VMS Help  —  ANALYZE
    The ANALYZE commands invoke utilities to examine various
    components of an OpenVMS system. They perform the following
    functions:

    o  Invoke the Audit Analysis Utility to extract selective
       information from the system security audit journal (see /AUDIT).

    o  Invoke the System Dump Analyzer (SDA) to examine the specified
       dump file (see /CRASH_DUMP).

    o  Invoke the Analyze/Disk_Structure Utility to examine disk
       volumes (see /DISK_STRUCTURE).

    o  Invoke the Error Log Viewer (ELV) to selectively report the
       contents of an error log file (see /ERROR_LOG/ELV). (Alpha/I64 only)

    o  Describe the contents of an image file or shareable image file
       (see /IMAGE).

    o  Invoke the Bad Block Locator (BAD) Utility to find disk blocks
       that cannot be used to store data (see /MEDIA).

    o  Describe the contents of an object file (see /OBJECT).

    o  Invoke the OpenVMS Debugger for analysis of a process dump file
       (see /PROCESS_DUMP).

    o  Analyze the internal structure of an RMS file (see /RMS_FILE).

    o  Display the data collected by the System Service Logging
       utility (see /SSLOG). (Alpha/I64 only)

    o  Invoke the System Dump Analyzer (SDA) to examine the running system
       (see /SYSTEM).

    The default analyze function is to examine object modules
    (ANALYZE/OBJECT).

1    /AUDIT

    The Audit Analysis utility (ANALYZE/AUDIT) processes event
    messages in security audit log files to produce reports of
    security-related events on the system.

    Format

      ANALYZE/AUDIT  [file-spec[,...]]

    file-spec[,...]

    Specifies one or more security audit log files as input to
    ANALYZE/AUDIT. If you specify more than one file name, separate
    the names with commas.

    If you omit the file-spec parameter, the utility searches for the
    default audit log file SECURITY.AUDIT$JOURNAL.

    The default audit log file is created in the SYS$COMMON:[SYSMGR]
    directory. To use the file, specify SYS$MANAGER on the
    ANALYZE/AUDIT command line. If you do not specify a directory,
    the utility searches for the file in the current directory.

    You can include wildcard characters, such as the asterisk (*)  or
    percent sign (%),  in the file specification.

    The audit log file can be located in any directory. To display
    the current location, use the DCL command SHOW AUDIT/ALL.

1.1  –  Qualifiers

    Qualifier      Description

    /BEFORE        Controls whether records dated earlier than the
                   specified time are selected
    /BINARY        Controls whether output is a binary file
    /BRIEF         Controls whether a brief, single-line record
                   format is used in ASCII displays
    /EVENT_TYPE    Selects the classes of events to be extracted from
                   the security log file
    /FULL          Controls whether a full format is used in ASCII
                   displays
    /IGNORE        Excludes records from the report that match the
                   specified criteria
    /INTERACTIVE   Controls whether interactive command mode is
                   enabled when ANALYZE/AUDIT is invoked
    /OUTPUT        Specifies where to direct output from
                   ANALYZE/AUDIT
    /PAUSE         Specifies the length of time each record is
                   displayed in a full format display
    /SELECT        Specifies the criteria for selecting records
    /SINCE         Indicates that the utility must operate on
                   records dated with the specified time or after
                   the specified time
    /SUMMARY       Specifies that a summary of the selected records
                   be produced after all records are processed

1.2    /BEFORE

    Controls whether records dated earlier than the specified time
    are selected.

    Format

      /BEFORE[=time]

      /NOBEFORE

    time

    Specifies the time used to select records. Records dated earlier
    than the specified time are selected. You can specify an absolute
    time, delta time, or a combination of the two. Observe the syntax
    rules for date and time described in the OpenVMS User's Manual.

1.2.1  –  Examples

    1.$ ANALYZE/AUDIT /BEFORE=25-NOV-2005 -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects all records dated earlier
      than November 25, 2005.

    2.$ ANALYZE/AUDIT /BEFORE=14:00/SINCE=12:00 -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects all records generated
      between noon and 2 P.M. today.

1.3    /BINARY

    Controls whether output is a binary file.

    Format

      /BINARY

      /NOBINARY

1.3.1  –  Example

  $ ANALYZE/AUDIT /BINARY/SINCE=TODAY/OUTPUT=25OCT05.AUDIT -
  _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects all audit records generated
      today and writes the records in binary format to 25OCT05.AUDIT.

1.4    /BRIEF

    Controls whether a brief, single-line record format is used in
    ASCII displays.

    Format

      /BRIEF  (default)

1.4.1  –  Example

  $ ANALYZE/AUDIT /OUTPUT=AUDIT.LIS -
  _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example produces an ASCII file in brief
      format by default. The report is written to the AUDIT.LIS file.

1.5    /EVENT_TYPE

    Selects the classes of events to be extracted from the security
    log file. If you omit the qualifier or specify the ALL keyword,
    the utility includes all enabled event classes in the report.

    Format

      /EVENT_TYPE=(event-type[,...])

    event type[,...]

