file-name
You must specify at least one field of the collection file name.
Other fields default to the highest generation of the same filename
and location as the dump file, with a file type of .COLLECT.
For details, refer to the VSI OpenVMS System Analysis Tools Manual.
2.2 /OVERRIDE
Valid for Alpha and Integrity server systems only.
Invokes SDA to analyze only the structure of the specified
dump file when a corruption or other problem prevents
normal invocation of SDA with the ANALYZE/CRASH_DUMP command.
Format:
/CRASH_DUMP/OVERRIDE [filespec]
Commands that can be used when SDA is invoked with /OVERRIDE are
as follows:
o Output control commands such as SET OUTPUT and SET LOG
o Dump file related commands such as SHOW DUMP and CLUE ERRLOG
You cannot use commands that access memory addresses within the
dump file such as EXAMINE and SHOW SUMMARY
2.2.1 – Examples
$ ANALYZE/CRASH_DUMP/OVERRIDE SYS$SYSTEM:SYSDUMP.DMP
$ ANALYZE/CRASH/OVERRIDE SYS$SYSTEM
These commands invoke SDA to analyze the crash dump stored in
SYS$SYSTEM:SYSDUMP.DMP.
2.3 /RELEASE
Invokes SDA to release those blocks in the specified system
paging file occupied by a crash dump.
Requires CMKRNL (change-mode-to-kernel) privilege.
Format:
/CRASH_DUMP/RELEASE filespec
Use the /RELEASE qualifier to release from the system paging file
those blocks occupied by a crash dump. Be aware that when you use
the /RELEASE qualifier, SDA immediately deletes the dump from the
paging file and allows you no opportunity to analyze its contents.
When you specify the /RELEASE qualifier in the ANALYZE
command, include the name of the system paging file
(SYS$SYSTEM:PAGEFILE.SYS) as the filespec.
If you do not specify the system paging file or the specified
paging file does not contain a dump, SDA displays one of the
following messages:
%SDA-E-BLKSNRLSD, no dump blocks in page file to release,
or no page file
%SDA-E-NOTPAGFIL, specified file is not the page file
2.3.1 – Examples
$ ANALYZE/CRASH_DUMP/RELEASE SYS$SYSTEM:PAGEFILE.SYS
$ ANALYZE/CRASH_DUMP/RELEASE PAGEFILE.SYS
These commands invoke SDA to release to the page file those
blocks in SYS$SYSTEM:PAGEFILE.SYS occupied by a crash dump.
2.4 /SHADOW_MEMBER
Valid for Alpha and Integrity server systems only.
Specifies which member of a shadow set contains the system dump
to be analyzed, or allows the user to determine what system dumps
have been written to the members of the shadow set.
Format:
/CRASH_DUMP/SHADOW_MEMBER [filespec]
2.5 /SYMBOL
Specifies an alternate system symbol table for SDA to use, for
example, if you want to analyze a crash dump taken on a processor
running a different version of OpenVMS.
/SYMBOL is ignored if it is specified with /OVERRIDE or /RELEASE.
Format:
/SYMBOL = system-symbol-table
system-symbol-table
The file specification of the SDA system symbol table required
by SDA to analyze a system dump. The specified system-symbol-table
must contain those symbols required by SDA to find certain
locations in the executive image.
If you do not specify the /SYMBOL qualifier, SDA uses
SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the
SDA symbol table. When you specify the /SYMBOL qualifier,
SDA assumes the default disk and directory to be SYS$DISK:[ ],
that is, the disk and directory specified in your last DCL command
SET DEFAULT. If you specify a file for this parameter that is
not a system symbol table, SDA exits with a fatal error.
2.5.1 – Examples
$ ANALYZE/CRASH_DUMP/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM
This command invokes SDA to analyze the crash dump stored in
SYS$SYSTEM:SYSDUMP.DMP, using the base image in SDA$READ_DIR.
3 /DISK_STRUCTURE
The Analyze/Disk_Structure utility checks the readability and
validity of Files-11 Structure Levels 1, 2, and 5 disk volumes,
and reports errors and inconsistencies. You can detect most
classes of errors by invoking the utility once and using its
defaults.
Format
ANALYZE/DISK_STRUCTURE device-name:[/qualifier]
3.1 – Parameter
device-name
Specifies the disk volume or volume set to be verified. If you
specify a volume set, all volumes of the volume set must be
mounted as Files-11 volumes. For information about the Mount
utility, refer to the OpenVMS System Management Utilities
Reference Manual.
3.2 – Qualifiers
Qualifier Description
/CONFIRM Determines whether ANALYZE/DISK_STRUCTURE
prompts you to confirm each repair
/HOMEBLOCKS Erases damaged home blocks on an initialized
volume
/LIST[=filespec] Determines whether ANALYZE/DISK_STRUCTURE
produces a listing of the index file
/LOCK_VOLUME (Alpha/I64 only) Prevents updates to a
volume while you are analyzing it
/OUTPUT[=filespec] Specifies the output file to which
ANALYZE/DISK_STRUCTURE writes the disk
structure errors
/READ_CHECK Determines whether ANALYZE/DISK_STRUCTURE
performs a read check of all allocated blocks
on the specified disk
/RECORD_ Determines whether ANALYZE/DISK_STRUCTURE
ATTRIBUTES repairs files containing erroneous settings
in the record attributes section of their
associated file attribute block (FAT)
/REPAIR Determines whether ANALYZE/DISK_STRUCTURE
repairs errors that are detected in the file
structure of the specified device
/SHADOW Causes the entire contents of a shadow set or
a specified range of blocks in a shadow set to
be checked for discrepancies.
/STATISTICS Produces statistical information about the
volume under verification and creates a
file, STATS.DAT, which contains per-volume
statistics
/USAGE[=filespec] Specifies that a disk usage accounting file
should be produced, in addition to the other
specified functions of ANALYZE/DISK_STRUCTURE
3.3 /CONFIRM
Determines whether the Analyze/Disk_Structure utility prompts you
to confirm each repair. If you respond with Y or YES, the utility
performs the repair. Otherwise, the repair is not performed.
Format
/CONFIRM
/NOCONFIRM
3.4 /HOMEBLOCKS
Erases home blocks from a volume whose home blocks were not
deleted during previous initialization operations.
Format
/HOMEBLOCKS
3.5 /LIST
Determines whether the Analyze/Disk_Structure utility produces a
listing of the index file.
Format
/LIST[=filespec]
/NOLIST
3.6 /LOCK_VOLUME
Prevents updates to a volume while you are analyzing it.
Format
/LOCK_VOLUME
/NOLOCK_VOLUME
3.7 /OUTPUT
Specifies the output file to which the Analyze/Disk_Structure
utility is to write the disk structure errors.
Format
/OUTPUT[=filespec]
/NOOUTPUT[=filespec]
3.8 /READ_CHECK
Determines whether the Analyze/Disk_Structure utility performs
a read check of all allocated blocks on the specified disk.
When the Analyze/Disk_Structure utility performs a read check,
it reads the disk twice; this ensures that it reads the disk
correctly. The default is /NOREAD_CHECK.
Format
/READ_CHECK
/NOREAD_CHECK
3.9 /RECORD_ATTRIBUTES
Determines whether the Analyze/Disk_Structure utility repairs
files containing erroneous settings in the record attributes
section of their associated file attribute block (FAT).
Format
/RECORD_ATTRIBUTES
3.10 /REPAIR
Determines whether the Analyze/Disk_Structure utility repairs
errors that are detected in the file structure of the specified
device.
Format
/REPAIR
/NOREPAIR
3.11 /SHADOW
Examines the entire contents of a shadow set or a specified range
of blocks in a shadow set for discrepancies.
Format
/SHADOW
3.11.1 – Qualifiers
3.11.1.1 /BLOCKS
/BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL}
Directs the system to compare only the range specified. The
options are the following:
START:n Number of the first block to be analyzed. The default
is the first block.
COUNT:x Number of blocks to be analyzed. You can use this
option in combination with or instead of the END
option.
END:y Number of the last block to be analyzed. The default
is the last block of the volume.
FILE_ Blocks currently in use by valid files on the disk.
SYSTEM This is the default.
ALL All blocks on the disk.
You can specify START,END,COUNT and either ALL or FILE_SYSTEM.
For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL),
the software checks the first 100 blocks on the disk, whether or
not the file system is using them.
If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the
software checks only those blocks that valid files on the disk
are using.
3.11.1.2 /BRIEF
Displays only the logical block number (LBN) if the data in
a block is found to be different. Without this qualifier, if
differences exist for an LBN, the hexadecimal data of that block
will be displayed for each member.
3.11.1.3 /IGNORE
/IGNORE
[NO]IGNORE
Ignore "special" files that are likely to have some blocks with
different data. These differences, however, are not unusual and
can, therefore, be ignored.
Other special files are the following:
SWAPFILE*.*
PAGEFILE*.*
SYSDUMP.DMP
SYS$ERRLOG.DMP
IGNORE is the default.
3.11.1.4 /OUTPUT
/OUTPUT=filename
Output the information to the specified file.
3.11.1.5 /STATISTICS
Display only the file header and footer. The best use of this
qualifier is with the /OUTPUT qualifier.
3.12 /STATISTICS
Produces statistical information about the volume under
verification and creates a file, STATS.DAT, which contains per-
volume statistics.
Format
/STATISTICS
3.13 /USAGE
Specifies that a disk usage accounting file should be produced,
in addition to the other specified functions of the Analyze/Disk_
Structure utility.
Format
/USAGE[=filespec]
4 /ERROR_LOG
You must specify /ERROR_LOG/ELV to access the Error Log Viewer
(ELV). This utility is used with error logs written on systems
running OpenVMS Version 7.3 and later.
/ERROR_LOG (without /ELV) invokes the Error Log Report Formatter
(ERF), a utility that is no longer supported, but which may be
useful for error logs written on systems running OpenVMS versions
older than Version 7.2. (It is available only on Alpha and VAX
systems.) For documentation about ERF, refer to the Freeware
website:
http://h71000.www7.hp.com/openvms/freeware/
Before using ERF, you must convert error log files using ELV or the
Binary Error Log Translation utility, which is part of DECevent.
DECevent is no longer supported, but those who need it can download
the software and related documentation from the Freeware website:
http://h71000.www7.hp.com/openvms/freeware/
4.1 /ELV
Valid for Alpha and I64 systems only.
Invokes the Error Log Viewer (ELV) to selectively report the
contents of an error log file.
You can execute ELV commands directly from DCL command level or
from ELV's interactive shell mode.
To invoke ELV, enter the following command:
$ ANALYZE/ERROR_LOG/ELV
The utility enters interactive shell mode and displays the ELV
prompt:
ELV>
You can then enter an ELV command. After ELV executes the
command, it again displays the ELV> prompt. To return directly
to DCL, use the /NOINTERACTIVE qualifier.
You can also enter an ELV command directly from DCL; for example:
$ ANALYZE/ERROR_LOG/ELV TRANSLATE ERRLOG.SYS;42
After ELV executes the command, you are returned to the DCL
prompt by default.
To enter interactive shell mode after executing the command, use
the /INTERACTIVE qualifier.
4.1.1 – Categories of Events
ELV recognizes several categories of events for inclusion in (or
exclusion from) various operations. The first major separation
is between valid and invalid events. Then, within the category
of valid events are selected and rejected events. Explanations of
these categories follow.
o Valid
Valid events can be read into an internal buffer; also, bit-
to-text translation data can be produced for the header.
For an event to be valid, the event body does not need
to be translatable; in this case, the event is valid but
untranslatable.
- Selected
A selected event is one that is of particular interest
to you. You select events by using a selection qualifier:
/ENTRY, /INCLUDE, /NODE, /SINCE, and /BEFORE. The events
that are selected according to the selection criteria are
included in or excluded from a report.
- Rejected
A rejected event is one that is not included in a report
because the command line specifies one of the following:
* An interval: /ENTRY, /SINCE, or /BEFORE
* A filter: /INCLUDE, /EXCLUDE, /NODE, or /NONODE
You can use the /REJECTED qualifier to include rejected
events in a report. (By default, only selected events are
included in a report.)
o Invalid
An invalid event is one that cannot be read into an internal
buffer or whose header cannot be translated. You can use the
ELV command DUMP/INVALID to output invalid events to an output
dump file for further examination.
4.1.2 – CONVERT
Converts an error log file written in the newer format to an
error log file written in the older format (that is read by
ANALYZE/ERROR_LOG). This command is primarily used to enable
translation of older error log events whose translation is not
supported by ELV.
Format
CONVERT [input-file,...]
4.1.2.1 – Parameter
input-file
Supplies one or more names of binary error log files to be
converted to the older format.
If you do not specify an input file name, the default input file
name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
and directory, the system defaults to your current device and
directory. If you do not specify a file name, the default file
name is ERRLOG. If you do not specify a file type, the default
file type is .SYS.
