HP OpenVMS Systems Documentation

OpenVMS DCL Dictionary

Use the SET AUDIT/NOEXCLUDE command to remove a process from the process exclusion list; however, processes listed above cannot be removed from the exclusion list. Also note that PIDs are not automatically removed from the process exclusion list when processes log out of the system.

/INTERVAL=(keyword[,...])

Specifies the delta times to be used for regular audit server operations. For information about specifying delta times, refer to the OpenVMS User's Manual.

The following table describes keywords for the /INTERVAL qualifier:

Keyword	Description
ARCHIVE_FLUSH=time	Specifies the interval at which data collected by the audit server is written to the archive file. The default is 1 minute.
JOURNAL_FLUSH=time	Specifies the interval at which data collected by the audit server is written to the audit log file. The default is 5 minutes.
RESOURCE_MONITOR=time	Specifies the interval at which the audit server retries log file allocation or access. This interval applies whenever free space in the log file is below either the warning or action thresholds, or when the volume holding the log file is inaccessible. The default interval is 5 minutes.
RESUME_SCAN=time	Specifies the interval at which the audit server reviews an existing resource exhaustion condition. The default is 15 minutes.

/JOURNAL[=journal-name]

Specifies the name of the audit journal; the name defaults to SECURITY. (Currently, there is only one journal.)

The /JOURNAL qualifier is required when redefining the audit log file or when specifying resource monitoring characteristics with the /RESOURCE or the /THRESHOLD qualifier.

/LISTENER=device

/NOLISTENER

Specifies the name of a mailbox device to which the audit server sends a binary copy of all security audit event messages. Users can create such a mailbox to process system security events as they occur. For a description of the message formats written to the listener mailbox, refer to the Audit Analysis Utility documentation in the OpenVMS System Management Utilities Reference Manual.

Use the SET AUDIT/NOLISTENER command to disable a listener device.

/RESOURCE=keyword[,...]

Enables or disables the monitoring of disk volumes to ensure adequate space for audit journal entries; it also specifies the monitoring method to use. The /JOURNAL qualifier is required. For more information about resource monitoring, refer to the OpenVMS Guide to System Security.

Keyword	Description
DISABLE	Disables monitoring on the disk volume containing the audit journal.
ENABLE	Enables resource monitoring on the disk volume containing the audit journal.

/SERVER=keyword[,...]

Modifies audit server characteristics. The following table describes keywords for the /SERVER qualifier:

Keyword	Description
EXIT	Initiates an audit server shutdown. This is the only method for removing the audit server process from the system; the audit server cannot be deleted or suspended.
FINAL_ACTION=action	Specifies the action the audit server should take when it runs out of memory and cannot buffer messages. (For more information, refer to the discussion of message flow control in the OpenVMS Guide to System Security.) Specify one of the following actions: CRASH --- Crash the system if the audit server runs out of memory. IGNORE_NEW --- Ignore new event messages until memory is available. New event messages are lost but event messages in memory are saved. PURGE_OLD (default) --- Remove old event messages until memory is available for the most current messages.
FLUSH	Copies all buffered audit and archive records to the security audit log file and security archive file, respectively.
INITIATE	Enables auditing during system startup. Ordinarily, auditing is started from VMS$LPBEGIN in STARTUP.COM but, if a site redefines the logical name SYS$AUDIT_SERVER_INHIBIT, the OpenVMS system waits for a SET AUDIT/SERVER=INITIATE command before enabling auditing.
NEW_LOG	Creates a new clusterwide audit log file. Typically, this is used daily to generate a new version of the audit log file. The following sequence of commands can be used to reset the space monitoring thresholds and then to recreate the auditing log, thereby creating a smaller log file: $ SET AUDIT /JOURNAL=SECURITY /THRESHOLD=WARN=200 $ SET AUDIT /SERVER=NEW_LOG By default, the size of the new auditing log file is based on the size of the previous auditing logs.
RESUME	Requests the audit server process to resume normal activity on the system, if adequate disk space is available. Normally, once the resource monitoring action threshold has been reached, the audit server process suspends most system activity and waits 15 minutes before attempting to resume normal system activity.
START	Starts the audit server process on the system. In order to fully enable the auditing subsystem, the SET AUDIT/SERVER=INITIATE command must be used after the SET AUDIT/SERVER=START command has completed. Compaq recommends using the following command procedure to start the audit server: SYS$SYSTEM:STARTUP AUDIT_SERVER

/THRESHOLD=type=value

Specifies threshold values used in monitoring available space in the audit log file. The auditing system issues advisory messages to central and security operators whenever free space in the audit log file falls below the WARNING threshold. The auditing system suspends processes that generate audit events when free disk space is below the action threshold. (See /RESOURCE=[enable|disable]). The /JOURNAL qualifier is required.