    Specifies the classes of events used to select records. You can
    specify any of the following event types:

    [NO]ACCESS         Access to an object, such as a file
    [NO]ALL            All event types
    [NO]AUDIT          Use of the SET AUDIT command
    [NO]AUTHORIZATION  Change to the authorization database
                       (SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT,
                       or NET$PROXY.DAT)
    [NO]BREAKIN        Break-in detection
    [NO]CONNECTION     Establishment of a network connection through
                       the System Management utility (SYSMAN),
                       DECwindows, or interprocess communication
                       (IPC) software
    [NO]CREATE         Creation of an object
    [NO]DEACCESS       Completion of access to an object
    [NO]DELETE         Deletion of an object
    [NO]INSTALL        Modification of the known file list with the
                       Install utility (INSTALL)
    [NO]LOGFAIL        Unsuccessful login attempt
    [NO]LOGIN          Successful login
    [NO]LOGOUT         Successful logout
    [NO]MOUNT          Execution of DCL commands MOUNT or DISMOUNT
    [NO]NCP            Modification of the DECnet network
                       configuration databases
    [NO]NETPROXY       Modification of the network proxy
                       authorization file (NETPROXY.DAT or
                       NET$PROXY.DAT)
    [NO]PRIVILEGE      Privilege auditing
    [NO]PROCESS        Use of one or more of the process control
                       system services: $CREPRC, $DELPRC, $SCHDWK,
                       $CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID,
                       $REVOKID, $GETJPI, $FORCEX, $SETPRI
    [NO]RIGHTSDB       Modification of the rights database
                       (RIGHTSLIST.DAT)
    [NO]SYSGEN         Modification of system parameters through the
                       System Generation utility (SYSGEN) or AUTOGEN
    [NO]SYSUAF         Modification of the system user authorization
                       file (SYSUAF.DAT)
    [NO]TIME           Change in system or cluster time

    Specifying the negated form of an event class (for example,
    NOLOGFAIL) excludes the specified event class from the audit
    report.

1.5.1  –  Examples

    1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example extracts all records of
      unsuccessful login attempts, which match the LOGFAIL class,
      and compiles a brief report.

    2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example builds a report in brief format of
      all audit records except those in the LOGIN and LOGOUT event
      classes.

1.6    /FULL

    Controls whether a full format is used in ASCII displays. If you
    specify /NOFULL or omit the qualifier, records are displayed in
    the brief format.

    Format

      /FULL

      /NOFULL  (default)

1.6.1  –  Example

  $ ANALYZE/AUDIT /FULL -
  _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example displays the full contents of each
      selected record.

1.7    /IGNORE

    Excludes records from the report that match the specified
    criteria.

    Format

      /IGNORE=criteria[,...]

    criteria[,...]

    Specifies that all records are selected except those matching any
    of the specified exclusion criteria. See the /SELECT qualifier
    description for a list of the possible criteria to use with the
    /IGNORE qualifier.

1.8    /INTERACTIVE

    Controls whether interactive command mode is enabled when
    ANALYZE/AUDIT is invoked.

    Format

      /INTERACTIVE  (default)

      /NOINTERACTIVE

1.8.1  –  Examples

    1.$ ANALYZE/AUDIT/FULL -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example produces a full format display
      of the selected records. New records are displayed every 3
      seconds. (See the /PAUSE qualifier description to find how to
      modify the duration of each record display.) Press Ctrl/C to
      interrupt the display and to enter interactive commands.

    2.$ ANALYZE/AUDIT/FULL/NOINTERACTIVE -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example invokes the utility in
      noninteractive mode. It displays the first record selected and
      prompts you to press the Return key to display each additional
      selected record. Control returns to the DCL command level when
      all selected records have been displayed.

1.9    /OUTPUT

    Specifies where to direct output from ANALYZE/AUDIT. If you omit
    the qualifier, the report is sent to SYS$OUTPUT.

    Format

      /OUTPUT[=file-spec]

      /NOOUTPUT

    file-spec[,...]

    Specifies the name of the file that is to contain the selected
    records. If you omit the device and directory specification, the
    utility uses the current device and directory specification. If
    you omit the file name and type, the default file name AUDIT.LIS
    is used. If the output is binary (/BINARY) and you omit the
    /OUTPUT qualifier, the binary information is written to the file
    AUDIT.AUDIT$JOURNAL.

1.9.1  –  Example

  $ ANALYZE/AUDIT /BINARY/OUTPUT=BIN122588.DAT -
  _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects audit records from the
      system audit log file and writes them to the binary file
      BIN122588.DAT.

1.10    /PAUSE

    Specifies the length of time each record is displayed in a full-
    format display.

    Format

      /PAUSE=seconds

    seconds

    Specifies the duration (in seconds) of the full-screen display.
    A value of 0 specifies that the system should not pause before
    displaying the next record. By default, the utility displays a
    record for 3 seconds.

1.10.1  –  Example

  $ ANALYZE/AUDIT /FULL/PAUSE=1 -
  _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example displays a selected record in full
      format every second. You can interrupt the display and enter
      interactive commands at any time by pressing Ctrl/C.

1.11    /SELECT

    Specifies the criteria for selecting records from the audit log
    file. For a description of how to generate audit records, see the
    VSI OpenVMS Guide to System Security.

    Format

      /SELECT=criteria[,...]

      /NOSELECT

    criteria[,...]

    Specifies the criteria for selecting records. For each specified
    criterion, ANALYZE/AUDIT has two selection requirements:

    o  The packet corresponding to the criterion must be present in
       the record.

    o  One of the specified values must match the value in that
       packet.

    For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as
    the criteria, ANALYZE/AUDIT selects an event record containing
    the SYSTEM=DBASE packet and a USER packet with either the PUTNAM
    value or the WU value.