4.1.2.2 – Qualifiers
4.1.2.2.1 /BEFORE
/BEFORE=date-time
Specifies that only those events dated earlier than the stated
date and time are to be selected for the report.
Date-time specifies that only those events dated earlier than
the stated date and time are to be selected for the report. You
can specify an absolute time, a delta time, or a combination of
absolute and delta times. See the OpenVMS System Manager's Manual
for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.2.2.2 /ENTRY
/ENTRY=keyword[,...]
Generates a report that includes the specified entry range or
starts at the specified entry number.
You can specify one or both keywords:
Keyword Description
START:decimal-value Indicates the start of a range of entries
in a report.
END:decimal-value Indicates the end of a range of entries
in a report.
Usage Notes:
o You can specify one or both of these parameters. If you
specify both parameters, you must enclose them in parentheses.
o If you specify /ENTRY without the entry range or omit the
qualifier, the entry range defaults to START:1,END:end-of-
file.
4.1.2.2.3 /EXCLUDE
/EXCLUDE=event-class[,...]
Excludes the specified event class or classes from the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Exclude device attention entries from the report.
BUGCHECKS Exclude all types of bugcheck entries from the
report.
CONFIGURATION Exclude system configuration entries from the
report.
CONTROL_ Exclude control entries from the report. Control
ENTRIES entries include the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Exclude CPU-related entries from the report. CPU
entries include the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Exclude device error entries from the report.
ERRORS
ENVIRONMENTAL_ Exclude environmental entries from the report.
ENTRIES
MACHINE_ Exclude machine check entries from the report.
CHECKS
MEMORY Exclude memory errors from the report.
SNAPSHOT_ Exclude snapshot entries from the report.
ENTRIES
SYNDROME Exclude firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Exclude device timeout entries from the report.
UNKNOWN_ Exclude any entry that had either an unknown entry
ENTRIES type or an unknown device type or class.
UNSOLICITED_ Exclude unsolicited MSCP entries from the output
MSCP report.
VOLUME_ Exclude volume mount and dismount entries from the
CHANGES report.
4.1.2.2.4 /INCLUDE
/INCLUDE=event-class[,...]
Includes the specified event class or classes in the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Select device attention entries.
BUGCHECKS Select all types of bugcheck entries.
CONFIGURATION Select system configuration entries.
CONTROL_ Select control entries. Control entries include
ENTRIES the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Select CPU-related entries. CPU entries include
the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Select device error entries.
ERRORS
ENVIRONMENTAL_ Select environmental entries.
ENTRIES
MACHINE_ Select machine check entries.
CHECKS
MEMORY Select memory errors.
SNAPSHOT_ Select snapshot entries.
ENTRIES
SYNDROME Select firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Select device timeout entries.
UNKNOWN_ Select any entry that has an unknown entry
ENTRIES class.
UNSOLICITED_ Select unsolicited MSCP entries.
MSCP
VOLUME_ Select volume mount and dismount entries.
CHANGES
4.1.2.2.5 /INTERACTIVE
/INTERACTIVE
/[NO]INTERACTIVE
Specifies whether or not ELV is to run in interactive shell mode.
By default, interactive shell mode results from the way ELV is
invoked.
4.1.2.2.6 /LOG
/LOG
/NOLOG
Specifies whether or not ELV is to output control and
informational messages to the terminal. The default, /NOLOG,
does not output these messages to the terminal.
4.1.2.2.7 /NODE
/NODE=[node-name,...]
/NONODE=[node-name,...]
Includes or excludes events occurring on a specified node or
nodes from a report.
If you do not enter a node name, only events that occur on
the node on which you are running ELV are selected. (This is
important in a cluster.)
If you enter /NONODE without a value, events occurring on all
nodes that are represented in the error log file are processed.
4.1.2.2.8 /OUTPUT
/OUTPUT=[output-file]
Specifies the output file to contain converted copies of events
chosen with interval and filter qualifiers.
If you do not specify an output file name, the input file name
is used. If you do not specify a device and directory, the system
defaults to your current device and directory. If you do not
specify a file type, the default file type is .CVT.
4.1.2.2.9 /REJECTED
You can use the /REJECTED qualifier to include rejected events
in a report. (By default, only selected events are included in a
report.)
4.1.2.2.10 /SINCE
/SINCE=[date-time]
Specifies that only those events dated later than the stated date
and time are to be selected for the report.
You can use date-time to limit the report to those events dated
later than the specified time. You can specify an absolute time,
a delta time, or a combination of absolute and delta times. See
the OpenVMS User's Manual for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.2.3 – Examples
1.ELV> CONVERT ERROR_LOG.SYS
The command in this example converts events in ERROR_LOG.SYS to
the older format and writes them to ERROR_LOG.CVT.
2.ELV> CONVERT/OUTPUT
The command in this example converts events in the default file
ERRLOG.SYS to the older format and writes them to ERRLOG.CVT.
3.ELV> CONVERT/OUTPUT=OUTFILE.OUT
The command in this example converts events in the default file
ERRLOG.SYS to the older format and writes them to OUTFILE.OUT.
4.1.3 – DUMP
Allows you to specify the name of a file to contain an OpenVMS
dump-style record for each event.
If you do not specify an output file name, the input file name
is used. If you do not specify a device and directory, the system
defaults to your current device and directory. If you do not
specify a file type, the default file type is .DMP.
Format
DUMP [input-file,...]
4.1.3.1 – Parameter
input-file
Supplies one or more names of binary error log files to be used
to produce an output dump file.
If you do not specify an input file name, the default input file
name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
and directory, the system defaults to your current device and
directory. If you do not specify a file name, the default file
name is ERRLOG. If you do not specify a file type, the default
file type is .SYS.
4.1.3.2 – Qualifiers
4.1.3.2.1 /BEFORE
/BEFORE=date-time
Specifies that only those events dated earlier than the stated
date and time are to be selected for the report.
Date-time specifies that only those events dated earlier than
the stated date and time are to be selected for the report. You
can specify an absolute time, a delta time, or a combination of
absolute and delta times. See the OpenVMS System Manager's Manual
for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.3.2.2 /ENTRY
/ENTRY=keyword[,...]
Generates a report that includes the specified entry range or
starts at the specified entry number.
You can specify one or both keywords:
Keyword Description
START:decimal-value Indicates the start of a range of entries
in a report.
END:decimal-value Indicates the end of a range of entries
in a report.
Usage Notes:
o You can specify one or both of these parameters. If you
specify both parameters, you must enclose them in parentheses.
o If you specify /ENTRY without the entry range or omit the
qualifier, the entry range defaults to START:1,END:end-of-
file.
4.1.3.2.3 /EXCLUDE
/EXCLUDE=event-class[,...]
Excludes the specified event class or classes from the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Exclude device attention entries from the report.
BUGCHECKS Exclude all types of bugcheck entries from the
report.
CONFIGURATION Exclude system configuration entries from the
report.
CONTROL_ Exclude control entries from the report. Control
ENTRIES entries include the following event types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Exclude CPU-related entries from the report. CPU
entries include the following event types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Exclude device error entries from the report.
ERRORS
ENVIRONMENTAL_ Exclude environmental entries from the report.
ENTRIES
MACHINE_ Exclude machine check entries from the report.
CHECKS
MEMORY Exclude memory errors from the report.
SNAPSHOT_ Exclude snapshot entries from the report.
ENTRIES
SYNDROME Exclude firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Exclude device timeout entries from the report.
UNKNOWN_ Exclude any entry that had either an unknown event
ENTRIES type or an unknown device type or class.
UNSOLICITED_ Exclude unsolicited MSCP entries from the output
MSCP report.
VOLUME_ Exclude volume mount and dismount entries from the
CHANGES report.
4.1.3.2.4 /INCLUDE
/INCLUDE=event-class[,...]
Includes the specified event class or classes in the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Select device attention entries.
BUGCHECKS Select all types of bugcheck entries.
CONFIGURATION Select system configuration entries.
CONTROL_ Select control entries. Control entries include
ENTRIES the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Select CPU-related entries. CPU entries include
the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Select device error entries.
ERRORS
ENVIRONMENTAL_ Select environmental entries.
ENTRIES
MACHINE_ Select machine check entries.
CHECKS
MEMORY Select memory errors.
SNAPSHOT_ Select snapshot entries.
ENTRIES
SYNDROME Select firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Select device timeout entries.
UNKNOWN_ Select any entry that has an unknown entry
ENTRIES class.
UNSOLICITED_ Select unsolicited MSCP entries.
MSCP
VOLUME_ Select volume mount and dismount entries.
CHANGES
4.1.3.2.5 /INTERACTIVE
/INTERACTIVE
/[NO]INTERACTIVE
Specifies whether or not ELV is to run in interactive shell mode.
By default, interactive shell mode results from the way ELV is
invoked.
4.1.3.2.6 /INVALID
Allows you to specify the name of a file to contain invalid
entries.
4.1.3.2.7 /LOG
/LOG
/NOLOG
Specifies whether or not ELV is to output control and
informational messages to the terminal. The default, /NOLOG,
does not output these messages to the terminal.
4.1.3.2.8 /NODE
/NODE=[node-name,...]
/NONODE=[node-name,...]
Includes or excludes events occurring on a specified node or
nodes from a report.
If you do not enter a node name, only events that occur on
the node on which you are running ELV are selected. (This is
important in a cluster.)
If you enter /NONODE without a value, events occurring on all
nodes that are represented in the error log file are processed.
4.1.3.2.9 /OUTPUT
/OUTPUT=[output-file]
Specifies that the output file is to contain OpenVMS dump-style
records for each event.
If you do not specify an output file name, the input file name
is used. If you do not specify a device and directory, the system
defaults to your current device and directory. If you do not
specify a file type, the default file type is .DMP.
4.1.3.2.10 /REJECTED
You can use the /REJECTED qualifier to include rejected events
in a report. (By default, only selected events are included in a
report.)
4.1.3.2.11 /SINCE
/SINCE=[date-time]
Specifies that only those events dated later than the stated date
and time are to be selected for the report.
You can use date-time to limit the report to those events dated
later than the specified time. You can specify an absolute time,
a delta time, or a combination of absolute and delta times. See
the OpenVMS User's Manual for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.3.3 – Examples
1.ELV> DUMP ERROR_LOG.SYS
The command in this example creates a dump file named ERROR_
LOG.DMP that contains OpenVMS dump-style records.
2.ELV> DUMP/OUTPUT=OUTFILE.OUT
The command in this example creates a dump file named
OUTFILE.OUT that contains OpenVMS dump-style records.
3.ELV> DUMP/INVALID
The command in this example creates a dump file with the
default name of ERRLOG.DMP that contains OpenVMS dump-style
records of invalid events.
4.ELV> DUMP/INVALID/OUTPUT=OUTFILE.OUT
The command in this example creates a dump file named
OUTFILE.OUT that contains OpenVMS dump-style records of invalid
events.
4.1.4 – EXIT
Stops the execution of ELV and returns control to the DCL command
level. You can also enter Ctrl/Z to perform the same function.
Format
EXIT
4.1.4.1 – Example
ELV> EXIT
$
The command in this example terminates the ELV session and
returns control to the DCL command level.
4.1.5 – TRANSLATE
Performs a bit-to-text translation of one or more binary error
log files.
Format
TRANSLATE [input-file,...]
4.1.5.1 – Parameter
input-file
Supplies one or more names of binary error log files to be
translated.
If you do not specify an input file name, the default input file
name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
and directory, the system defaults to your current device and
directory. If you do not specify a file name, the default file
name is ERRLOG. If you do not specify a file type, the default
file type is .SYS.
4.1.5.2 – Qualifiers
4.1.5.2.1 /BEFORE
/BEFORE=date-time
Specifies that only those events dated earlier than the stated
date and time are to be selected for the report.
Date-time specifies that only those events dated earlier than
the stated date and time are to be selected for the report. You
can specify an absolute time, a delta time, or a combination of
absolute and delta times. See the OpenVMS System Manager's Manual
for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.5.2.2 /BRIEF
Specifies that ELV is to generate a brief report. A brief report
is equivalent to using /DETAIL=LOW.
Do not use the /BRIEF qualifier with /DETAIL, /FULL, /ONE_LINE,
or /SUMMARY.
4.1.5.2.3 /DETAIL
/DETAIL=[keyword]
Specifies the detail level of the generated report.
Do not use the /DETAIL qualifier with /BRIEF, /FULL, /ONE_LINE,
or /SUMMARY. The keyword denotes the level of detail for the
generated report. Keywords are the following:
Keyword Description
MINIMUM Contains only the minimum amount of information.
LOW Is the equivalent of a /BRIEF report.
MEDIUM Is the default type of report.
