HP OpenVMS System Management Utilities Reference Manual


Previous Contents Index

/LIST

Determines whether the Analyze/Disk_Structure utility produces a listing of the index file.

Format

/LIST
[=filespec]

/NOLIST


Description

If you specify /LIST, the utility produces a file that contains a listing of all file identifications (FIDs), file names, and file owners. If you omit the file specification, the default is SYS$OUTPUT. If you include a file specification without a file type, the default type is .LIS. You cannot use wildcard characters in the file specification.

The default is /NOLIST.


Example


$ ANALYZE/DISK_STRUCTURE DLA2:/LIST=INDEX
$ TYPE INDEX
Listing of index file on DLA2:
31-OCT-2002 20:54:42.22
 
(00000001,00001,001)  INDEXF.SYS;1
                              [1,1]
(00000002,00002,001)  BITMAP.SYS;1 
                              [1,1]
(00000003,00003,001)  BADBLK.SYS;1 
                              [1,1]
(00000004,00004,001)  000000.DIR;1 
                              [1,1]
(00000005,00005,001)  CORIMG.SYS;1 
                              [1,1]
. 
. 
. 
$
      

In this example, ANALYZE/DISK_STRUCTURE did not find errors on the device DLA2. Because the file INDEX was specified without a file type, the system assumes a default file type of .LIS. The subsequent TYPE command displays the contents of the file INDEX.LIS.

/LOCK_VOLUME (Alpha and Integrity servers)

Prevents updates to a volume while you are analyzing it.

Format

/LOCK_VOLUME

/NOLOCK_VOLUME


Description

/LOCK_VOLUME provides a way to prevent file system activity on a volume while you are using the ANALYZE/DISK_STRUCTURE utility on that volume. This qualifier operates the same way as /REPAIR does: it software write-locks the file structure while the utility is running. (The qualifier does not, however, affect any repairs on the volume.) The default is /NOLOCK_VOLUME.

Using this qualifier reduces the number of false error messages that might occur when you run the utility on an active volume. /LOCK_VOLUME stops the activity of applications that open, close, or modify files on the target volume for the period the utility is running.

Note

Be careful about using this qualifier, especially for volumes that contain active system files such as SYSUAF, RIGHTSLIST, log files, and AUDIT_SERVER journal and log files. All of these files are stalled while ANALYZE/DISK_STRUCTURE is running.

Example


$ ANALYZE/DISK_STRUCTURE DBA1:/LOCK_VOLUME
      

The command in this example stops file system activity on DBA1: while ANALYZE/DISK_STRUCTURE is running.

/OUTPUT

Specifies the output file to which the Analyze/Disk_Structure utility is to write the disk structure errors.

Format

/OUTPUT[=filespec]

/NOOUTPUT[=filespec]


Description

Specifies the output file for the disk structure errors. If you omit the /OUTPUT file specification, output is directed to SYS$OUTPUT. If /NOOUTPUT is specified, no disk structure errors are displayed. If the /CONFIRM qualifier is specified, output is forced to SYS$OUTPUT regardless of whether this qualifier is used.

/READ_CHECK

Determines whether the Analyze/Disk_Structure utility performs a read check of all allocated blocks on the specified disk. When the Analyze/Disk_Structure utility performs a read check, it reads the disk twice; this ensures that it reads the disk correctly. The default is /NOREAD_CHECK.

Format

/READ_CHECK

/NOREAD_CHECK


Example


$ ANALYZE/DISK_STRUCTURE DMA1:/READ_CHECK
      

The command in this example directs ANALYZE/DISK_STRUCTURE to perform a read check on all allocated blocks on the device DMA1.

/RECORD_ATTRIBUTES

Determines whether the Analyze/Disk_Structure utility repairs files containing erroneous settings in the record attributes section of their associated file attribute block (FAT).

Format

/RECORD_ATTRIBUTES


Description

You can use the /RECORD_ATTRIBUTES qualifier with the /REPAIR qualifier. If attribute repair is enabled during the repair phase, erroneous bits are cleared from a file's record attributes. This action might not correctly set a file's record attributes as it is beyond the scope of this utility to determine their correct values.

