HELPLIB.HLB  —  ANALYZE  /AUDIT  /SELECT
    Specifies the criteria for selecting records from the audit log
    file. For a description of how to generate audit records, see the
    VSI OpenVMS Guide to System Security.

    Format

      /SELECT=criteria[,...]

      /NOSELECT

    criteria[,...]

    Specifies the criteria for selecting records. For each specified
    criterion, ANALYZE/AUDIT has two selection requirements:

    o  The packet corresponding to the criterion must be present in
       the record.

    o  One of the specified values must match the value in that
       packet.

    For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as
    the criteria, ANALYZE/AUDIT selects an event record containing
    the SYSTEM=DBASE packet and a USER packet with either the PUTNAM
    value or the WU value.

    If you omit the /SELECT qualifier, all event records selected
    through the /EVENT_TYPE qualifier are extracted from the audit
    log file and included in the report.

    You can specify any of the following criteria:
Additional Information: explode extract
ACCESS ACCOUNT ACCOUNT ASSOCIATION_NAME AUDIT_NAME COMMAND_LINE CONNECTION_IDENTIFICATION DECNET_LINK_IDENTIFICATION DECNET_OBJECT_NAME DECNET_OBJECT_NUMBER DEFAULT_USERNAME DEVICE_NAME DIRECTORY_ENTRY DIRECTORY_NAME DISMOUNT_FLAGS EVENT_CLUSTER_NAME FACILITY FIELD_NAME FILE_NAME FILE_IDENTIFICATION FLAGS HOLDER IDENTIFIER IDENTIFIERS_MISSING IDENTIFIERS_USED IMAGE_NAME INSTALL LNM_PARENT_NAME LNM_TABLE_NAME LOCAL LOGICAL_NAME MAILBOX_UNIT MOUNT_FLAGS NEW_DATA NEW_IMAGE_NAME NEW_OWNER OBJECT PARENT PASSWORD PRIVILEGES_MISSING PRIVILEGES_USED PROCESS REMOTE REQUEST_NUMBER SECTION_NAME SENSITIVE_FIELD_NAME SENSITIVE_NEW_DATA SNAPSHOT_BOOTFILE SNAPSHOT_SAVE_FILENAME STATUS SUBJECT_OWNER SUBTYPE SYSTEM SYSTEM_SERVICE_NAME TARGET_DEVICE_NAME TARGET_PROCESS_IDENTIFICATION TARGET_PROCESS_NAME TARGET_PROCESS_OWNER TARGET_USERNAME TERMINAL TRANSPORT_NAME UAF_SOURCE USERNAME VOLUME_NAME VOLUME_SET_NAME Examples
Close Help