HIGH Is the equivalent of a /FULL report.
MAXIMUM Contains the maximum amount of information.
4.1.5.2.4 /ENTRY
/ENTRY=keyword[,...]
Generates a report that includes the specified entry range or
starts at the specified entry number. You can specify one or
both keywords:
Keyword Description
START:decimal-value Indicates the start of a range of entries
in a report.
END:decimal-value Indicates the end of a range of entries
in a report.
Usage Notes:
o You can specify one or both of these parameters. If you
specify both parameters, you must enclose them in parentheses.
o If you specify /ENTRY without the entry range or omit the
qualifier, the entry range defaults to START:1,END:end-of-
file.
4.1.5.2.5 /EXCLUDE
/EXCLUDE=event-class[,...]
Excludes the specified event class or classes from the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Exclude device attention entries from the report.
BUGCHECKS Exclude all types of bugcheck entries from the
report.
CONFIGURATION Exclude system configuration entries from the
report.
CONTROL_ Exclude control entries from the report. Control
ENTRIES entries include the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Exclude CPU-related entries from the report. CPU
entries include the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Exclude device error entries from the report.
ERRORS
ENVIRONMENTAL_ Exclude environmental entries from the report.
ENTRIES
MACHINE_ Exclude machine check entries from the report.
CHECKS
MEMORY Exclude memory errors from the report.
SNAPSHOT_ Exclude snapshot entries from the report.
ENTRIES
SYNDROME Exclude firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Exclude device timeout entries from the report.
UNKNOWN_ Exclude any entry that had either an unknown entry
ENTRIES type or an unknown device type or class.
UNSOLICITED_ Exclude unsolicited MSCP entries from the output
MSCP report.
VOLUME_ Exclude volume mount and dismount entries from the
CHANGES report.
4.1.5.2.6 /FULL
Specifies that ELV is to generate a full report. A full report is
equivalent to using /DETAIL=HIGH.
Do not use the /FULL qualifier with /BRIEF, /DETAIL, ONE_LINE, or
/SUMMARY.
4.1.5.2.7 /INCLUDE
/INCLUDE=event-class[,...]
Includes the specified event class or classes in the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Select device attention entries.
BUGCHECKS Select all types of bugcheck entries.
CONFIGURATION Select system configuration entries.
CONTROL_ Select control entries. Control entries include
ENTRIES the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Select CPU-related entries. CPU entries include
the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Select device error entries.
ERRORS
ENVIRONMENTAL_ Select environmental entries.
ENTRIES
MACHINE_ Select machine check entries.
CHECKS
MEMORY Select memory errors.
SNAPSHOT_ Select snapshot entries.
ENTRIES
SYNDROME Select firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Select device timeout entries.
UNKNOWN_ Select any entry that has an unknown entry
ENTRIES class.
UNSOLICITED_ Select unsolicited MSCP entries.
MSCP
VOLUME_ Select volume mount and dismount entries.
CHANGES
4.1.5.2.8 /INTERACTIVE
/INTERACTIVE
/[NO]INTERACTIVE
Specifies whether or not ELV is to run in interactive shell mode.
By default, interactive shell mode results from the way ELV is
invoked.
4.1.5.2.9 /LOG
/LOG
/NOLOG
Specifies whether or not ELV is to output control and
informational messages to the terminal. The default, /NOLOG,
does not output these messages to the terminal.
4.1.5.2.10 /NODE
/NODE=[node-name,...]
/NONODE=[node-name,...]
Includes or excludes events occurring on a specified node or
nodes from a report.
If you do not enter a node name, only events that occur on
the node on which you are running ELV are selected. (This is
important in a cluster.)
If you enter /NONODE without a value, events occurring on all
nodes that are represented in the error log file are processed.
4.1.5.2.11 /ONE_LINE
Specifies that a one-line-per-event report be generated instead
of a standard report.
Do not use /ONE_LINE with /BRIEF, /DETAIL, /FULL, or /SUMMARY
qualifiers.
4.1.5.2.12 /OUTPUT
/OUTPUT=[output-file]
Specifies that the output file is to contain a bit-to-text
translations of events.
By default, output is written to SYS$OUTPUT. If you do not
specify an output file name, the input file name is used. If
you do not specify a device and directory, the system defaults to
your current device and directory. If you do not specify a file
type, the default file type is .LIS.
4.1.5.2.13 /PAGE
/PAGE
/NOPAGE
Specifies whether or not to enable paged output of the generated
report.
4.1.5.2.14 /REJECTED
You can use the /REJECTED qualifier to include rejected events
in a report. (By default, only selected events are included in a
report.)
4.1.5.2.15 /SINCE
/SINCE=[date-time]
Specifies that only those events dated later than the stated date
and time are to be selected for the report.
You can use date-time to limit the report to those events dated
later than the specified time. You can specify an absolute time,
a delta time, or a combination of absolute and delta times. See
the OpenVMS User's Manual for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.5.2.16 /SUMMARY
Specifies that a summary report is to be generated rather than a
standard report.
Do not use /SUMMARY with /BRIEF, /DETAIL, /FULL, ONE_LINE, or
/TERSE qualifiers.
4.1.5.2.17 /TERSE
Specifies that the data is to be displayed in a less interpreted
format, regardless of detail level.
/TERSE has no effect when used with ONE_LINE or /SUMMARY. You can
use /TERSE with /BRIEF, /DETAIL, or /FULL, which use a default
display. (/ONE_LINE and /SUMMARY do not use the same default
display.)
4.1.5.3 – Examples
1.ELV> TRANSLATE /BEFORE=24-MAY-2002:04:51:33.87 ERRLOG.SYS;42
For this example, the default report produced for ERRLOG.SYS;42
contains all entries that were logged before 4:51 on May 24,
2002.
2.ELV> TRANSLATE /BRIEF ERRLOG.SYS;42
The command in this example generates a brief report.
3.ELV> TRANSLATE /DETAIL=LOW ERRLOG.SYS;42
The command in this example generates a report with a LOW level
of detail.
4.ELV> TRANSLATE /ENTRY=END:18 ERRLOG.SYS;42
The command in this example shows how to display entries before
a specified entry in a sequence.
5.ELV> TRANSLATE /ENTRY=(START:18,END:37) ERRLOG.SYS;42
The command in this example shows how to display entries within
a specified entry range.
6.ELV> TRANSLATE /EXCLUDE=DEVICE_ERRORS ERRLOG.SYS;42
The command in this example shows how to exclude the DEVICE_
ERRORS entry type from a report.
7.ELV> TRANSLATE /FULL ERRLOG.SYS;42
The command in this example generates a full report.
8.ELV> TRANSLATE /INCLUDE=(VOLUME_CHANGES, CPU_ENTRIES,
BUGCHECKS)
ERRLOG.SYS;42
The command in this example shows how to select VOLUME_
CHANGES, CPU_ENTRIES, and BUGCHECKS entry types.
9.ELV> TRANSLATE /INTERACTIVE ERRLOG.SYS
The command in this example enables interactive shell mode
after translating ERRLOG.SYS. (The default, NOINTERACTIVE,
returns you to the DCL prompt.)
10. ELV> TRANSLATE /LOG ERRLOG.SYS
This example shows how to enable the logging of control and
informational messages.
11. ELV> TRANSLATE /NONODE=(BEAVIS, BUTTHD) ERRLOG.SYS
The command in this example generates a report containing all
events except those occurring on nodes BEAVIS and BUTTHD.
12. ELV> TRANSLATE /ONE_LINE ERRLOG.SYS
The command in this example requests ELV to produce a one-line-
per-event report instead of a standard report.
13. ELV> TRANSLATE /OUTPUT=ERRLOG.DAT;3 ERRLOG.SYS;42
This example creates a binary file named ERRLOG.DAT. If a
version number is specified, as in this example, and a file
with the same name and version number does not exist, then the
binary file will be created with the specified version number.
14. ELV> TRANSLATE /PAGE ERRLOG.SYS
This example shows how to generate a paged report.
15. ELV> TRANSLATE /SINCE="24-MAY-2002 04:51:33.87" ERRLOG.SYS;42
For this example, the default report produced for ERRLOG.SYS;42
contains all entries that were logged after 4:51 on May 24,
2002.
16. ELV> TRANSLATE /SUMMARY ERRLOG.SYS
This example shows how to generate a summary report.
17. ELV> TRANSLATE /TERSE ERRLOG.SYS
This example shows how to generate a terse report.
4.1.6 – WRITE
Performs an image copy of events from one or more binary error
log files.
Format
WRITE [input-file,...]
4.1.6.1 – Parameter
input-file
Supplies one or more names of binary error log files from which
events are to be copied to a new binary error log file.
If you do not specify an input file name, the default input file
name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
and directory, the system defaults to your current device and
directory. If you do not specify a file name, the default file
name is ERRLOG. If you do not specify a file type, the default
file type is .SYS.
4.1.6.2 – Qualifiers
4.1.6.2.1 /BEFORE
/BEFORE=date-time
Specifies that only those events dated earlier than the stated
date and time are to be selected for the report.
Date-time specifies that only those events dated earlier than
the stated date and time are to be selected for the report. You
can specify an absolute time, a delta time, or a combination of
absolute and delta times. See the OpenVMS System Manager's Manual
for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.6.2.2 /ENTRY
/ENTRY=keyword[,...]
Generates a report that includes the specified entry range or
starts at the specified entry number. You can specify one or
both keywords:
Keyword Description
START:decimal-value Indicates the start of a range of entries
in a report.
END:decimal-value Indicates the end of a range of entries
in a report.
Usage Notes:
o You can specify one or both of these parameters. If you
specify both parameters, you must enclose them in parentheses.
o If you specify /ENTRY without the entry range or omit the
qualifier, the entry range defaults to START:1,END:end-of-
file.
4.1.6.2.3 /EXCLUDE
/EXCLUDE=event-class[,...]
Excludes the specified event class or classes from the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Exclude device attention entries from the report.
BUGCHECKS Exclude all types of bugcheck entries from the
report.
CONFIGURATION Exclude system configuration entries from the
report.
CONTROL_ Exclude control entries from the report. Control
ENTRIES entries include the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Exclude CPU-related entries from the report. CPU
entries include the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Exclude device error entries from the report.
ERRORS
ENVIRONMENTAL_ Exclude environmental entries from the report.
ENTRIES
MACHINE_ Exclude machine check entries from the report.
CHECKS
MEMORY Exclude memory errors from the report.
SNAPSHOT_ Exclude snapshot entries from the report.
ENTRIES
SYNDROME Exclude firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Exclude device timeout entries from the report.
UNKNOWN_ Exclude any entry that had either an unknown entry
ENTRIES type or an unknown device type or class.
UNSOLICITED_ Exclude unsolicited MSCP entries from the output
MSCP report.
VOLUME_ Exclude volume mount and dismount entries from the
CHANGES report.
4.1.6.2.4 /INCLUDE
/INCLUDE=event-class[,...]
Includes the specified event class or classes in the report. Do
not use the /EXCLUDE qualifier with /INCLUDE.
For event-class, specify one or more of the keywords shown in the
following table. If you specify more than one keyword, you must
use a comma-separated list of values enclosed in parentheses.
Keyword Description
ATTENTIONS Select device attention entries.
BUGCHECKS Select all types of bugcheck entries.
CONFIGURATION Select system configuration entries.
CONTROL_ Select control entries. Control entries include
ENTRIES the following entry types:
o System power failure restarts
o Time stamps
o System startups
o $SNDERR messages (system service to send
messages to error log)
o Operator messages
o Network messages
o ERRLOG.SYS created
CPU_ENTRIES Select CPU-related entries. CPU entries include
the following entry types:
o SBI alerts/faults
o Undefined interrupts
o MBA/UBA adapter errors
o Asynchronous write errors
o UBA errors
DEVICE_ Select device error entries.
ERRORS
ENVIRONMENTAL_ Select environmental entries.
ENTRIES
MACHINE_ Select machine check entries.
CHECKS
MEMORY Select memory errors.
SNAPSHOT_ Select snapshot entries.
ENTRIES
SYNDROME Select firmware-generated entries that describe
a symptom set used by VSI support personnel to
identify problems.
TIMEOUTS Select device timeout entries.
UNKNOWN_ Select any entry that has an unknown entry
ENTRIES class.
UNSOLICITED_ Select unsolicited MSCP entries.
MSCP
VOLUME_ Select volume mount and dismount entries.
CHANGES
4.1.6.2.5 /INTERACTIVE
/INTERACTIVE
/[NO]INTERACTIVE
Specifies whether or not ELV is to run in interactive shell mode.
By default, interactive shell mode results from the way ELV is
invoked.
4.1.6.2.6 /LOG
/LOG
/NOLOG
Specifies whether or not ELV is to output control and
informational messages to the terminal. The default, /NOLOG,
does not output these messages to the terminal.