HP recommends that system managers not perform an attribute repair; instead, they should notify the owners of the files about the inconsistencies and have the owners reset the files' attributes using the SET FILE/RECORD_ATTRIBUTES=({record-attributes}) command.


Example


$ ANALYZE/DISK_SYS$SYSDEVICE:
 
%ANALDISK-I-BAD_RECATTR, file (2930,1,1) [USER]ATTRIBUTES.DAT;13 
file record format: Variable 
inconsistent file attributes: Bit 5
%ANALDISK-I-BAD_RECATTR, file (2931,1,1) [USER]ATTRIBUTES.DAT;14 
file record format: Variable 
inconsistent file attributes: FORTRAN carriage control, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2932,1,1) [USER]ATTRIBUTES.DAT;15 
file record format: Variable 
inconsistent file attributes: Implied carriage control, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2933,1,1) [USER]ATTRIBUTES.DAT;16 
file record format: Variable 
inconsistent file attributes: Non-spanned, Bit 5
%ANALDISK-I-BAD_RECATTR, file (2934,1,1) [USER]ATTRIBUTES.DAT;17 
file record format: Variable 
inconsistent file attributes: FORTRAN carriage control, 
Non-spanned, Bit 5 
      

/REPAIR

Determines whether the Analyze/Disk_Structure utility repairs errors that are detected in the file structure of the specified device.

Format

/REPAIR

/NOREPAIR


Description

The Analyze/Disk_Structure utility does not perform any repair operation unless you specify the /REPAIR qualifier. The default is /NOREPAIR.

If you specify /REPAIR, the utility uses the ACP control lock volume function to prevent creation, deletion, extension, and truncation activity while the volume is being rebuilt. In this way, the volume is prevented from being modified while the operation is in progress.

To effectively scan a disk (/NOREPAIR), you must have read access to all files on the disk. You must also have write access to INDEXF.SYS to force the flushing of the caches for this file. You must also have write access to BITMAP.SYS for the same reason: to force the flushing of the caches for this file. (You need write access to QUOTA.SYS only if the volume is running disk quotas.)


Example


$ ANALYZE/DISK_STRUCTURE DBA1:/REPAIR
      

The command in this example causes ANALYZE/DISK_STRUCTURE to perform a repair on all errors found in the file structure of device DBA1.

/SHADOW

Examines the entire contents of a shadow set or a specified range of blocks in a shadow set for discrepancies.

Format

/SHADOW


Parameters

None.

Qualifiers

/BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL}

Directs the system to compare only the range specified. The options are the following:
START: n Number of the first block to be analyzed. The default is the first block.
COUNT: x Number of blocks to be analyzed. You can use this option in combination with or instead of the END option.
END: y Number of the last block to be analyzed. The default is the last block of the volume.
FILE_SYSTEM Blocks currently in use by valid files on the disk. This is the default.
ALL All blocks on the disk.

You can specify START,END,COUNT and either ALL or FILE_SYSTEM. For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL), the software checks the first 100 blocks on the disk, whether or not the file system is using them.

If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the software checks only those blocks that valid files on the disk are using.

/BRIEF

Displays only the logical block number (LBN) if the data in a block is found to be different. Without this qualifier, if differences exist for an LBN, the hexadecimal data of that block will be displayed for each member.

/IGNORE

[NO]IGNORE

Ignore "special" files that are likely to have some blocks with different data. These differences, however, are not unusual and can, therefore, be ignored.

Other special files are the following:

SWAPFILE*.*
PAGEFILE*.*
SYSDUMP.DMP
SYS$ERRLOG.DMP

IGNORE is the default.

/OUTPUT=filename

Output the information to the specified file.

/STATISTICS

Display only the file header and footer. The best use of this qualifier is with the /OUTPUT qualifier.

Description

When you enter the ANALYZE/DISK_STRUCTURE/SHADOW command, the system checks for shadow set discrepancies on the entire contents of a shadow set or a specified range of blocks in a shadow set. If a discrepancy is found, a clusterwide WRITE lock is taken on the shadow set, and the questionable blocks are reread. Then one of the following actions occurs:

See Section 3.1.2 for more details.