    If you omit the /SELECT qualifier, all event records selected
    through the /EVENT_TYPE qualifier are extracted from the audit
    log file and included in the report.

    You can specify any of the following criteria:

1.11.1  –  ACCESS

    ACCESS=(type,...)

    Specifies the type of object access upon which the selection
    is based. Access is object-specific and includes the following
    types:

    Associate  Execute   Read
    Control    Lock      Submit
    Create     Logical   Use
    Delete     Manage    Write
               Physical

    The VSI OpenVMS Guide to System Security describes each of these
    types.

1.11.2  –  ACCOUNT

    ACCOUNT=(name,...)

    Specifies the account name upon which selection is based. You can
    use wildcards, such as an asterisk (*) or percent sign (%), to
    represent all or part of the name.

1.11.3  –  ACCOUNT

    ACCOUNT=(name,...)

    Specifies the alarm journal name on which selection is based. You
    can use wildcards to represent all or part of the alarm name.

1.11.4  –  ASSOCIATION_NAME

    ASSOCIATION_NAME=(IPC-name,...)

    Specifies the name of the interprocess communication (IPC)
    association.

1.11.5  –  AUDIT_NAME

    AUDIT_NAME=(journal-name,...)

    Specifies the audit journal name on which selection is based. You
    can use wildcards to represent all or part of the audit journal
    name.

1.11.6  –  COMMAND_LINE

    COMMAND_LINE=(command,...)

    Specifies the command line that the user entered.

1.11.7  –  CONNECTION_IDENTIFICATION

    CONNECTION_IDENTIFICATION=(IPC-name,...)

    Specifies the name for the interprocess communication (IPC)
    connection.

1.11.8  –  DECNET_LINK_IDENTIFICATION

    DECNET_LINK_IDENTIFICATION=(value,...)

    Specifies the number of the DECnet logical link.

1.11.9  –  DECNET_OBJECT_NAME

    DECNET_OBJECT_NAME=(object-name,...)

    Specifies the name of the DECnet object.

1.11.10  –  DECNET_OBJECT_NUMBER

    DECNET_OBJECT_NUMBER=(value,...)

    Specifies the number of the DECnet object.

1.11.11  –  DEFAULT_USERNAME

    DEFAULT_USERNAME=(username,...)

    Specifies the default local user name for incoming network proxy
    requests.

1.11.12  –  DEVICE_NAME

    DEVICE_NAME=(device-name,...)

    Specifies the name of a device in audit records that have a
    DEVICE_NAME packet. Note that this does not select the device
    name when it occurs in other packet types, such as in a file name
    or in the TARGET_DEVICE_NAME packet.

1.11.13  –  DIRECTORY_ENTRY

    DIRECTORY_ENTRY=(directory,...)

    Specifies the directory entry associated with file system
    operation.

1.11.14  –  DIRECTORY_NAME

    DIRECTORY_NAME=(directory,...)

    Specifies the name of the directory file.

1.11.15  –  DISMOUNT_FLAGS

    DISMOUNT_FLAGS=(flag-name,...)

    Identifies the names of the volume dismounting flags to be used
    in selecting records. Specify one or more of the following flag
    names: Abort, Cluster, Nounload, and Unit.

1.11.16  –  EVENT_CLUSTER_NAME

    EVENT_CLUSTER_NAME=(event-flag-cluster-name,...)

    Specifies the name of the event flag cluster.

1.11.17  –  FACILITY

    FACILITY=(facility-name,...)

    Specifies that only events audited by the named facility be
    selected. Provide a name or a number but, in either case, the
    facility has to be defined through the logical AUDSERV$FACILITY_
    NAME as a decimal number; the system uses the number 0.

1.11.18  –  FIELD_NAME

    FIELD_NAME=(field-name,...)

    Specifies the name of the field that was modified. ANALYZE/AUDIT
    uses the FIELD_NAME criterion with packets containing the
    original data and the new data (specified by the NEW_DATA
    criterion).

    A FIELD_NAME is a character string that describes the content
    of the field. A search for "NEW:" in a full audit report will
    display records that contain the FIELD_NAME values that can be
    specified for this option. Examples of FIELD_NAME values are
    Account, Default Directory, Flags, and Password Date.

    For sensitive information, see SENSITIVE_FIELD_NAME.

1.11.19  –  FILE_NAME

    FILE_NAME=(file-name)

    Specifies the name of the file that caused the audit.
    Describes audit records for the specified file by using a
    slightly different display format than is provided by the
    /OBJECT=NAME=object-name keyword.

1.11.20  –  FILE_IDENTIFICATION

    FILE_IDENTIFICATION=(identification-value)

    Specifies the value of the file's identification. To calculate
    the value, start with the value listed for File ID when you use
    the FILE_NAME keyword. For example, the display lists the File ID
    as:

    File ID:   (3024,5,0)

    Use the following formula to calculate the value:

    (((0 * 65536) + 5)* 65536) + 3024 = 330704

1.11.21  –  FLAGS

    FLAGS=(flag-name,...)

    Identifies the names of the audit event flags associated with the
    audited event. These names should be used in selecting records.
    Specify one or more of the following flags: ACL, Alarm, Audit,
    Flush, Foreign, Internal, and Mandatory.

1.11.22  –  HOLDER

    HOLDER=keyword(,...)