4.1.6.2.7 /NODE
/NODE=[node-name,...]
/NONODE=[node-name,...]
Includes or excludes events occurring on a specified node or
nodes from a report.
If you do not enter a node name, only events that occur on
the node on which you are running ELV are selected. (This is
important in a cluster.)
If you enter /NONODE without a value, events occurring on all
nodes that are represented in the error log file are processed.
4.1.6.2.8 /OUTPUT
/OUTPUT=[output-file]
Specifies that the output file is to contain image copies of
events.
If you do not specify an output file name, the input file name
is used. If you do not specify a device and directory, the system
defaults to your current device and directory. If you do not
specify a file type, the default file type is .DAT.
4.1.6.2.9 /REJECTED
You can use the /REJECTED qualifier to include rejected events
in a report. (By default, only selected events are included in a
report.)
4.1.6.2.10 /SINCE
/SINCE=[date-time]
Specifies that only those events dated later than the stated date
and time are to be selected for the report.
You can use date-time to limit the report to those events dated
later than the specified time. You can specify an absolute time,
a delta time, or a combination of absolute and delta times. See
the OpenVMS User's Manual for details on specifying times.
If you omit a date and time, TODAY is used.
4.1.6.3 – Examples
1.ELV> WRITE ERROR_LOG.SYS
The command in this example copies events in ERROR_LOG.SYS to
ERROR_LOG.DAT.
2.ELV> WRITE/OUTPUT
The command in this example copies events in the default file
ERRLOG.SYS to ERRLOG.DAT.
3.ELV> WRITE/OUTPUT=OUTFILE.OUT
The command in this example copies events in the default file
ERRLOG.SYS to OUTFILE.OUT.
5 /IMAGE
Analyzes the contents of an executable image file or a shareable
image file on OpenVMS VAX and Alpha systems, and an Executable
and Linkable Format (ELF) image file or sharable image file on
OpenVMS I64 systems, identifying obvious errors in the file. This
analysis includes translated images on I64 and Alpha systems. The
/IMAGE qualifier is required.
For general information about image files, refer to the
description of the linker in the VSI OpenVMS Linker Utility
Manual. (Use the ANALYZE/OBJECT command to analyze the contents
of an object file.)
Format
ANALYZE/IMAGE filespec[,...]
5.1 – Parameter
filespec[,...]
Specifies the name of one or more image files that you want
analyzed. You must specify at least one file name. If you specify
more than one file, separate the file specifications with either
commas (,) or plus signs (+). The default file type is .EXE.
The asterisk (*) and percent sign (%) wildcard characters are
allowed in the file specification.
5.2 – Description
The ANALYZE/IMAGE command provides a description of the
components of an executable image file or shareable image file on
OpenVMS VAX and Alpha systems, and of an Executable and Linkable
Format (ELF) image file or sharable image file on OpenVMS I64
systems. It also verifies that the structure of the major parts
of the image file is correct. However, the ANALYZE/IMAGE command
cannot ensure that program execution is error free.
On OpenVMS I64 systems, the ANALYZE/IMAGE command automatically
distinguishes between I64, Alpha, and VAX images by examining the
header information.
If errors are found, the first error of the worst severity is
returned. For example, if a warning (A) and two errors (B and
C) are found, the first error (B) is returned as the image exit
status. The image exit status is placed in the DCL symbol $STATUS
at image exit.
NOTES
For I64 images and objects, the Analyze utility determines
whether the file it analyzes is an image file or object
file. Although Analyze allows you to specify ANALYZE/OJBECT
on an ELF image file, use ANALYZE/IMAGE for ELF image files
and ANALYZE/OJBECT for ELF object files.
When parsing output from ANALYZE/IMAGE, be aware that the
output for ELF images may change.
When using ANALYZE without a qualifier, the default is /OBJECT.
Therefore, when using this default to analyze an image in the
output file, the utility correctly identifies itself as "Analyze
Object File".
The OpenVMS VAX and Alpha versions of ANALYZE/IMAGE do not have
the capability of analyzing all non-platform images. For example,
ANALYZE/IMAGE cannot analyze I64 images on VAX or Alpha images on
older versions of VAX.
When you analyze I64 images on I64 platforms, ANALYZE/IMAGE
accepts VAX-only or Alpha-only qualifiers, but ignores any effect
of these qualifiers.
Depending on the platform, the ANALYZE/IMAGE command
distinguishes I64 images from VAX and ALpha images by examining
the meta information (e.g., ELF, EIHD, or IHD).
The ANALYZE/IMAGE command provides the following information for
image files:
o Image architecture and type - The OpenVMS platform and whether
the image is executable or shareable.
o Image name - The name of the image or shareable image.
o Image identification - The identification given in a link
operation.
o Creating linker identification - The linker that generated the
image.
o Link date and time - The date and time of the link operation.
o Image transfer addresses - The addresses to which control is
passed at image execution time.
o Image version - The revision level (major ID and minor ID) of
the image.
o Location and size of the image's symbol vector (Alpha and I64
only).
o List of required sharable images - The dependencies on
sharable images.
o Location of the debugger symbol table (DST)-Identifies the
location of the DST in the image file. DST information is
present only in executable images that have been linked with
the /DEBUG or the /TRACEBACK command qualifier. (VAX and Alpha
only.)
o Location and interpretation of the debug and traceback
information - The sections that contain the information and
formats the data (DWARF) (I64 only).
o Location of the global symbol table (GST)- The location of
the GST in the image file. GST information is present only in
shareable image files. (VAX and Alpha only.)
o Location of the global symbol table (.symtab) - The location
of the GST in the image file. GST informaton is present only
in sharable image files (I64 only.)
o Patch information-Indicates whether the image has been patched
(changed without having been recompiled or reassembled and
relinked). If a patch is present, the actual patch code can be
displayed. (VAX and Alpha only.)
o Image section descriptors (ISD)-Identify portions of the image
binary contents that are grouped in OpenVMS Cluster systems
according to their attributes. An ISD contains information
that the image activator needs when it initializes the address
space for an image. For example, an ISD tells whether the ISD
is shareable, whether it is readable or writable, whether it
is based or position independent, and how much memory should
be allocated. (VAX only.)
o Summary of internal tables - Lists the program segments and
sections of which the image consists. (I64 only.)
o Fixup vectors-Contain information that the image activator
needs to ensure the position independence of shareable image
references. (VAX and Alpha only.)
o Fixup information-Information that the image activator
needs to ensure the position independence of sharable image
references. (I64 only.)
o System version categories-For an image that is linked against
the executive (the system shareable image on I64 and Alpha or
the system symbol table on VAX), displays both the values of
the system version categories for which the image was linked
originally and the values for the system that is currently
running. You can use these values to identify changes in the
system since the image was linked last.
The ANALYZE/IMAGE command has command qualifiers and positional
qualifiers. For VAX and Alpha images, by default, if you do not
specify any positional qualifiers (for example, /GST or /HEADER),
the entire image is analyzed. If you do specify a positional
qualifier, the analysis excludes all other positional qualifiers
except the /HEADER qualifier (which is always enabled) and any
qualifier that you request explicitly.
The default behavior for analyzing ELF images differs from the
behavior for analyzing Alpha or VAX images. For ELF images,
a summary of the major ELF tables is displayed. With this
information, you can select specific segments and/or sections for
analysis. To locate errors, analyze the entire image by selecting
all sections and segments.
5.3 – Qualifiers
5.3.1 /FIXUP_SECTION
/FIXUP_SECTION (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all information in the
fixup section of the image.
If you specify the /FIXUP_SECTION qualifier after the
ANALYZE/IMAGE command, the fixup section of each image file in
the parameter list is analyzed.
If you specify the /FIXUP_SECTION qualifier after a file
specification, only the information in the fixup section of that
image file is analyzed.
5.3.2 /FLAGVALUES
/FLAGVALUES (I64 only)
Several fields in an ELF module represent bit flags. Where
possible, these bit-flag values are examined and displayed
individually. By default, only the flag values that are set to
1 (ON) are displayed.
The keywords are as follows:
Keyword Description
ON The keyword ON displays all flags whose value is 1.
OFF The keyword OFF displays all flags whose value is 0.
ALL The keyword ALL displays all flag values. The keywords
ON and OFF, in contrast, indicate the value of each
specific flag bit.
5.3.3 /GST
/GST (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all global symbol
table records. This qualifier is valid only for shareable images.
If you specify the /GST qualifier after the ANALYZE/IMAGE
command, the global symbol table records of each image file in
the parameter list are analyzed.
If you specify the /GST qualifier after a file specification,
only the global symbol table records of that file are analyzed.
5.3.4 /HEADER
/HEADER (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all header items and
image section descriptions. The image header items are always
analyzed.
5.3.5 /INTERACTIVE
/INTERACTIVE
/NOINTERACTIVE (default)
Specifies whether the analysis is interactive. In interactive
mode, as each item is analyzed, the results are displayed on the
screen and you are asked whether you want to continue.
5.3.6 /MODULE
/MODULE [=(module_name[,...]) ] (I64 only)
Selectively formats debug or traceback information for the named
module or list of modules. You must request debug or traceback
information by using the /SECTIONS qualifier with keywords ALL,
DEBUG or TRACE. If debug or traceback information is selectively
formatted, then the module name is a subselection.
If you do not specify a module name, only debug or traceback meta
information about the available modules is printed. In this case,
any other debug or traceback selection is deactivated.
NOTE
This qualifier is only valid for ANALYZE/IMAGE. Although
ANALYZE/OBJECT can be used to format I64 images, Analyze
rejects the /MODULE qualifier.
5.3.7 /OUTPUT
/OUTPUT=filespec
Identifies the output file for storing the results of the image
analysis. The asterisk (*) and the percent sign (%) wildcard
characters are not allowed in the file specification. If you
specify a file type and omit the file name, the default file
name ANALYZE is used. The default file type is .ANL. If you omit
the qualifier, the results are output to the current SYS$OUTPUT
device.
5.3.8 /PAGE_BREAK
/PAGE_BREAK=keyword (I64 only)
Specifies if and where page breaks (form feeds) are inserted in
the report file. This qualifier is only useful if /OUTPUT is used
to write a report file. It is ignored if /INTERACTIVE is used to
specify an interactive analysis.
Keywords include NONE, which sets no page breaks; PRINTABLE_
REPORT, which creates page breaks as in listing files, and
SEPARATE_INFORMATION, which sets page breaks between section
information.
5.3.9 /PATCH_TEXT
/PATCH_TEXT (VAX only)
Positional qualifier.
Specifies that the analysis include all patch text records. If
you specify the /PATCH_TEXT qualifier after the ANALYZE/IMAGE
command, the patch text records of each image file in the
parameter list are analyzed.
If you specify the /PATCH_TEXT qualifier after a file
specification, only the patch text records of that file are
analyzed.
5.3.10 /SECTIONS
/SECTIONS [=(keyword[,...])] (I64 only)
Selects individual program sections or section types to display.
NOTE
This qualifier and its keywords can only be used to form an
inclusion list of sections to be displayed. This qualifier
is not negatable and cannot be used to form an exclusion
list. If no values are specified, the default keyword is
HEADERS.
The keywords are as follows:
Keyword Description
ALL Displays a detailed analysis of every section
in the module. Note that this keyword can
generate a large amount of output.
CODE Displays all of all sections of type SHT_
PROGBITS where the executable flag is set
(SHDR$M_SHF_EXECINSTR in the section header).
The section data will be displayed as machine
instructions.
DEBUG Analyzes and displays sections consisting
[=(suffix[,...])] of DWARF formatted debug information. In
addition, you can use a list of debug section
name suffixes to selectively format DEBUG
information.
EXTENSIONS Analyzes and displays sections of type SHT_
IA64_EXT. The data is displayed in hexadecimal
format.
GROUP Analyzes and displays sections of type SHT_
GROUP. Sections of this type consist of a list
of the section numbers of sections belonging
to that group.
HEADERS The default keyword. Displays the ELF header
and the section header details.
LINKAGES Analyzes and displays sections of type SHT_
VMS_LINKAGES.The data is displayed as a list
of linkage descriptors.
NOBITS Analyzes and displays sections of type SHT_
NOBITS. There is no module data associated
with sections of this type.
NOTE Analyzes and displays sections of type SHT_
NOTE. The data for this section is displayed
as a list of formatted OpenVMS note entries.
NULL Displays all sections of type PT_NULL. No a
data will be displayed for segments of this
type.
NUMBERS= Displays individual sections, as follows:
(number [,...])
o The selected sections will have a detailed
display of their header and their contents.
An informational message is displayed for
section numbers that do not exist in the
module.
o One or more numeric values may be
specified.
o Section numbers may be specified in
decimal, octal (using the %O prefix), or
hexadecimal (using the %X prefix).