The following table lists the types of thresholds:

Keyword	Description
WARNING=value	Specifies the threshold at which the audit server notifies all security operator terminals that resources are getting low.
ACTION=value	Specifies the threshold at which the audit server starts suspending processes that are generating audit records. (Certain processes are immune to this: refer to OpenVMS Guide to System Security).

The following table lists the default warning and action values for each monitoring mode:

Mode	Warning	Action
Blocks	100	25
Delta time	2 0:00:00	0 0:30:00

/VERIFY

Do not return the dollar sign ($) prompt until the audit server completes the command. Associated qualifiers determine which of the following actions occur:

Redefinition of auditing events
Redefinition of the audit log file or the archive file
Modification of the audit server's operational characteristics
Modification of resource monitoring attributes

If you do not want to wait for the command to complete, specify /NOVERIFY.

Examples

$ SET AUDIT/AUDIT/ENABLE= - _$ (CREATE,ACCESS=(SYSPRV,BYPASS),DEACCESS)/CLASS=FILE $ SHOW AUDIT/AUDIT System security audits currently enabled for: . . . FILE access: Failure: read,write,execute,delete,control SYSPRV: read,write,execute,delete,control BYPASS: read,write,execute,delete,control Other: create,deaccess

The SET AUDIT command in this example enables auditing of file creation and file deaccess; it also enables auditing for any file access done by using either SYSPRV or BYPASS privilege.

$ SET AUDIT/JOURNAL=SECURITY/DESTINATION=AUDIT$:[AUDIT]TURIN
$ SET AUDIT/SERVER=NEW
$ SHOW AUDIT/JOURNAL
List of audit journals:
  Journal name:           SECURITY
  Journal owner:          (system audit journal)
  Destination:            AUDIT$:[AUDIT]TURIN.AUDIT$JOURNAL

The SET AUDIT command in this example demonstrates how to switch to a new journal.

$ SET AUDIT/SERVER=FINAL=CRASH
$ SHOW AUDIT/SERVER
Security auditing server characteristics:
  Database version:       4.4
  Backlog (total):        100, 200, 300
  Backlog (process):      5, 2
  Server processing intervals:
    Archive flush:        0 00:01:00.00
    Journal flush:        0 00:05:00.00
    Resource scan:        0 00:05:00.00
  Final resource action:  crash system

The SET AUDIT command in this example changes the audit server's final action setting so the system crashes when the audit server runs out of memory.

$ SET AUDIT/ARCHIVE/DESTINATION=SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE
$ SHOW AUDIT/ARCHIVE
Security archiving information:
 Archiving events:    system audits
 Archive destination: SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE.AUDIT$JOURNAL

The SET AUDIT command in this example enables a node-specific archive file.

$ SET AUDIT/JOURNAL/RESOURCE=ENABLE
$ SHOW AUDIT/JOURNAL
List of audit journals:
  Journal name:          SECURITY
  Journal owner:         (system audit journal)
  Destination:           SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL
  Monitoring:            enabled
    Warning thresholds,  Block count:   100   Duration:  2 00:00:00.0
    Action thresholds,   Block count:    25   Duration:  0 00:30:00.0

The SET AUDIT command in this example enables disk monitoring and switches the mode so the disk space is monitored in terms of time rather than free blocks.

SET BROADCAST

Enables you to selectively screen out various kinds of messages from being broadcast to your terminal.

Format

SET BROADCAST =(class-name[,...])

Parameter

class-name[,...]
Specifies the class of message that you want to enable or disable for broadcast to your terminal. If you specify only one class, you can omit the parentheses. The class names are as follows:

ALL Enables all message classes.

[NO]DCL Specifies Ctrl/T and SPAWN/NOTIFY messages.

[NO]GENERAL Specifies all normal REPLY messages or messages from $BRDCST.

[NO]MAIL Specifies notification of mail.

NONE Disables all message classes.

[NO]OPCOM Specifies messages issued by the operator communication process (OPCOM).

[NO]PHONE Specifies messages from the Phone utility.

[NO]QUEUE Specifies messages referring to print or batch jobs issued by the queue manager.