    Specifies the characteristics of the identifier holder to be used
    when selecting event records. Choose from the following keywords:

    NAME=username          Specifies the name of the holder. You can
                           represent all or part of the name with a
                           wildcard.
    OWNER=uic              Specifies the user identification code
                           (UIC) of the holder.

1.11.23  –  IDENTIFIER

    IDENTIFIER=keyword(,...)

    Identifies which attributes of an identifier should be used when
    selecting event records. Choose from the following keywords:

    ATTRIBUTES=name        Specifies the name of the particular
                           attribute. Valid attribute names are as
                           follows: Dynamic, Holder_Hidden, Name_
                           Hidden, NoAccess, Resource, and Subsystem.

    NAME=identifier        Specifies the original name of the
                           identifier. You can represent all or part
                           of the name with a wildcard.

    NEW_NAME=identifier    Specifies the new name of the identifier.
                           You can represent all or part of the name
                           with a wildcard.

    NEW_ATTRIBUTES=name    Specifies the name of the new attribute.
                           Valid attribute names are Dynamic, Holder_
                           Hidden, Name_Hidden, NoAccess, Resource,
                           and Subsystem.

    VALUE=value            Specifies the original value of the
                           identifier.

    NEW_VALUE=value        Specifies the new value of the identifier.

1.11.24  –  IDENTIFIERS_MISSING

    IDENTIFIERS_MISSING=(identifier,...)

    Specifies the identifiers missing in a failure to access an
    object.

1.11.25  –  IDENTIFIERS_USED

    IDENTIFIERS_USED=(identifier,...)

    Specifies the identifiers used to gain access to an object. An
    event record matches if the specified list is a subset of the
    identifiers recorded in the event record.

1.11.26  –  IMAGE_NAME

    IMAGE_NAME=(image-name,...)

    Identifies the name of the image to be used when selecting event
    records. You can represent all or part of the image name with a
    wildcard.

1.11.27  –  INSTALL

    INSTALL=keyword(,...)

    Specifies that installation event packets are to be considered
    when selecting event records. Choose from the following keywords:

    FILE=filename          Specifies the name of the installed file.
                           You can represent all or part of the name
                           with a wildcard.

                           Note that on Alpha systems prior to
                           Version 6.1, audit log files record the
                           installed file name within an object
                           name packet. To select the installed
                           file, you must use the expression
                           OBJECT=(NAME=object-name) instead of
                           FILE=filename.

    FLAGS=flag-name        Specifies the names of the flags, which
                           correspond to qualifiers of the Install
                           utility (INSTALL); for example, OPEN
                           corresponds to /OPEN.

    PRIVILEGES=privilege-  Specifies the names of the privileges with
    name                   which the file was installed.

1.11.28  –  LNM_PARENT_NAME

    LNM_PARENT_NAME=(table-name,...)

    Specifies the name of the parent logical name table.

1.11.29  –  LNM_TABLE_NAME

    LNM_TABLE_NAME=(table-name,...)

    Specifies the name of the logical name table.

1.11.30  –  LOCAL

    LOCAL=(characteristic,...)

    Specifies the characteristics of the local (proxy) account to be
    used when selecting event records. The following characteristic
    is supported:

    USERNAME=username      Specifies the name of the local account.
                           You can represent all or part of the name
                           with a wildcard.

1.11.31  –  LOGICAL_NAME

    LOGICAL_NAME=(logical-name,...)

    Specifies the logical name of the mounted (or dismounted) volume
    upon which selection is based. You can represent all or part of
    the logical name with a wildcard.

1.11.32  –  MAILBOX_UNIT

    MAILBOX_UNIT=(number,...)

    Specifies the number of the mailbox unit.

1.11.33  –  MOUNT_FLAGS

    MOUNT_FLAGS=(flag-name,...)

    Specifies the names of the volume mounting flags upon which
    selection is based. Possible flag names include the following
    names:

       CACHE=(NONE,WRITETHROUGH)
       CDROM
       CLUSTER
       COMPACTION
       DATACHECK=(READ,WRITE)
       DSI
       FOREIGN
       GROUP
       INCLUDE
       INITIALIZATION=(ALLOCATE,CONTINUATION)
       MESSAGE
       NOASSIST
       NOAUTOMATIC
       NOCOMPACTION
       NOCOPY
       NOHDR3
       NOJOURNAL
       NOLABEL
       NOMOUNT_VERIFICATION
       NOQUOTA
       NOREBUILD
       NOUNLOAD
       NOWRITE
                                { ACCESSIBILITY    }
                                { EXPIRATION       }
                                { IDENTIFICATION   }
                                {                  }
                                { LIMITED_SEARCH   }
       OVERRIDE=(options[,...]) { LOCK             }
                                { NO_FORCED_ERROR  }
                                {                  }
                                { OWNER_IDENTIFIER }
                                { SECURITY         }
                                { SETID            }
                                {                  }
       POOL
       QUOTA
       SHARE
       SUBSYSTEM
       SYSTEM
       TAPE_DATA_WRITE
       XAR

    The names NOLABEL and FOREIGN each point to the FOREIGN
    flag. The reason for this is that the MOUNT/NOLABEL
    and MOUNT/FOREIGN commands each set the FOREIGN flag.
    Therefore, if you used MOUNT/NOLABEL, and you use
    ANALYZE/AUDIT/SELECT/MOUNT_FLAGS=NOLABEL, the audit record will
    display the FOREIGN flag.

1.11.34  –  NEW_DATA

    NEW_DATA=(value,...)