STRTAB Analyzes and displays sections of type SHT_
STRTAB. The data for this section is displayed
as a string table.
SYMTAB Displays sections of type SHT_SYMTAB. The
data for this section is displayed as a symbol
table.
SYMBOL_VECTOR Sections of this type will only appear in
sharable image files. If present, they point
to the same data as the dynamic segment DT_
VMS_SYMVEC tags.
TRACE Analyzes and displays sections consisting of
[=(suffix[,...])] traceback information. In addition, you can
use a list of trace section name suffixes to
selectively format TRACE information.
UNWIND Analyzes and displays sections of type SHT_
IA64_UNWIND. Each section of this type has an
associated Unwind Information section of type
SHT_PROGBITS. This associated section is also
displayed.
5.3.11 /SEGMENTS
/SEGMENTS [=(keyword[,...])] (I64 only)
Selects individual program segments or program segments of a
specified type to be displayed.
NOTE
This qualifier and its keywords can only be used to form an
inclusion list of segments to be displayed. This qualifier
is not negatable and cannot be used to form an exclusion
list. If no values are specified, the default keyword is
HEADERS.
The keywords are as follows:
Keyword Description
ALL Analyzes and displays information for every program
segment. Note that this can generate a large amount of
output.
CODE Analyzes and displays all executable segments
(PHDR$M_PF_X bit set in the segment header). Segment
data is displayed as machine instructions.
DYNAMIC Analyzes and displays the segment of type PT_DYNAMIC.
EXTENSIONS Analyzes and displays segments of type IA_64_ARCHEXT.
HEADERS The default keyword. Analyzes and displays the ELF
header and segment header details.
LOAD Analyzes and displays segments of type PT_LOAD. If the
segment header indicates this is an executable segment
(PHDR$M_PF_X bit set in the segment header), the
contents will be formatted as machine instructions,
otherwise the contents are formatted as hexadecimal
data.
NULL Analyzes and displays segments of type PT_NULL. No a
data will be displayed for segments of this type.
NUMBERS= Analyzes and displays individual segments, as follows:
(number
[,...]) o The selected segments have a detailed display of
header and content information. For section numbers
that do not exist in the module, an informational
message is displayed.
o One or more numeric values may be specified.
o Segment numbers may be specified in decimal, octal
(using the %O prefix), or hexadecimal (using the %X
prefix).
5.3.12 /SELECT
/SELECT=(keyword[,...])
Allows for the collection of specific image file information and
displays the selected keyword items in the order specified.
Analyze creates DCL symbols for all selectable information with
the /SELECT qualifier. The symbol names consist of the prefix
ANALYZE$ and a descriptive name of the information they hold.
The symbol value is the selected information, usually printed
to SYS$OUTPUT. Effectively, all of the printed information
is duplicated in the symbols. For unselected information, the
corresponding symbols will contain the null string.
The keywords are as follows:
Keyword Description
ARCHITECTURE Writes the architecture information into the DCL
symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS
IA64" if the file is an OpenVMS I64 image file.
Returns "OpenVMS Alpha" if the file is an OpenVMS
Alpha image file. Returns "OpenVMS VAX" if the
file is an OpenVMS VAX image file.
BUILD_ Writes build identification information into
IDENTIFICATION the DCL symbol ANALYZE$BUILD_IDENTIFICATION.
For OpenVMS I64 and Alpha image files, returns
the image build identification stored in the
image file, enclosed in quotation marks. For
OpenVMS VAX image files, the null string that
is represented by adjacent quotation marks is
returned.
FILE_TYPE Writes file type information into the DCL symbol
ANALYZE$FILE_TYPE. Returns "Image" if the file is
an OpenVMS I64, Alpha, or VAX image file.
IDENTIFICATION The possible keywords are as follows:
[=keyword]
o IMAGE (default) - Writes the image
identification information into the DCL symbol
ANALYZE$IDENTIFICATION. Returns the image
identification that is stored in the image
file, enclosed in quotation marks. Otherwise,
returns "Unknown".
o LINKER - Writes the linker identification
information into the DCL symbol
ANALYZE$LINKER_IDENTIFICATION. Returns the
identification of the linker used to link the
image.
IMAGE_TYPE Writes image type information into the DCL
symbol ANALYZE$IMAGE_TYPE. Returns "Shareable"
if the file is a shareable image file.
Returns "Executable" if the file is either an
OpenVMS I64, Alpha, or OpenVMS VAX executable
(nonshareable) image file.
LINK_TIME Writes link time information into the DCL symbol
ANALYZE$LINK_TIME. For image files, returns the
image link time that is stored in the image file,
enclosed in quotation marks.
NAME Writes link time information into the DCL symbol
ANALYZE$NAME. For image files, returns the image
name that is stored in the image file, enclosed
in quotation marks.
VERSION_ Writes the system and component version numbers
NUMBERS into DCL symbols. The DCL symbol names and
(Alpha and values are similar to the printed output of
I64 only) ANALYZE/IMAGE; that is, there is a symbol for
each component. The symbol names consist of the
prefix "ANALYZE$SYS$K_" and the component name
consists of "BASE_IMAGE", "MEMORY_MANAGEMENT",
and so forth. If the analyzed image depends on a
component, the component's version number saved
in the image is also in the corresponding DCL
symbol. The other DCL symbols contain an empty
string. The symbol value, the version, consists
of a major and minor version number, separated by
a dot and enclosed in parantheses.
In addition, if the image runs on the same
platform as Analyze, then the component's version
of the running system are stored in the DCL
symbols. Then, within the parentheses, the image
and system versions are separated by a slash.
In this case, both versions are compared. The
comparision is performed by an LEQUAL check for
major-/minor-IDs. If there is a mismatch, Analyze
prints an informational message. Note also that
the system version is saved in the DCL symbol of
the BASE_IMAGE component.
NOTE
The Analyze utility can work on several files. Because
there is only one set of DCL symbols, the symbols only
contain information from the last analyzed file. When an
error occurs, symbol values are undefined. Check for Analyze
errors first, then use the symbols.
5.4 – Examples
1.$ ANALYZE/IMAGE LINEDT
The ANALYZE/IMAGE command in this example produces a
description and an error analysis of the image LINEDT.EXE.
Output is sent to the current SYS$OUTPUT device.
2.$ ANALYZE/IMAGE/OUTPUT=LIALPHEX/FIXUP_SECTION/PATCH_TEXT
LINEDT, ALPRIN (VAX and Alpha only)
The ANALYZE/IMAGE command in this example produces a
description and an error analysis of the fixup sections
and patch text records of LINEDT.EXE and ALPRIN.EXE in file
LIALPHEX.ANL. Output is sent to the file LIALPHEX.ANL.
3.$ ANALYZE/IMAGE/SELECT=(ARCH,FILE,NAME,IDENT,BUILD,LINK) *.EXE
DISK:[DIRECTORY]ALPHA.EXE;1
OpenVMS ALPHA
Image
"Test image ALPHA"
"A11-27"
"X5SC-SSB-0000"
14-JUN-2004 07:16:19.24
DISK:[DIRECTORY]VAX.EXE;1
OpenVMS VAX
Image
"Test image VAX"
"V11-27"
""
15-JUN-2004 13:18:40:70
On an Alpha system, this example displays the information
requested about the executable files ALPHA.EXE and VAX.EXE.
4.$ ANALYZE/IMAGE/SELECT=(ARCHITECTURE,IDENT,NAME) HELLO 1
USER:[JOE]HELLO.EXE;1
OpenVMS IA64
"V1.0"
"HELLO"
$
$ SHOW SYMBOL ANALYZE$*
ANALYZE$ARCHITECTURE = "OpenVMS IA64"
ANALYZE$BUILD_IDENTIFICATION = ""
ANALYZE$FILE_TYPE = ""
ANALYZE$IDENTIFICATION = ""V1.0""
ANALYZE$IMAGE_TYPE = ""
ANALYZE$LINKER_IDENTIFICATION = ""
ANALYZE$LINK_TIME = ""
ANALYZE$NAME = ""HELLO""
$
$ ANALYZE/IMAGE/SELECT=(IDENT=(IMAGE,LINKER),IMAGE,LINK) HELLO 2
USER:[JOE]HELLO.EXE;1
"V1.0"
"Linker I01-54"
Executable
7-JUN-2004 11:47:08.10
$
$ SHOW SYMBOL ANALYZE$*
ANALYZE$ARCHITECTURE = ""
ANALYZE$BUILD_IDENTIFICATION = ""
ANALYZE$FILE_TYPE = ""
ANALYZE$IDENTIFICATION = ""V1.0""
ANALYZE$IMAGE_TYPE = "Executable"
ANALYZE$LINKER_IDENTIFICATION = ""Linker I01-54""
ANALYZE$LINK_TIME = " 7-JUN-2004 11:47:08.10"
ANALYZE$NAME = ""
$
$ ANALYZE/IMAGE/SELECT=FILE HELLO.* 3
USER:[JOE]HELLO.C;1
%ANALYZE-E-ILLFIL, Illegal file format encountered
USER:[JOE]HELLO.EXE;1
Image
USER:[JOE]HELLO.MAP;1
%ANALYZE-E-ILLFIL, Illegal file format encountered
USER:[JOE]HELLO.OBJ;1
Object
$
$ SHOW SYMBOL ANALYZE$*
ANALYZE$ARCHITECTURE = ""
ANALYZE$BUILD_IDENTIFICATION = ""
ANALYZE$FILE_TYPE = "Object"
ANALYZE$IDENTIFICATION = ""
ANALYZE$IMAGE_TYPE = ""
ANALYZE$LINKER_IDENTIFICATION = ""
ANALYZE$LINK_TIME = ""
ANALYZE$NAME =
$
This I64 example displays the information requested for the
executable file, HELLO.EXE. The following text is keyed to the
callout numbers at the ends of each ANALYZE/IMAGE command line
in the example:
1 Only the selected information can be found in the DCL
symbols. The information in the symbols is identical to
what is printed to SYS$OUTPUT, that is, if quoted strings
are printed there are quotes strings in the symbol.
2 If the new linker identification is selected, it is
necessary to use IDENT with a keyword list.
3 When using wildcards, errors in the analyzed file (for
example illegal file format errors) do not terminate
Analyze. Only the information from the last analyzed file
can be found in the DCL symbols.
6 /MEDIA
Invokes the Bad Block Locator utility (BAD), which analyzes
block-addressable devices and records the location of blocks that
cannot reliably store data. The /MEDIA qualifier is required. For
a complete description of BAD, including information about the
ANALYZE/MEDIA command and its qualifiers, see the OpenVMS Bad Block
Locator Utility Manual. This manual is posted with other archived
manuals on the OpenVMS Documentation website.
Format
ANALYZE/MEDIA device
device
Specifies the device that BAD will analyze. The device has the form:
ddcu: or logical-name
6.1 – Qualifiers
6.1.1 /BAD_BLOCKS
/BAD_BLOCKS[=LIST]
Adds the specified bad blocks to the detected bad block file
(DBBF). If the /BAD_BLOCK qualifier is specified along with the
/EXERCISE qualifier, the medium is tested once the bad blocks are
added to the DBBF.
If you do not specify a value for the /BAD_BLOCK qualifier, you are
prompted as follows:
BAD_BLOCKS =
In prompt mode, BAD reports any duplicate bad blocks.
Qualifier Value
List
Specifies the bad block locations to be added to the DBBF. Valid
codes for specifying bad block locations are:
Code Meaning
LBN Specifies the logical block number (LBN)
of a single bad block.
LBN:count Specifies a range of contiguous bad blocks
starting at the logical block number (LBN)
and continuing for "count" blocks.
SEC.TRK.CYL Specifies the physical disk address (sector,
track, and cylinder) of a single bad
sector. This code is valid only for last
track devices.
SEC.TRK.CYL:count Specifies a range of bad sectors starting
at the specified physical disk address
(sector, track, and cylinder) and
continuing for "count" sectors. This code
is valid only for last track devices.
You can specify these formats in any
integer combination or radix combination.
Note
The term "block" denotes a standard unit of 512
bytes, whereas the term "sector" denotes the
physical size of the device sector, which is not
always the same for all devices. For example, an
RL02 has a sector size of 256 bytes, while an RK07
has a standard sector size of 512 bytes.
6.1.2 /EXERCISE
/EXERCISE=(FULL,[NO]KEEP,PATTERN)
/NOEXERCISE (default)
Controls whether the media should actually be tested. You can
update the DBBF without erasing the contents of the volume by
using the /NOEXERCISE qualifier along with the /BAD_BLOCKS
qualifier.
Qualifier Keywords
FULL
Causes BAD to test the media using three test patterns (0s,
1s, and "worst case") instead of the default single "worst
case" pattern. The FULL keyword can be used only with
/EXERCISE. Note that the "worst case" test pattern always
remains on media tested with the /EXERCISE qualifier.