[NO]SHUTDOWN Specifies messages issued from the REPLY/SHUTDOWN command.

[NO]URGENT Specifies messages issued from the REPLY/URGENT command.

[NO]USER1 to [NO]USER16 Specifies messages from specific user groups. (For information on setting up user-written broadcast messages, see the description of the $BRKTHRU system service in the OpenVMS System Services Reference Manual.)

Description

The SET BROADCAST command enables you to receive certain kinds of messages at your terminal, but not others. By default, you receive all messages at your terminal (SET BROADCAST=ALL). SET BROADCAST=NONE screens out all messages.
After you have used the SET BROADCAST command to screen out some classes of messages (for example, SET BROADCAST=NOPHONE), you can use the command to restore that class (SET BROADCAST=PHONE).
Use the SHOW BROADCAST command to see which message classes are currently being screened out.

Note
SYS$COMMAND must be a terminal.

Examples

#1
$ SET BROADCAST=(NOMAIL, NOPHONE) . . . $ SET BROADCAST=MAIL

In this example, the first SET BROADCAST command screens out all mail and phone messages. Later the second SET BROADCAST command restores mail messages. Phone messages are still screened.

#2
$ SET BROADCAST=NONE . . . $ SET BROADCAST=(SHUTDOWN, URGENT, DCL, OPCOM)

In this example, the first SET BROADCAST command screens out all messages. Later the second SET BROADCAST command restores shutdown, urgent, DCL, and OPCOM messages. General, phone, mail, queue, and user messages are still screened.

SET CACHE/RESET

Resets systemwide I/O caching statistics for the extended file cache (XFC).

Format

SET CACHE/RESET

Parameters

None.

Description

The SET CACHE/RESET command resets several of the systemwide I/O caching statistics that are displayed by the SHOW MEMORY/CACHE and SDA SHOW MEMORY commands. Statistics that are reset include: I/O counts, hit rates, hit counts, reads bypassing cache, and the read/write ratio.
A timestamp displays the time the cache was last reset, thus subsequent SHOW MEMORY/CACHE commands display statistics from this time.

Examples

$ SHOW MEMORY/CACHE
              System Memory Resources on 22-AUG-2001 11:22:22.50

Extended File Cache  (Time of last reset: 16-AUG-2001 11:16:24.96)
    Allocated (Mbytes)          151.39    Maximum size (Mbytes)        1024.00
    Free (Mbytes)                 0.21    Minimum size (Mbytes)           0.23
    In use (Mbytes)             151.18    Write hit rate                     0%
    Read hit rate                   97%   Write I/O count                 5321
    Read I/O count              208052    Write hit count                    0
    Read hit count              203761    Writes bypassing cache             0
    Reads bypassing cache         1787    Vols in Full XFC mode              0
    Files cached open              316    Vols in VIOC Compatible mode       1
    Files cached closed            300    Vols in No Caching mode            0
    Read/Write ratio                97%   Vols in Perm. No Caching mode      0

This example shows the cache statistics prior to issuing the SET CACHE/RESET command.

$ SET CACHE/RESET

This command resets the cache statistics and updates the timestamp.

$ SHOW MEMORY/CACHE
              System Memory Resources on 22-AUG-2001 11:27:41.11

Extended File Cache  (Time of last reset: 22-AUG-2001 11:27:37.76)
    Allocated (Mbytes)          151.39    Maximum size (Mbytes)        1024.00
    Free (Mbytes)                 0.21    Minimum size (Mbytes)           0.23
    In use (Mbytes)             151.18    Write hit rate                     0%
    Read hit rate                  100%   Write I/O count                    0
    Read I/O count                   9    Write hit count                    0
    Read hit count                   9    Writes bypassing cache             0
    Reads bypassing cache            0    Vols in Full XFC mode              0
    Files cached open              316    Vols in VIOC Compatible mode       1
    Files cached closed            300    Vols in No Caching mode            0
    Read/Write ratio               100%   Vols in Perm. No Caching mode      0

This example shows the reset cache statistics and the modified timestamp.

SET CARD_READER

Defines the default translation mode for cards read from a card reader. All subsequent input read from the specified card reader is converted using the specified mode.

Format

SET CARD_READER device-name[:]

Parameter

device-name[:]
Specifies the name of the card reader for which the translation mode is to be set. The device must not be currently allocated to any other user.