    Specifies the value to use after the event occurs. Use this
    criterion with the FIELD_NAME criterion.

    When you use the Authorize utility (AUTHORIZE) to copy a user
    name, NEW_DATA specifies the newly created user name.

    For sensitive information, see SENSITIVE_NEW_DATA.

1.11.35  –  NEW_IMAGE_NAME

    NEW_IMAGE_NAME=(image-name,...)

    Specifies the name of the image to be activated in the newly
    created process, as supplied to the $CREPRC system service.

1.11.36  –  NEW_OWNER

    NEW_OWNER=(uic,...)

    Specifies the user identification code (UIC) to be assigned to
    the created process, as supplied to the $CREPRC system service.

1.11.37  –  OBJECT

    OBJECT=keyword(,...)

    Specifies which characteristics of an object should be used when
    selecting event records. Choose any of the following keywords:

    CLASS=class-name       Specifies the general object class as one
                           of the following classes:

                           Capability
                           Device
                           Event_cluster
                           File
                           Group_global_section
                           Logical_name_table
                           Queue
                           Resource_domain
                           Security_class
                           System_global_section
                           Volume

                           You must enter the full class name (for
                           example, CLASS=logical_name_table) or use
                           wildcard characters to supply a portion of
                           the class name (for example, CLASS=log*).

    NAME=object-name       Specifies the name of the object. You can
                           represent all or part of the name with a
                           wildcard. If you do not use a wildcard,
                           specify the full object name (for example,
                           BOSTON$DUA0:[RWOODS]MEMO.MEM;1).

    OWNER=value            Specifies the UIC or general identifier of
                           the object.

    TYPE=type              Specifies the general object class (type
                           of object). The available classes are as
                           follows:

                           Capability
                           Device
                           File
                           Group_global_section
                           Logical_name_table
                           Queue
                           System_global_section

                           The CLASS keyword supersedes the TYPE
                           keyword. However, TYPE is required to
                           select audit records in files created
                           prior to OpenVMS Alpha Version 6.1.

1.11.38  –  PARENT

    PARENT=keyword(,...)

    Specifies which characteristics of the parent process are used
    when selecting event records generated by a subprocess. Choose
    from the following keywords:

    IDENTIFICATION=value   Specifies the process identifier (PID) of
                           the parent process.

    NAME=process-name      Specifies the name of the parent process.
                           You can represent all or part of the name
                           with a wildcard.

    OWNER=value            Specifies the owner (identifier value) of
                           the parent process.

    USERNAME=username      Specifies the user name of the parent
                           process. You can represent all or part of
                           the name with a wildcard.

1.11.39  –  PASSWORD

    PASSWORD=(password,...)

    Specifies the password used when the system detected a break-in
    attempt.

1.11.40  –  PRIVILEGES_MISSING

    PRIVILEGES_MISSING=(privilege-name,...)

    Specifies privileges the caller needed to perform the operation
    successfully. Specify any of the system privileges, as described
    in the VSI OpenVMS Guide to System Security.

1.11.41  –  PRIVILEGES_USED

    PRIVILEGES_USED=(privilege-name,...)

    Specifies the privileges of the process to be used when selecting
    event records. Specify any of the system privileges, as described
    in the VSI OpenVMS Guide to System Security. Also include the
    STATUS keyword in the selection criteria so the report can
    demonstrate whether the privilege was involved in a successful
    or an unsuccessful operation.

1.11.42  –  PROCESS

    PROCESS=(characteristic,...)

    Specifies the characteristics of the process to be used
    when selecting event records. Choose from the following
    characteristics:

    IDENTIFICATION=value   Specifies the PID of the process.

    NAME=process-name      Specifies the name of the process. You can
                           represent all or part of the name with a
                           wildcard.

1.11.43  –  REMOTE

    REMOTE=keyword(,...)

    Specifies that some characteristic of the network request is to
    be used when selecting event records. Choose from the following
    keywords:

    ASSOCIATION_NAME=IPC-name   Specifies the interprocess
                                communication (IPC) association name.

    LINK_IDENTIFICATION=value   Specifies the number of the DECnet
                                logical link.

    IDENTIFICATION=value        Specifies the DECnet node address.

    NODENAME=node-name          Specifies the DECnet node name. You
                                can represent all or part of the name
                                with a wildcard.

    USERNAME=username           Specifies the remote user name. You
                                can represent all or part of the
                                remote user name with a wildcard.

1.11.44  –  REQUEST_NUMBER

    REQUEST_NUMBER=(value,...)

    Specifies the request number associated with the DCL command
    REQUEST/REPLY.

1.11.45  –  SECTION_NAME

    SECTION_NAME=(global-section-name,...)

    Specifies the name of the global section.

1.11.46  –  SENSITIVE_FIELD_NAME

    SENSITIVE_FIELD_NAME=(field-name,...)

    Specifies the name of the field that was modified. ANALYZE/AUDIT
    uses the SENSITIVE_FIELD_NAME criterion, such as PASSWORD, with
    packets containing the original data and the new data (specified
    by the SENSITIVE_NEW_DATA criterion).

1.11.47  –  SENSITIVE_NEW_DATA

    SENSITIVE_NEW_DATA=(value,...)

    Specifies the value to use after the event occurs. Use this
    criterion with the SENSITIVE_FIELD_NAME criterion.

1.11.48  –  SNAPSHOT_BOOTFILE

    SNAPSHOT_BOOTFILE=(filename,...)