KEEP
Ensures the preservation of the current software detected bad
block file (SDBBF). The keep keyword is the default when
/NOEXERCISE is specified.
NOKEEP
Causes BAD to create a new SDBBF. The NOKEEP keyword is the
default when /EXERCISE is specified. This keyword cannot be
used with the /NOEXERCISE qualifier.
PATTERN=(value[,...])
Allows users to specify the value of a test pattern to be
used as "worst case". Up to an octaword of test pattern
data may be specified in decimal (%D), hexadecimal (%X),
or octal (%O) radixes. The default radix is decimal.
The pattern is specified in longwords. If two or more
longwords are specified, they must be enclosed in
parentheses and separated by commas.
6.1.3 /LOG
/LOG /NOLOG (default) Specifies whether a message is sent to the current SYS$OUTPUT device and SYS$ERROR, indicating the total number of bad blocks detected by BAD.
6.1.4 /OUTPUT
/OUTPUT[=filespec]
Specifies whether the contents of the DBBF are written to the
specified file. If you omit the /OUTPUT qualifier, no output
is generated.
If you specify /OUTPUT but omit the filespec, the contents of
the DBBF are written to the current SYS$OUTPUT device.
When you specify /OUTPUT, the /SHOW=AFTER qualifier is implied.
Qualifier Value
filespec
Identifies the output file for storing the results of the
medium analysis. If you specify a file type and omit the
file name, the default file name ANALYZE is used. The default
file type is ANL. If you omit the filespec, the results are
output to the current SYS$OUTPUT device.
No wildcard characters are allowed in the file specification.
6.1.5 /RETRY
/RETRY /NORETRY (default) Enables the device driver to retry soft errors.
6.1.6 /SHOW
/SHOW[=(keyword[,...])]
Lists the contents of the DBBF before or after (or both) the
medium is exercised or modified.
Qualifier Keywords
[NO]BEFORE,[NO]AFTER
Specifies whether the contents of the DBBF are listed before or
after (or both) the medium is exercised. After is the default.
6.2 – Examples
In examples 1 and 2, the contents of the data region on the medium
are not altered or destroyed; in examples 3, 4, and 5, all the data
on the medium is destroyed.
1. $ ANALYZE/MEDIA/BAD_BLOCKS=(4.4.4:3) DBA1:
The /BAD_BLOCKS qualifier in this example specifies a range of 3
bad blocks beginning at the physical disk address sector 4, track
4, cylinder 4. This range is added to the DBBF.
2. $ ANALYZE/MEDIA/LOG DBB1:
DEVICE DBB1: CONTAINS A TOTAL OF 340670 BLOCKS; 11 DEFECTIVE
BLOCKS DETECTED.
The command in this example requests BAD to report the total
number of bad blocks recorded in DBBFs for the disk mounted on
DBB1:. The medium is not exercised or altered in any way.
3. $ ANALYZE/MEDIA/EXERCISE/BAD_BLOCKS=(2) DBB1:
The command in this example adds the bad block specification to
the DBBF and then tests the media. The bad block in this example
is located at logical block number (LBN) 2.
4. $ ANALYZE/MEDIA/EXERCISE=KEEP DBA1:
This command tests the media while preserving the current SDBBF.
5. $ ANALYZE/MEDIA/EXERCISE/RETRY DBB1:
The command in this example directs the device driver to retry soft
errors.
7 /OBJECT
Analyzes the contents of an object file on OpenVMS VAX and Alpha
systems, and an Executable and Linkable Format (ELF) object
file on OpenVMS I64 systems, and identifies obvious errors. The
/OBJECT qualifier is required.
For general information about object files, refer to the
description of the linker in the VSI OpenVMS Linker Utility
Manual. (Use the ANALYZE/IMAGE command to analyze the contents
of an image file.)
Format
ANALYZE/OBJECT filespec[,...]
7.1 – Parameter
filespec[,...]
Specifies the object files or object module libraries you want
analyzed (the default file type is .OBJ). Use commas (,) or plus
signs (+) to separate file specifications. The asterisk (*) and
the percent sign (%) wildcard characters are allowed in the file
specification.
7.2 – Description
The ANALYZE/OBJECT command describes the contents of one or more
object modules contained in one or more files. It also performs
a partial error analysis. This analysis determines whether all
records in an object module conform in content, format, and
sequence to the specifications of the I64, Alpha, or VAX Object
Language.
On OpenVMS I64 systems, the ANALYZE/OBJECT command automatically
distinguishes I64, Alpha, and VAX objects by examining the format
of the object modules header.
ANALYZE/OBJECT is intended primarily for programmers compilers,
debuggers, or other software involving the operating system's
object modules. It checks that that the ELF object format (I64)
or the object language records (VAX and Alpha) generated by
the object modules are acceptable to the Linker utility, and
it identifies certain errors in the file. It also provides a
description of the records in the object file or object module
library. For more information on the linker and on the Alpha
and VAX object languages, refer to the VSI OpenVMS Linker Utility
Manual. Information on the I64 object format will be available in
a future release.
NOTES
For I64 images and objects, the Analyze utility determines
whether the file it analyzes is an image file or object
file. Although Analyze allows you to specify ANALYZE/IMAGE
on an ELF object file, use ANALYZE/IMAGE for ELF image files
and ANALYZE/OJBECT for ELF object files.
The OpenVMS VAX and OpenVMS Alpha versions of ANALYZE/OBJECT
are not fully capable of analyzing non-platform objects (for
example I64 objects on VAX or Alpha).
The output format of ANALYZE/OBJECT for ELF objects may
change. Further, the default behavior for analyzing ELF
objects differs from the behavior for analyzing Alpha or VAX
objects. For ELF objects, a summary of the major ELF tables
is displayed. With this information, you can select specific
sections for further analysis. To locate errors, the entire
object should be analyzed by selecting all sections.
When you analyze I64 objects on I64 platforms,
ANALYZE/OBJECT accepts either VAX- or Alpha-only qualifiers,
but ignores any effect of these qualifiers.
The ANALYZE/OBJECT command analyzes the object modules in order,
record by record, from the first to the last record in the object
module. Fields in each record are analyzed in order from the
first to the last field in the record. After the object module
is analyzed, you should compare the content and format of each
type of record to the required content and format of that record
as described by the OpenVMS I64, Alpha, or OpenVMS VAX Object
Language. This comparison is particularly important if the
analysis output contains a diagnostic message.
ANALYZE/OBJECT displays the following information for object
modules:
o Module architecture and type
o Module name
o Module version
o Module creation date and time
o Language processor creator
Linking an object module differs from analyzing an object module.
The object's contents are not interpreted; rather, only the meta
information is checked for consistancy. As a result, even if
the analysis is error free, the linking operation may not be. In
particular, the analysis does not check the following for VAX and
Alpha objects:
o That data arguments in TIR commands are in the correct format
o That "Store Data" TIR commands are storing within legal
address limits
Therefore, as a final check, you should still link an object
module whose analysis is error free.
If an error is found, however, the first error of the worst
severity that is discovered is returned. For example, if a
warning (A) and two errors (B and C) are signaled, then the first
error (B) is returned as the image exit status, which is placed
in the DCL symbol $STATUS at image exit.
ANALYZE/OBJECT uses positional qualifiers; that is, qualifiers
whose function depends on their position in the command line.
When a positional qualifier precedes all of the input files in
a command line, it affects all input files. For example, the
following command line requests that the analysis include the
global symbol directory records in files A, B, and C:
$ ANALYZE/OBJECT/GSD A,B,C
Conversely, when a positional qualifier is associated with only
one file in the parameter list, only that file is affected. For
example, the following command line requests that the analysis
include the global symbol directory records in file B only:
$ ANALYZE/OBJECT A,B/GSD,C
For VAX and Alpha objects, typically, all records in an object
module are analyzed. However, when the /DBG, /EOM, /GSD, /LNK,
/MHD, /TBT, or /TIR qualifier is specified, only the record types
indicated by the qualifiers are analyzed. All other record types
are ignored.
By default, the analysis includes all record types unless
you explicitly request a limited analysis using appropriate
qualifiers.
NOTE
For VAX and Alpha End-of-Module (EOM) records and module
header (MHD) records are always analyzed, no matter which
qualifiers you specify.
For I64 objects the Elf header, the section header table
and the note section are always analyzed, no matter which
qualifiers you specify.
7.3 – Qualifiers
7.3.1 /DISASSEMBLE
/DISASSEMBLE (I64 only)
Positional qualifier.
Displays all sections of type SHT_PROGBITS where the executable
flag is set (SHDR$M_SHF_EXECINSTR in the section header). The
section data will be displayed as machine instructions with
symbolization of labels, branch targets, and so on. All local and
global symbols from the symbol table are used for symbolization.
The output is similar to compiler generated machine code
listings.
NOTE
This qualifier is accepted only for objects. I64 images
contain only global symbols, if any at all. In addition,
output produced with this qualifier differs from output
produced by ANALYZE/OBJECT/SECTIONS=CODE, which provides
machine code output for the same sections, although without
symbolization.
7.3.2 /DBG
/DBG (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all debugger
information records. If you want the analysis to include debugger
information for all files in the parameter list, insert the /DBG
qualifier immediately following the /OBJECT qualifier. If you
want the analysis to include debugger information selectively,
insert the /DBG qualifier immediately following each of the
selected file specifications.
7.3.3 /EOM
/EOM (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should be limited to MHD records, EOM
records, and records explicitly specified by the command. If you
want this to apply to all files in the parameter list, insert the
/EOM qualifier immediately following the /OBJECT qualifier.
To make the /EOM qualifier applicable selectively, insert it
immediately following each of the selected file specifications.
NOTE
End-of-module records can be EOM or EOMW records. Refer to
the VSI OpenVMS Linker Utility Manual for more information.
7.3.4 /FLAGVALUES
/FLAGVALUES (I64 only)
Several fields in an ELF module represent bit flags. Where
possible, these bit-flag values are examined and displayed
individually. By default, only the flag values that are set to
1 (ON) are displayed.
The keywords are as follows:
Keyword Description
ON The keyword ON displays all flags whose value is 1.
OFF The keyword OFF displays all flags whose value is 0.
ALL The keyword ALL displays all flag values. The keywords
ON and OFF, in contrast, indicate the value of each
specific flag bit.
7.3.5 /GSD
/GSD (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all global symbol
directory (GSD) records.
If you want the analysis to include GSD records for each file
in the parameter list, specify the /GSD qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include GSD records selectively,
insert the /GSD qualifier immediately following each of the
selected file specifications.
7.3.6 /INCLUDE
/INCLUDE [=(module[,...])]
When the specified file is an object module library, use this
qualifier to list selected object modules within the library for
analysis. If you omit the list or specify an asterisk (*), all
modules are analyzed. If you specify only one module, you can
omit the parentheses.
7.3.7 /INTERACTIVE
/INTERACTIVE
/NOINTERACTIVE (default)
Controls whether the analysis occurs interactively. In
interactive mode, as each record is analyzed, the results are
displayed on the screen, and you are asked whether you want to
continue.
7.3.8 /LNK
/LNK (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all link option
specification (LNK) records.
If you want the analysis to include LNK records for each file
in the parameter list, specify the /LNK qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include LNK records selectively,
insert the /LNK qualifier immediately following each of the
selected file specifications.
7.3.9 /MHD
/MHD (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should be limited to MHD records,
EOM records, and records explicitly specified by the command.
If you want this analysis to apply to all files in the parameter
list, insert the /MHD qualifier immediately following the /OBJECT
qualifier.
To make the /MHD qualifier applicable selectively, insert
immediately following each of the selected file specifications.
7.3.10 /PAGE_BREAK
/PAGE_BREAK=keyword (I64 only)
Specifies if and where page breaks (form feeds) are inserted in
the report file. This qualifier is only useful if /OUTPUT is used
to write a report file. It is ignored if /INTERACTIVE is used to
specify an interactive analysis.
Keywords include NONE, which sets no page breaks; PRINTABLE_
REPORT, which creates page breaks as in listing files, and
SEPARATE_INFORMATION, which sets page breaks between section
information.
7.3.11 /OUTPUT
/OUTPUT [=filespec]
Directs the output of the object analysis (the default is
SYS$OUTPUT). If you specify a file type and omit the file name,
the default file name ANALYZE is used. The default file type is
.ANL.
The asterisk (*) and the percent sign (%) wildcard characters are
not allowed in the file specification.
7.3.12 /SECTIONS
/SECTIONS [=(keyword[,...])] (I64 only)
Selects individual program sections or section types to display.
NOTE
This qualifier and its keywords can only be used to form an
inclusion list of sections to be displayed. This qualifier
is not negatable and cannot be used to form an exclusion
list. If no values are specified, the default keyword is
HEADERS.