Example


$ ANALYZE/DISK_STRUCTURE/SHADOW/BRIEF/BLOCKS=COUNT:1000 dsa716:
Starting to check _DSA716: at 14-MAY-2002 13:42:52.43 
Members of shadow set _DSA716: are _$252$MDA0: _$252$DUA716: 
and the number of blocks to be compared is 1000. 
Checking LBN #0 (approx 0%) 
Checking LBN #127 (approx 12%) 
Checking LBN #254 (approx 25 %) 
Checking LBN #381 (approx 38%) 
Checking LBN #508 (approx 50%) 
Checking LBN #635 (approx 63%) 
Checking LBN #762 (approx 76%) 
Checking LBN #889 (approx 88%) 
 
Run statistics for _DSA716: are as follows: 
         Finish Time = 14-MAY-2002 13:42:52.73 
         ELAPSED TIME =    0 00:00:00.29 
         CPU TIME = 0:00:00.02 
         BUFFERED I/O COUNT = 10 
         DIRECT I/O COUNT = 16 
         Failed LBNs = 0 
         Transient LBN compare errors = 0 
$
      

The command in this example causes ANALYZE/DISK_STRUCTURE/SHADOW to examine the first 1000 blocks of the DSA716: virtual unit to ensure that the device $252$MDAO: and $252$DUA716: have identical data in those blocks.

/STATISTICS

Produces statistical information about the volume under verification and creates a file, STATS.DAT, which contains per-volume statistics.

Format

/STATISTICS


Description

The following information is placed in the STATS.DAT file:

Example


$ ANALYZE/DISK_STRUCTURE MDA2000: /STATISTICS
      

The OpenVMS Alpha volume in this example, which is on device MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command. The STATS.DAT file created contains the following information:


********** Statistics for volume 001 of 001 ********** 
 
Volume is ODS level 5. 
 
Volume has 00000004 ODS-2 primary headers. 
Volume has 00000003 ODS-5 primary headers. 
Volume has 00000000 ODS-5 -1 segnum headers. 
 
00000001 filenames of length 009 bytes. 
00000002 filenames of length 011 bytes. 
00000001 filenames of length 013 bytes. 
00000002 filenames of length 015 bytes. 
00000001 filenames of length 073 bytes. 
 
00000007 extension header chains of length 00000. 
 
00000001 ODS-2 headers have  071 ident area free bytes. 
00000001 ODS-2 headers have  073 ident area free bytes. 
00000001 ODS-2 headers have  075 ident area free bytes. 
00000001 ODS-2 headers have  077 ident area free bytes. 
 
Total ODS-2 ident area free bytes is 00000296. 
 
00000001 ODS-5 headers have  001 ident area free bytes. 
00000001 ODS-5 headers have  029 ident area free bytes. 
00000001 ODS-5 headers have  033 ident area free bytes. 
 
Total ODS-5 ident area free bytes is 00000063. 
 
00000001 headers have 277 free bytes in total. 
00000001 headers have 335 free bytes in total. 
00000001 headers have 339 free bytes in total. 
00000001 headers have 377 free bytes in total. 
00000001 headers have 379 free bytes in total. 
00000001 headers have 381 free bytes in total. 
00000001 headers have 383 free bytes in total. 
 
Total header area in bytes is   00003584. 
Total header area free bytes is 00002791. 
Total header area used bytes is 00000793. 

/USAGE[=filespec]

Specifies that a disk usage accounting file should be produced, in addition to the other specified functions of the Analyze/Disk_Structure utility.

Format

/USAGE
[=filespec]


Description

If all or part of the file specification is omitted, ANALYZE/DISK_STRUCTURE assumes a default file specification of USAGE.DAT. The file is placed in the current default directory.

Example


$ ANALYZE/DISK_STRUCTURE DBA1:/USAGE
$ DIRECTORY USAGE
 
Directory DISK$DEFAULT:[ACCOUNT]
 
USAGE.DAT;1
 
Total of 1 file.
 
      

The first command in this example causes ANALYZE/DISK_STRUCTURE to produce a disk usage accounting file. Because a file specification was not provided in the command line, ANALYZE/DISK_STRUCTURE uses both the default file name and directory [ACCOUNT]USAGE.DAT. The DIRECTORY command instructs the system to display all files with a file name of usage in the current directory. The OpenVMS Alpha device in this example, MDA2000:, has been converted from ODS-2 to ODS-5 using the SET VOLUME command.