    Specifies the name of the file containing a snapshot of the
    system.

1.11.49  –  SNAPSHOT_SAVE_FILENAME

    SNAPSHOT_SAVE_FILENAME=(filename,...)

    Specifies the name of the system snapshot file for a save
    operation that is in progress.

1.11.50  –  STATUS

    STATUS=(type,...)

    Specifies the type of success status to be used when selecting
    event records. Choose from the following status types:

    SUCCESSFUL             Specifies any success status.
    FAILURE                Specifies any failure status.
    CODE=(value)           Specifies a specific completion status.

    Note that if you specify CODE more than once, only the last value
    is matched.

1.11.51  –  SUBJECT_OWNER

    SUBJECT_OWNER=(uic,...)

    Specifies the owner (UIC) of the process causing the event.

1.11.52  –  SUBTYPE

    SUBTYPE=(subtype,...)

    Specifies that the criteria be limited to the value or values
    specified as a subtype. The following table lists events and
    their related subtypes. After SUBTYPE, enter the subtypes as they
    appear in the list-for example, SUBTYPE=ALARM_STATE. (In other
    words, do not enter a prefix.)

    Symbols for Event Types
    and Subtypes              Meaning

    NSA$C_MSG_AUDIT           Systemwide change to auditing
          ALARM_STATE         Events enabled as alarms
          AUDIT_DISABLED      Audit events disabled
          AUDIT_ENABLED       Audit events enabled
          AUDIT_INITIATE      Audit server startup
          AUDIT_LOG_FIRST     First entry in audit log (backward
                              link)
          AUDIT_LOG_FINAL     Final entry in audit log (forward link)
          AUDIT_STATE         Events enabled as audits
          AUDIT_TERMINATE     Audit server shutdown
          SNAPSHOT_ABORT*     System snapshot attempt has aborted
          SNAPSHOT_ACCESS*    Snapshot file access/deaccess
          SNAPSHOT_SAVE*      System snapshot save in progress
          SNAPSHOT_STARTUP*   System booted from a snapshot file

          * Obsolete as of OpenVMS Version 7.1

    NSA$C_MSG_BREAKIN         Break-in attempt detected
          BATCH               Batch process
          DETACHED            Detached process
          DIALUP              Dialup interactive process
          LOCAL               Local interactive process
          NETWORK             Network server task
          REMOTE              Interactive process from another
                              network node
          SUBPROCESS          Subprocess

    NSA$C_MSG_CONNECTION      Logical link connection or termination
          CNX_ABORT           Connection aborted
          CNX_ACCEPT          Connection accepted
          CNX_DECNET_CREATE   DECnet logical link created
          CNX_DECNET_DELETE   DECnet logical link disconnected
          CNX_DISCONNECT      Connection disconnected
          CNX_INC_ABORT       Incoming connection request aborted
          CNX_INC_ACCEPT      Incoming connection request accepted
          CNX_INC_DISCONNECT  Incoming connection disconnected
          CNX_INC_REJECT      Incoming connection request rejected
          CNX_INC_REQUEST     Incoming connection request
          CNX_IPC_CLOSE       Interprocess communication association
                              closed
          CNX_IPC_OPEN        Interprocess communication association
                              opened
          CNX_REJECT          Connection rejected
          CNX_REQUEST         Connection requested

    NSA$C_MSG_INSTALL         Use of the Install utility (INSTALL)
          INSTALL_ADD         Known image installed
          INSTALL_REMOVE      Known image deleted

    NSA$C_MSG_LOGFAIL         Login failure
          See subtypes for
               NSA$C_MSG_BREAKIN

    NSA$C_MSG_LOGIN           Successful login
          See subtypes for
               NSA$C_MSG_BREAKIN

    NSA$C_MSG_LOGOUT          Successful logout
          See subtypes for
               NSA$C_MSG_BREAKIN

    NSA$C_MSG_MOUNT           Volume mount or dismount
          VOL_DISMOUNT        Volume dismount
          VOL_MOUNT           Volume mount

    NSA$C_MSG_NCP             Modification to network configuration
                              database
          NCP_COMMAND         Network Control Program (NCP) command
                              issued

    NSA$C_MSG_NETPROXY        Modification to network proxy database
          NETPROXY_ADD        Record added to network proxy
                              authorization file
          NETPROXY_DELETE     Record removed from network proxy
                              authorization file
          NETPROXY_MODIFY     Record modified in network proxy
                              authorization file

    NSA$C_MSG_OBJ_ACCESS      Object access attempted
          OBJ_ACCESS          Access attempted to create, delete, or
                              deaccess an object

    NSA$C_MSG_OBJ_CREATE      Object creation attempted
          OBJ_CREATE          Access attempted to create an object

    NSA$C_MSG_OBJ_DEACCESS    Object deaccessed
          OBJ_DEACCESS        Attempt to complete access to an object

    NSA$C_MSG_OBJ_DELETE      Object deletion attempted
          OBJ_DELETE          Object deletion attempted

    NSA$C_MSG_PROCESS         Process controlled through a system
                              service
          PRC_CANWAK          Process wakeup canceled
          PRC_CREPRC          Process created
          PRC_DELPRC          Process deleted
          PRC_FORCEX          Process exit forced
          PRC_GETJPI          Process information gathered
          PRC_GRANTID         Process identifier granted
          PRC_RESUME          Process resumed
          PRC_REVOKID         Process identifier revoked
          PRC_SCHDWK          Process wakeup scheduled
          PRC_SETPRI          Process priority altered
          PRC_SIGPRC          Process exception issued
          PRC_SUSPND          Process suspended
          PRC_TERM            Process termination notification
                              requested
          PRC_WAKE            Process wakeup issued