The keywords are as follows:
Keyword Description
ALL Displays a detailed analysis of every section
in the module. Note that this keyword can
generate a large amount of output.
CODE Displays all sections of type SHT_PROGBITS
where the executable flag is set (SHDR$M_
SHF_EXECINSTR in the section header). The
section data will be displayed as machine
instructions.
DEBUG Analyzes and displays sections consisting
[=(suffix[,...])] of debug formatted debug information. In
addition, you can use a list of debug section
name suffixes to selectively format DEBUG
information. The suffix can be specified as
follows:
o ABBREV-Formats DEBUG abbreviations
o ARANGES-Formats DEBUG address lookup tables
o FRAME-Formats DEBUG frame descriptors for
unwinding
o INFO-Formats DEBUG symbols
o LINE-Formats DEBUG source line info
o PUBNAMES-Formats DEBUG name lookup tables
o PUBTYPES-Formats DEBUG type lookup tables
EXTENSIONS Analyzes and displays sections of type SHT_
IA64_EXT. The data is displayed in hexadecimal
format.
GROUP Analyzes and displays sections of type SHT_
GROUP. Sections of this type consist of a list
of the section numbers of sections belonging
to that group.
HEADERS The default keyword. Displays the ELF header
and the section header details.
LINKAGES Analyzes and displays sections of type SHT_
VMS_LINKAGES.The data is displayed as a list
of linkage descriptors.
NOBITS Analyzes and displays sections of type SHT_
NOBITS. There is no module data associated
with sections of this type.
NOTE Analyzes and displays sections of type SHT_
NOTE. The data for this section is displayed
as a list of formatted OpenVMS note entries.
NULL Displays all sections of type PT_NULL. No a
data will be displayed for segments of this
type.
NUMBERS= (number Displays individual sections, as follows:
[,...])
o The selected sections will have a detailed
display of their header and their contents.
An informational message is displayed for
section numbers that do not exist in the
module.
o One or more numeric values may be
specified.
o Section numbers may be specified in
decimal, octal (using the %O prefix), or
hexadecimal (using the %X prefix).
PROGBITS Displays all sections of type SHT_PROGBITS,
except unwind sections.
Formatting for the sections of type SHT_
PROGBITS depends on the EXECINSTR flag
(SHDR$M_SHF_EXECINSTR) in its section header.
If this bit set, the section data will be
displayed as machine instructions. Otherwise
it will be displayed as hexadecimal data.
Unwind sections will be displayed if
/SECTIONS=UNWIND is specified.
RELOCATIONS Analyzes and displays sections of type SHT_
RELA. The data for this section is displayed
as table of relocation entries.
STRTAB Analyzes and displays sections of type SHT_
STRTAB. The data for this section is displayed
as a string table.
SYMTAB Displays sections of type SHT_SYMTAB. The
data for this section is displayed as a symbol
table.
TRACE Analyzes and displays sections consisting of
[=(suffix[,...])] traceback information.
In addition, you can use a list of trace
section name suffixes to selectively format
TRACE information. The trace section names,
which appear as ".trace_suffix", can be
viewed in the summary table. The suffix can be
specified as shown below. In addition, because
there is one common debug and traceback
section, ".debug_line", the suffix "line"
can be specified as shown below as well:
o ABBREV-Formats TRACE abbreviations
o ARANGES-Formats TRACE address lookup tables
o INFO-Formats TRACE symbols
o LINE-Formats TRACE source line info
UNWIND Analyzes and displays sections of type SHT_
IA64_UNWIND. Each section of this type has an
associated Unwind Information section of type
SHT_PROGBITS. This associated section is also
displayed.
7.3.13 /SELECT
/SELECT=(keyword[,...])
Allows for the collection of specific object file information and
displays the selected keyword items in the order specified.
NOTE
The /SELECT qualifier can be used on object and image
files. The same keywords are valid selections. However,
some information can not be in an object, such as the link
date and time. Therfore, for some keywords the Analyze
utility returns "Unknown.". In the following table, only
the keywords (which are useful for object files) and their
return values are listed.
Analyze creates DCL symbols for all selectable information with
the /SELECT qualifier. The symbol names consist of the prefix
ANALYZE$ and a descriptive name of the information they hold.
The symbol value is the selected information, usually printed
to SYS$OUTPUT. Effectively, all of the printed information
is duplicated in the symbols. For unselected information, the
corresponding symbols will contain the null string.
The keywords are as follows:
Keyword Description
ARCHITECTURE Writes the architecture information into the DCL
symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS
IA64" if the file is an OpenVMS I64 object file.
Returns "OpenVMS Alpha" if the file an OpenVMS
Alpha object file. Returns "OpenVMS VAX" if the
file is an OpenVMS VAX object file.
FILE_TYPE Writes file type information into the DCL symbol
ANALYZE$FILE_TYPE. Returns "Object" if the file
is an OpenVMS I64, Alpha, or VAX object file.
7.3.14 /TBT
/TBT (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all module traceback
(TBT) records.
If you want the analysis to include TBT records for each file
in the parameter list, specify the /TBT qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include TBT records selectively,
insert the /TBT qualifier immediately following each of the
selected file specifications.
7.3.15 /TIR
/TIR (VAX and Alpha only)
Positional qualifier.
Specifies that the analysis should include all text information
and relocation (TIR) records.
If you want the analysis to include TIR records for each file
in the parameter list, specify the /TIR qualifier immediately
following the /OBJECT qualifier.
If you want the analysis to include TIR records selectively,
insert the /TIR qualifier immediately following the selected file
specifications.
7.4 – Examples
1.$ ANALYZE/OBJECT/INTERACTIVE LINEDT
In this example, the ANALYZE/OBJECT command produces a
description and a partial error analysis of the object file
LINEDT.OBJ. Output is to the terminal, because the /INTERACTIVE
qualifier has been used. As each item is analyzed, the utility
displays the results on the screen and asks if you want to
continue.
2.$ ANALYZE/OBJECT/OUTPUT=LIOBJ/DBG LINEDT (VAX and Alpha only)
In this example, the ANALYZE/OBJECT command analyzes only the
debugger information records of the file LINEDT.OBJ. Output is
to the file LIOBJ.ANL.
3.$ ANALYZE/OBJECT/SELECT=(ARCH,FILE) *.OBJ
DISK:[DIRECTORY]ALPHA.OBJ;1
OpenVMS ALPHA
Object
DISK:[DIRECTORY]VAX.OBJ;1
OpenVMS VAX
Object
This example displays the information requested about the
object files ALPHA.OBJ and VAX.OBJ.
8 /PROCESS_DUMP
Invokes the OpenVMS Debugger to analyze a process dump file that
was created when an image failed during execution. (Use the /DUMP
qualifier with the RUN or the SET PROCESS command to generate a
dump file.)
Note that on Alpha systems, you can also force a process to dump by
using the DUMP/PROCESS command.
The ANALYZE/PROCESS_DUMP command can display a process dump file
for either an Alpha or a VAX image. For a complete description
of the debugger, including information about the DEBUG command,
refer to the OpenVMS Debugger Manual.
Requires read (R) access to the dump file.
Format
ANALYZE/PROCESS_DUMP dump-file
dump-file
Specifies the dump file to be analyzed with the debugger.
8.1 – Qualifiers
8.1.1 /FULL
On VAX and Alpha systems, displays all known information about the
failing process.
8.1.2 /IMAGE
/IMAGE=image-name
/NOIMAGE
On VAX systems, specifies the image to be activated to set up the
process context for the analysis. If you use the /NOIMAGE qualifier,
the DELTA debugger will be used for the analysis.
By default, symbols are taken from the image with the same name as
the image that was running at the time of the dump.
8.1.3 /IMAGE_PATH
/IMAGE_PATH[=directory-spec] dump-file
/NOIMAGE_PATH
On Alpha systems, specifies the search path the debugger is to use
to find the debugger symbol table (DST) file. As in prior debuggers,
the debugger builds an image list from the saved process image list.
When you set an image (the main image is automatically set), the
debugger attempts to open that image in order to find the DST file.
If you include the /IMAGE_PATH=directory-spec qualifier, the
debugger searches for the DST file in the specified directory.
The debugger first tries to translate directory-spec as the logical
name of a directory search list. If that fails, the debugger
interprets directory-spec as a directory specification, and searches
that directory for matching .DSF or .EXE files. A .DSF file takes
precedence over an .EXE file. The name of the .DSF or .EXE file
must match the image.
If you do not include the /IMAGE_PATH=directory-spec qualifier,
the debugger looks for the DST file first in the directory that
contains the dump file. If that fails, the debugger searches
directory SYS$SHARE and then directory SYS$MESSAGE. If the debugger
fails to find a DST file for an image, the symbolic information
available to the debugger is limited to global and universal symbol
names.
Version 7.3 and later debuggers check for dumpfile image specification
and DST file link date-time mismatches and issue a warning if one is
discovered.
The dump-file parameter is the name of the process dump file to
be analyzed. Note that the process dump file file type must be .DMP
and the DST file type must be either .DSF or .EXE.
Restrictions
You cannot use a logical to redirect the search for an image
and use the /IMAGE_PATH qualifier at the same time. If you
use the /IMAGE_PATH qualifier, then all images that are not
in their original locations must be found through that path.
Individual image logicals (for example, the "SH" in "DEFINE
SH SYS$LOGIN:SH.EXE") are not processed.
Additionally, you cannot input a directory search path
directly to the /IMAGE_PATH qualifier, as it does not
process a directory list separated by commas; however, you
can specify a logical that translates into a directory
search path.
8.1.4 /INTERACTIVE
/INTERACTIVE
/NOINTERACTIVE (default)
On VAX systems, causes the display of information to pause when your
terminal screen is filled. Press Return to display additional
information. By default, the display is continuous.
8.1.5 /MISCELLANEOUS
On VAX systems, displays process information and registers at the
time of the dump. Refer to the $GETJPI system service for further
explanation of the process information displayed.
8.1.6 /RELOCATION
On VAX systems, displays the addresses to which data structures saved
in the dump are mapped in P0 space. (Examples of such data structures
are the stacks.) The data structures in the dump must be mapped into P0
space so that the debugger can use those data structures in P1 space.
8.2 – Examples
1.$ ANALYZE/PROCESS/FULL ZIPLIST
R0 = 00018292 R1 = 8013DE20 R2 = 7FFE6A40 R3 = 7FFE6A98
R4 = 8013DE20 R5 = 00000000 R6 = 7FFE7B9A R7 = 0000F000
R8 = 00000000 R9 = 00000000 R10 = 00000000 R11 = 00000000
SP = 7FFAEF44 AP = 7FFAEF48 FP = 7FFAEF84
FREE_P0_VA 00001600 FREE_P1_VA 7FFAC600
Active ASTs 00 Enabled ASTs 0F
Current Privileges FFFFFF80 1010C100
Event Flags 00000000 E0000000
Buffered I/O count/limit 6/6
Direct I/O count/limit 6/6
File count/limit 27/30
Process count/limit 0/0
Timer queue count/limit 10/10
AST count/limit 6/6
Enqueue count/limit 30/30
Buffered I/O total 7 Direct I/O total 18
Link Date 27-DEC-2000 15:02:00.48 Patch Date 17-NOV-2000 00:01:53
ECO Level 0030008C 00540040 00000000 34303230
Kernel stack 00000000 pages at 00000000 moved to 00000000
Exec stack 00000000 pages at 00000000 moved to 00000000
Vector page 00000001 page at 7FFEFE00 moved to 00001600
PIO (RMS) area 00000005 pages at 7FFE1200 moved to 00001800
Image activator context 00000001 page at 7FFE3400 moved to 00002200
User writable context 0000000A pages at 7FFE1C00 moved to 00002400
Creating a subprocess
VAX DEBUG Version 5.4
DBG>
This example shows the output of the ANALYZE/PROCESS command when used
with the /FULL qualifier on a VAX system. The file specified, ZIPLIST,
contains the dump of a process that encountered a fatal error. The
DBG> prompt indicates that the debugger is ready to accept commands.
9 /RMS_FILE
Invokes the Analyze/RMS_File utility to inspect and analyze the
internal structure of an RMS file. The /RMS_FILE qualifier is
required. For a complete description of the Analyze/RMS_File
utility, including more information about the ANALYZE/RMS_FILE
command and its qualifiers, see the OpenVMS Record Management
Utilities Reference Manual.
ANALYZE/RMS_FILE filespec[,...]
9.1 – Parameter
filespec[,...]
Specifies the data file to be analyzed. The default file type
is .DAT. You can use multiple file specifications and wildcard
characters with the /CHECK qualifier, the /RU_JOURNAL qualifier,
the /STATISTICS qualifier, and the /SUMMARY qualifier, but not
with the /FDL qualifier or the /INTERACTIVE qualifier.