Description

When the system is bootstrapped, the translation mode for cards read into all card readers is set at 029. If you do not specify either of the command qualifiers, the SET CARD_READER command has no effect; that is, the current translation mode for the device remains the same.

Qualifiers

/026
Sets the card reader for cards punched on an 026 punch.
/029
Sets the card reader for cards punched on an 029 punch.
/LOG

/NOLOG (default)
Controls whether log information is displayed at the terminal to confirm that the card reader is set.

Example


$ ALLOCATE CR: _CRA0: ALLOCATED $ SET CARD_READER CRA0:/029 $ COPY CRA0: [PEARLMAN.DATAFILES]CARDS.DAT

The ALLOCATE command requests the allocation of a card reader by specifying the generic device name. When the ALLOCATE command displays the name of the device, the SET CARD_READER command sets the translation mode at 029. Then the COPY command copies all the cards read by the card reader CRA0 into the file CARDS.DAT in the directory [PEARLMAN.DATAFILES].

SET CLUSTER/EXPECTED_VOTES

Sets the total expected votes in the OpenVMS Cluster to a value that you specify or, if no value is specified, sets the total votes to a value determined by the system.
Requires OPER (operator) privilege.

Format

SET CLUSTER/EXPECTED_VOTES [=value]

Parameter

value
Specifies the total number of expected votes in the cluster.

Description

The SET CLUSTER/EXPECTED_VOTES command enables you to adjust the total number of expected votes in the cluster. Set this value equal to the number of votes contributed by each node plus the number of votes contributed by the cluster quorum disk. The system will automatically calculate the value of the cluster quorum from the total number of expected votes in the cluster.
You can specify the expected total votes value as part of the SET CLUSTER/EXPECTED_VOTES command string. If you enter the command without specifying a value for expected votes, the system calculates the value for you, using the following formula:
EXPECTED_VOTES=(NODE1_VOTES+NODE2_VOTES+...)+QUORUM_DISK_VOTES
NODEn_VOTES is the value of the system parameter VOTES for each node in the cluster and QUORUM_DISK_VOTES is the value of the system parameter QDSKVOTES.
When you enter the SET CLUSTER/EXPECTED_VOTES command without specifying a value, the system assumes that all nodes that are expected to be in the cluster are currently members.
In general, you use the SET CLUSTER/EXPECTED_VOTES command only when a node is leaving the cluster for an extended period of time. Under normal circumstances, quorum is not reduced when a node leaves the cluster, because it is assumed that the node may be rebooted and rejoin the cluster. If a node is removed and is unable to rejoin the cluster within a reasonable period of time (for example, if a node crashes due to a hardware problem and cannot rejoin the cluster for several days), the quorum for the cluster can safely be reduced by lowering the total expected votes until that node rejoins.
The purpose of a cluster quorum is to eliminate any possibility of the cluster partitioning into separate clusters and simultaneously accessing the same resources (such as disks). If the sum of the votes for all members of the cluster is smaller than the cluster quorum, all nodes will block activity until new nodes join to increase the vote total. Lowering the quorum value (by reducing the value of the total expected votes) when one or more nodes leave the cluster for long periods of time reduces this possibility.
Note that no matter what value you specify for the SET CLUSTER/EXPECTED_VOTES command, you cannot increase quorum to a value that is greater than the number of the votes present, nor can you reduce quorum to a value that is half or fewer of the votes present.
When you enter the SET CLUSTER/EXPECTED_VOTES command, either with or without an expected votes value specified, the system responds with a message indicating the new value that was actually set. Note that you need to enter this command only on one node in the cluster, because the new value for total expected votes is propagated through the cluster. This new expected votes value should then be stored in the system parameter EXPECTED_VOTES on each node, so that it remains in effect after the nodes reboot.
When a node that was previously a member of the cluster is ready to rejoin, you should increase the system parameter EXPECTED_VOTES to its original value before bringing the node back to the cluster. Note that you do not need to use the SET CLUSTER/EXPECTED_VOTES command to increase the number of expected votes, because the expected votes value will be increased automatically when the node rejoins the cluster.

Examples

#1
$ SET CLUSTER/EXPECTED_VOTES

The SET CLUSTER command in this example instructs the system to calculate the total expected votes value for you, because no value is specified as part of the command string. The system uses the NODEn_VOTES + QUORUM_DISK_VOTES formula.

#2
$ SET CLUSTER/EXPECTED_VOTES=9

The SET CLUSTER command in this example sets the total expected votes to 9, which is the value specified in the command string.

Contents

Index