    NSA$C_MSG_PRVAUD          Use of privilege
          PRVAUD_FAILURE      Unsuccessful use of privilege
          PRVAUD_SUCCESS      Successful use of privilege

    NSA$C_MSG_RIGHTSDB        Modification to the rights database
          RDB_ADD_ID          Identifier added to rights database
          RDB_CREATE          Rights database created
          RDB_GRANT_ID        Identifier granted to user
          RDB_MOD_HOLDER      List of identifier holders modified
          RDB_MOD_ID          Identifier name or attributes modified
          RDB_REM_ID          Identifier removed from rights database
          RDB_REVOKE_ID       Identifier taken away from user

    NSA$C_MSG_SYSGEN          Use of the System Generation utility
                              (SYSGEN)
          SYSGEN_SET          System parameter modified

    NSA$C_MSG_SYSTIME         Modification to system time
          SYSTIM_SET          System time set
          SYSTIM_CAL          System time calibrated

    NSA$C_MSG_SYSUAF          Modification to system user
                              authorization file (SYSUAF)
          SYSUAF_ADD          Record added to system user
                              authorization file
          SYSUAF_COPY         Record added to system user
                              authorization file
          SYSUAF_DELETE       Record deleted from system user
                              authorization file
          SYSUAF_MODIFY       Record modified in system user
                              authorization file
          SYSUAF_RENAME       Record renamed in system user
                              authorization file

1.11.53  –  SYSTEM

    SYSTEM=keyword(,...)

    Specifies the characteristics of the system to be used when
    selecting event records. Choose from the following keywords:

    IDENTIFICATION=value   Specifies the numeric identification of
                           the system.
    NAME=nodename          Specifies the node name of the system.

1.11.54  –  SYSTEM_SERVICE_NAME

    SYSTEM_SERVICE_NAME=(service-name,...)

    Specifies the name of the system service associated with the
    event.

1.11.55  –  TARGET_DEVICE_NAME

    TARGET_DEVICE_NAME=(device-name,...)

    Specifies the target device name used by a process control system
    service.

1.11.56  –  TARGET_PROCESS_IDENTIFICATION

    TARGET_PROCESS_IDENTIFICATION=(value,...)

    Specifies the target process identifier (PID) used by a process
    control system service.

1.11.57  –  TARGET_PROCESS_NAME

    TARGET_PROCESS_NAME=(process-name,...)

    Specifies the target process name used by a process control
    system service.

1.11.58  –  TARGET_PROCESS_OWNER

    TARGET_PROCESS_OWNER=(uic,...)

    Specifies the target process owner (UIC) used by a process
    control system service.

1.11.59  –  TARGET_USERNAME

    TARGET_USERNAME=(username,...)

    Specifies the target user name used by a process control system
    service.

1.11.60  –  TERMINAL

    TERMINAL=(device-name,...)

    Specifies the name of the terminal to be used when selecting
    event records. You can represent all or part of the terminal name
    with a wildcard.

1.11.61  –  TRANSPORT_NAME

    TRANSPORT_NAME=(transport-name,...)

    Specifies the name of the transport: interprocess communication
    (IPC) or System Management Integrator (SMI), which handles
    requests from the System Management utility.

    On VAX systems, it also can specify the DECnet transport name
    (NSP).

1.11.62  –  UAF_SOURCE

    UAF_SOURCE=(record-name,...)

    Specifies the user name of the source record for an Authorize
    utility (AUTHORIZE) add, modify, or delete operation.

1.11.63  –  USERNAME

    USERNAME=(username,...)

    Specifies the user name to be used when selecting event records.
    You can represent all or part of the user name with a wildcard.

1.11.64  –  VOLUME_NAME

    VOLUME_NAME=(volume-name,...)

    Specifies the name of the mounted (or dismounted) volume to be
    used when selecting event records. You can represent all or part
    of the volume name with a wildcard.

1.11.65  –  VOLUME_SET_NAME

    VOLUME_SET_NAME=(volume-set-name,...)

    Specifies the name of the mounted (or dismounted) volume set to
    be used when selecting event records. You can represent all or
    part of the volume set name with a wildcard.

1.11.66  –  Examples

    1.$ ANALYZE/AUDIT /FULL/SELECT=USERNAME=JOHNSON -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects all records written to the
      security audit log file that were generated by user JOHNSON.

    2.$ ANALYZE/AUDIT/FULL/SELECT=PRIVILEGES_USED=(SYSPRV,-
      _$ BYPASS)  SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects all records written to the
      security audit log file that were generated by events through
      the use of either SYSPRV or BYPASS privilege.

1.12    /SINCE

    Indicates the utility must operate on records dated with the
    specified time or after the specified time.

    Format

      /SINCE[=time]

      /NOSINCE

    time

    Specifies the time used to select records. Records dated the
    same or later than the specified time are selected. You can
    specify an absolute time, a delta time, or a combination of the
    two. Observe the syntax rules for date and time described in the
    OpenVMS User's Manual.

    If you specify /SINCE without the time, the utility uses the
    beginning of the current day.