9.2 – Qualifiers
9.2.1 /CHECK
Checks the integrity of the file and generates a report of any
errors in its structure. The report produced by the /CHECK
qualifier includes a list of any errors and a summary of the
file's structure. If you do not specify an output file, the
report is written to the current SYS$OUTPUT device, which is
generally your terminal. You can use wildcards and multiple file
specifications. If you specify /NOOUTPUT, you only get a message
indicating whether the file has errors.
The check function is active by default when you use the ANALYZE
/RMS_FILE command without any qualifiers. The /CHECK qualifier
is not compatible with the /FDL qualifier, the /INTERACTIVE
qualifier, the /STATISTICS qualifier, or the /SUMMARY qualifier.
If /CHECK is used with any of the other qualifiers, /FDL takes
precedence, next is /INTERACTIVE, then /STATISTICS, and lastly
/SUMMARY.
9.2.2 /FDL
Generates an FDL file describing the RMS data file being
analyzed. By default, the /FDL qualifier creates a file with the
file type .FDL and the same file name as the input data file. To
assign a different type or name to the FDL file, use the /OUTPUT
qualifier. If the data file is corrupted, the FDL file contains
the Analyze/RMS_File utility error messages.
For indexed files, the FDL file contains special analysis
sections you can use with the EDIT/FDL Optimize script to make
better design decisions when you reorganize the file.
You cannot use wildcards or multiple file specifications with
the /FDL qualifier. The /FDL qualifier is not compatible with the
/CHECK qualifier, the /INTERACTIVE qualifier, the /STATISTICS
qualifier, the /SUMMARY qualifier, or the /UPDATE_HEADER
qualifier. The /FDL qualifier takes precedence over all other
qualifiers.
9.2.3 /INTERACTIVE
Begins an interactive examination of the file's structure. You
cannot use wildcards or multiple file specifications. For help
with the interactive commands, enter the HELP command at the
ANALYZE> prompt.
Do not use this qualifier with the /CHECK, /FDL, /STATISTICS,
/SUMMARY, or /UPDATE_HEADER qualifiers. If used with the /FDL
qualifier, the /FDL takes precedence. All other qualifiers are
ignored when used with /INTERACTIVE.
9.2.4 /OUTPUT
/OUTPUT=filesspec
/NOOUTPUT
Identifies the destination file for the results of the analysis.
The /NOOUTPUT qualifier specifies that no output file is to be
created. In all cases, the Analyze/RMS_File utility displays a
message indicating whether the data file has errors.
/CHECK Places the integrity report in the output file.
The default file type is .ANL, and the default
file name is ANALYZE. If you omit the output-
filespec parameter, output is written to the
current SYS$OUTPUT device, which is generally
your terminal.
/FDL Places the resulting FDL specification in the
output file. The default file type is .FDL, and
the default file name is that of the input file.
/INTERACTIVE Places a transcript of the interactive session in
the output file. The default file type is .ANL,
and the default file name is ANALYZE. If you omit
the output-filespec parameter, no transcript of
your interactive session is produced.
/RU_JOURNAL Places the recovery-unit journal information in
the output file. The default file type is .ANL,
and the default file name is ANALYZE. If you
omit the output-filespec parameter, output is
written to the current SYS$OUTPUT device, which
is generally your terminal.
/STATISTICS Places the statistics report in the output file.
The default file type is .ANL, and the default
file name is ANALYZE. If you omit the output-
filespec parameter, output is written to the
current SYS$OUTPUT device, which is generally
your terminal.
/SUMMARY Places the summary report in the output file.
The default file type is .ANL, and the default
file name is ANALYZE. If you omit the output-
filespec parameter, output is written to the
current SYS$OUTPUT device, which is generally
your terminal.
9.2.5 /RU_JOURNAL
Provides information about recovery-unit journaling where
applicable. You can use the /RU_JOURNAL qualifier on any file,
but it is inoperative on files not marked for recovery-unit
journaling.
This qualifier provides the only way of accessing a file that
would otherwise be inaccessible because of unresolved recovery
units. This situation might be the result of an unavailable
recovery-unit journal file or of unavailable data files that
were included in the recovery unit.
To use the /RU_JOURNAL qualifier, your process must have both
CMEXEC privilege and access to the [SYSJNL] directory (either
SYSPRV privilege or access for UIC [1,4]).
This qualifier is compatible with all of the ANALYZE/RMS_FILE
qualifiers, and you can use it with wildcards and multiple file
specifications.
When you specify the /RU_JOURNAL qualifier, the Analyze/RMS_File
utility provides you with the following data for each active
recovery unit:
o The journal file specification and the journal creation date
o The recovery-unit identification, recovery-unit start time,
cluster system identification number (CSID), and process
identification (PID)
o Information about the files involved in the recovery unit,
including the file specification, the name of the volume where
the file resides, the file identification, the date and time
the file was created, and the current status of the file
o The state of the recovery unit - active, none, started,
committed, or not available (for more information, see the
RMS Journaling for OpenVMS Manual)
o An error statement
9.2.6 /STATISTICS
Specifies that a report is to be produced containing statistics
about the file. The /STATISTICS qualifier is used mainly on
indexed files.
By default, if you do not specify an output file with the /OUTPUT
qualifier, the statistics report is written to the current
SYS$OUTPUT device, which is generally your terminal.
The /STATISTICS qualifier is not compatible with the /CHECK
qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, or
the /SUMMARY qualifier. If /STATISTICS is used with any other
qualifiers, /FDL takes precedence, and then /INTERACTIVE. All
other qualifiers are ignored. The /STATISTICS qualifier does an
implicit check.
9.2.7 /SUMMARY
Specifies that a summary report is to be produced containing
information about the file's structure and use. The /SUMMARY
qualifier generates a summary report containing information about
the file's structure and use.
If the file has no errors, the output generated from the /SUMMARY
qualifier is identical to that produced by the /CHECK qualifier.
Unlike the /CHECK qualifier, however, the /SUMMARY qualifier does
not check the structure of your file, so output is generated more
quickly.
Do not use this qualifier with the /CHECK qualifier, the /FDL
qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier,
or the /UPDATE_HEADER qualifier. If /SUMMARY is used with any
other qualifiers, /FDL takes precedence, next is /INTERACTIVE,
and then /STATISTICS.
9.2.8 /UPDATE_HEADER
Attempts to update the following attributes in the header of
the file: longest record length (LRL) and/or file length hint
attribute.
You must use this qualifier in combination with either
/STATISTICS or /CHECK (the default).
This qualifier only applies to sequential file organizations and
is ignored for any other file organization. The /UPDATE_HEADER
qualifier attempts to update the LRL and/or file hint attribute
in the file header if the calculated value(s) differ from the
current value(s) in the file header. The /UPDATE_HEADER qualifier
applies to:
o An LRL request - if the file is sequential and has a record
format other than undefined (UDF).
o A HINT request - if the file is sequential, the record format
is either variable (VAR) or variable with fixed control (VFC),
and the file is located on an ODS-5 disk device.
It is not supported for remote accesses; requests are ignored.
The /UPDATE_HEADER qualifier requires either the STATISTICS or
CHECK (default) functions since calculating new values for the
LRL and/or file length hint presumes that all the records in the
sequential file are processed. It is not compatible with the /FDL
qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier.
Any errors returned by the file system when an attempt to update
the file header fails are ignored. If the update succeeds, the
updated values are displayed at the end of the report.
9.3 – EXAMPLES
1.$ ANALYZE/RMS_FILE/CHECK CUSTFILE
This command checks the file CUSTFILE.DAT for errors and displays
the report on the terminal.
2.$ ANALYZE/RMS_FILE/FDL ADDRFILE
This command generates an FDL file named ADDRFILE.FDL from the
data file ADDRFILE.DAT.
3.$ ANALYZE/RMS_FILE DENVER::DB1:[PROD]RUN.DAT
This command analyzes the structure of the file RUN.DAT residing
at remote node DENVER.
4.$ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A
FILE HEADER
File Spec: DISK$REGRES:[REGRES]A.A;3
...
RMS FILE ATTRIBUTES
File Organization: sequential
Record Format: variable
Record Attributes: carriage-return
Maximum Record Size: 0
Longest Record: 52
Blocks Allocated: 4, Default Extend Size: 0
End-of-File VBN: 1, Offset: %X'008E'
File Monitoring: disabled
File Length Hint (Record Count): 6 (invalid)
File Length Hint (Data Byte Count): 42 (invalid)
Global Buffer Count: 0
The analysis uncovered NO errors.
UPDATED File Length Hint (Record Count) to: 10
UPDATED File Length Hint (Data Byte Count) to: 118
ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A
10 /SSLOG
Valid for Alpha and I64 systems only.
Displays the collected data.
Format:
ANALYZE/SSLOG [/BRIEF | /FULL | /NORMAL | /STATISTICS]
[/OUTPUT=filename] [/SELECT=(option[,...])]
[/WIDE] [filespec]
filespec
Optional name of the log file to be analyzed. The default
filename is SSLOG.DAT.
10.1 – Qualifiers
10.1.1 /BRIEF
Displays abbreviated logged information.
10.1.2 /FULL
Displays logged information, error status messages and sequence
numbers.
10.1.3 /NORMAL
/NORMAL (Default)
Displays basic logged information.
10.1.4 /STATISTICS
/STATISTICS[=BY_STATUS]
Displays statistics on system services usage; accepts BY_
STATUS keyword. Outputs a summary of the services logged with
a breakdown by access mode. Output is ordered with the most
frequently requested services first. If BY_STATUS is included,
the summary is further separated by completion status. Output is
displayed up to 132 columns wide.
10.1.5 /OUTPUT
/OUTPUT=filename
Identifies the output file for storing the results of the log
analysis. An asterisk (*) and percent sign (%) are not allowed
as wildcards in the file specification. There is no default file
type or filename. If you omit the qualifier, results are output
to the current SYS$OUTPUT device.
10.1.6 /SELECT
/SELECT=([option[,...]])
Selects entries based on your choice of options. You must specify
at least one of the following:
Keyword Meaning
ACCESS_MODE=mode Selects data by access mode.
IMAGE=image-name Selects data by image name.
STATUS[=n] Selects data by status. n is optional.
/SELECT=STATUS displays all entries that
have an error status.
SYSSER=service-name Selects data by service name.
10.1.7 /WIDE
Provides for a display of logged information up to 132 columns
wide.
10.2 – Description
The ANALYZE/SSLOG command displays the collected logged data.
Note that a system service log must be analyzed on the same
platform type as the one on which it was created; for example,
a log created on an OpenVMS Alpha system must be analyzed on an
OpenVMS Alpha system.
For examples with explanations, see the System Service Logging
chapter of the VSI OpenVMS System Analysis Tools Manual.
11 /SYSTEM
Invokes the System Dump Analyzer utility, which analyzes a running system.
The /SYSTEM qualifier is required.
Requires CMKRNL (change-mode-to-kernel) privilege. Also requires PFNMAP
(map-by-PFN) privilege to access memory by physical address.
For more information about the System Dump Analyzer utility on Alpha and
Integrity server systems, see the VSI OpenVMS System Analysis Tools Manual
or online help.
Format:
ANALYZE/SYSTEM
11.1 /SYMBOL
Specifies an alternate system symbol table for SDA to use.
Format:
ANALYZE/SYSTEM/SYMBOL=system-symbol-table
system-symbol-table
The file specification of the SDA system symbol table required
by SDA to analyze a running system. The specified system-symbol-table
must contain those symbols required by SDA to find certain
locations in the executive image.
On Alpha and I64 systems, if you do not specify the /SYMBOL qualifier,
SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols
into the SDA symbol table.
On VAX systems, if you do not specify the /SYMBOL qualifier, SDA
uses SYS$SYSTEM:SYS.STB by default.
When you specify the /SYMBOL qualifier, SDA assumes the default disk
and directory to be SYS$DISK and [default-dir]; that is, the disk
and directory specified in your last SET DEFAULT command. If no
device and directory are given in the file name and the file is not
found in the current default directory, SDA attempts to open the file
SDA$READ_DIR:filename.type. If no type has been given in the file
name, SDA assumes .EXE. If you specify a file for this parameter that
is not a system symbol table, SDA halts with a fatal error.
11.2 – Examples
1. $ ANALYZE/SYSTEM
OpenVMS (TM) system analyzer
SDA>
This command invokes SDA to analyze the running system.
2. On Alpha and I64 systems:
$ ANALYZE/SYSTEM/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM
This command invokes SDA to analyze the running system, using
the base image in SDA$READ_DIR.
3. On VAX systems:
$ ANALYZE/SYSTEM/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM
This command invokes SDA to analyze the running system, using
the system symbol table at SYS$CRASH:SYS.STB.