Chapter 4
Audit Analysis Utility

4.1 ANALYZE/AUDIT Description

The Audit Analysis utility (ANALYZE/AUDIT) is a system management tool that enables system managers or site security administrators to produce reports from security audit log files.

The OpenVMS operating system automatically audits a limited number of events, such as changes to the authorization database and use of the SET AUDIT command. Depending on your site's requirements, you may want to enable other forms of reporting. However, collecting security audit messages is useful only if you develop and implement a procedure to periodically review the audit log file for suspicious activity. Use ANALYZE/AUDIT to examine the data in security audit log files or security archive files.

The ANALYZE/AUDIT command's different qualifiers allow you to specify the type of information the utility extracts from the security audit log file. The utility can produce an audit report in a variety of formats and direct a report to a file or a terminal.

A description of the format of the auditing messages written to the security auditing file appears in Appendix F.

In a mixed-version cluster, an audit log file contains entries from systems running different versions of the operating system. To analyze the log file, you must invoke the Audit Analysis utility (ANALYZE/AUDIT) from a node running Version 6.1 or later.

For information about how to generate audit messages records and how to use ANALYZE/AUDIT, see the HP OpenVMS Guide to System Security.

4.2 ANALYZE/AUDIT Usage Summary

The Audit Analysis utility (ANALYZE/AUDIT) processes event messages in security audit log files to produce reports of security-related events on the system.

Format

ANALYZE/AUDIT [file-spec[,...]]


Parameter

file-spec[,...]

Specifies one or more security audit log files as input to ANALYZE/AUDIT. If you specify more than one file name, separate the names with commas.

If you omit the file-spec parameter, the utility searches for the default audit log file SECURITY.AUDIT$JOURNAL.

The default audit log file is created in the SYS$COMMON:[SYSMGR] directory. To use the file, specify SYS$MANAGER on the ANALYZE/AUDIT command line. If you do not specify a directory, the utility searches for the file in the current directory.

You can include wildcard characters, such as the asterisk (*) or percent sign (%), in the file specification.

The audit log file can be located in any directory. To display the current location, use the DCL command SHOW AUDIT/ALL.


Description

Use the DCL command ANALYZE/AUDIT to analyze security audit log files or security archive files. An ANALYZE/AUDIT command line can specify the name of one or more log files, as follows:

ANALYZE/AUDIT [file-spec,...]

You can also use the ANALYZE/AUDIT command to extract security event messages from security archive files or from binary files (created with previous ANALYZE/AUDIT commands).

Each ANALYZE/AUDIT request runs until the log file is completely processed. You can interrupt the processing to modify the display or to change position in the report if you activate command mode by pressing Ctrl/C. To terminate an ANALYZE/AUDIT request before completion, press Ctrl/Z.

You can direct ANALYZE/AUDIT output to any supported terminal device or to a disk or tape file by specifying the file specification as an argument to the /OUTPUT qualifier. By default, the output is directed to SYS$OUTPUT.

Use of ANALYZE/AUDIT requires no special privileges other than access to the files specified in the command line.

4.3 ANALYZE/AUDIT Qualifiers

This section describes ANALYZE/AUDIT and provides examples of each qualifier. The following table summarizes the ANALYZE/AUDIT qualifiers:
Qualifier Description
/BEFORE Controls whether records dated earlier than the specified time are selected
/BINARY Controls whether output is a binary file
/BRIEF Controls whether a brief, single-line record format is used in ASCII displays
/EVENT_TYPE Selects the classes of events to be extracted from the security log file
/FULL Controls whether a full format is used in ASCII displays
/IGNORE Excludes records from the report that match the specified criteria
/INTERACTIVE Controls whether interactive command mode is enabled when ANALYZE/AUDIT is invoked
/OUTPUT Specifies where to direct output from ANALYZE/AUDIT
/PAUSE Specifies the length of time each record is displayed in a full format display
/SELECT Specifies the criteria for selecting records
/SINCE Indicates that the utility must operate on records dated with the specified time or after the specified time
/SUMMARY Specifies that a summary of the selected records be produced after all records are processed


Previous Next Contents Index