1.12.1  –  Examples

    1.$ ANALYZE/AUDIT /SINCE=25-NOV-2005 -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects records dated later than
      November 25, 2005.

    2.$ ANALYZE/AUDIT /SINCE=25-NOV-2005:15:00 -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example selects records written after 3
      P.M. on November 25, 2005.

1.13    /SUMMARY

    Specifies that a summary of the selected records be produced
    after all records are processed.

    Note that the /SUMMARY qualifier code is executed after the
    Audit Analyzer is finished, that is, after all the records to be
    analyzed have been collected and processed. When you specify the
    /INTERACTIVE qualifier (which is the default), the Audit Analyzer
    never reaches the finished state because /INTERACTIVE prompts you
    repeatedly to enter another command (which might result in a new
    set of records to be analyzed).

    To use the /SUMMARY qualifier, you must also specify
    /NOINTERACTIVE, which ensures that the Audit Analyzer reaches
    the finished state that allows the SUMMARY code to be executed
    and to display the proper information. In a future version of
    OpenVMS, the Audit Analyzer will return an error when /SUMMARY
    and /INTERACTIVE are specified together.

    You can use the /SUMMARY qualifier alone or in combination with
    the /BRIEF, the /BINARY, or the /FULL qualifier.

    Format

      /SUMMARY=presentation

      /NOSUMMARY

    presentation

    Specifies the presentation of the summary. If you do not specify
    a presentation criterion, ANALYZE/AUDIT summarizes the number of
    audits.

    You can specify either of the following presentations:

    COUNT

    Lists the total number of audit messages for each class of
    security event that have been extracted from the security audit
    log file. This is the default.

    PLOT

    Displays a plot showing the class of the audit event, the time
    of day when the audit was generated, and the name of the system
    where the audit was generated.

1.13.1  –  Examples

    1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example generates a summary report of all
      records processed.

        Total records read:        9701          Records selected:          9701
        Record buffer size:        1031
        Successful logins:          542          Object creates:            1278
        Successful logouts:         531          Object accesses:           3761
        Login failures:              35          Object deaccesses:         2901
        Breakin attempts:             2          Object deletes:             301
        System UAF changes:          10          Volume (dis)mounts:          50
        Rights db changes:            8          System time changes:          0
        Netproxy changes:             5          Server messages:              0
        Audit changes:                7          Connections:                  0
        Installed db changes:        50          Process control audits:       0
        Sysgen changes:               9          Privilege audits:            91
        NCP command lines:          120

    2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example generates a full format listing
      of all logged audit messages that match the break-in or log
      failure event classes. A summary report is included at the end
      of the listing.

    3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      This command generates a histogram that you can display on a
      character-cell terminal.

2    /CRASH_DUMP

    Invokes SDA to analyze the specified dump file.

    Format:

      /CRASH_DUMP [filespec]

    filespec

    Name of the file that contains the dump you want to analyze.
    If no filespec is given on an ANALYZE/CRASH_DUMP command,
    the default is the highest version of SYS$SYSTEM:SYSDUMP.DMP.
    If this file does not exist, SDA prompts you for a file name.
    If any field of filespec is given, the remaining fields default
    to the highest version of SYSDUMP.DMP in your default directory.

2.1    /COLLECTION

    Valid for Alpha and Integrity server systems only.

    Indicates to SDA that the file ID translation data or unwind data
    is to be found in a separate file.

    Format:

    /COLLECTION = collection-file-name

    collection-file-name

    You must specify at least one field of the collection file name.
    Other fields default to the highest generation of the same filename
    and location as the dump file, with a file type of .COLLECT.

    For details, refer to the VSI OpenVMS System Analysis Tools Manual.

2.2    /OVERRIDE

    Valid for Alpha and Integrity server systems only.

    Invokes SDA to analyze only the structure of the specified
    dump file when a corruption or other problem prevents
    normal invocation of SDA with the ANALYZE/CRASH_DUMP command.

    Format:

      /CRASH_DUMP/OVERRIDE [filespec]

    Commands that can be used when SDA is invoked with /OVERRIDE are
    as follows:

    o  Output control commands such as SET OUTPUT and SET LOG
    o  Dump file related commands such as SHOW DUMP and CLUE ERRLOG

    You cannot use commands that access memory addresses within the
    dump file such as EXAMINE and SHOW SUMMARY

2.2.1  –  Examples

   $ ANALYZE/CRASH_DUMP/OVERRIDE SYS$SYSTEM:SYSDUMP.DMP
   $ ANALYZE/CRASH/OVERRIDE SYS$SYSTEM

       These commands invoke SDA to analyze the crash dump stored in
       SYS$SYSTEM:SYSDUMP.DMP.

2.3    /RELEASE

    Invokes SDA to release those blocks in the specified system
    paging file occupied by a crash dump.

    Requires CMKRNL (change-mode-to-kernel) privilege.

    Format:

      /CRASH_DUMP/RELEASE  filespec

    Use the /RELEASE qualifier to release from the system paging file
    those blocks occupied by a crash dump. Be aware that when you use
    the /RELEASE qualifier, SDA immediately deletes the dump from the
    paging file and allows you no opportunity to analyze its contents.

    When you specify the /RELEASE qualifier in the ANALYZE
    command, include the name of the system paging file
    (SYS$SYSTEM:PAGEFILE.SYS) as the filespec.

    If you do not specify the system paging file or the specified
    paging file does not contain a dump, SDA displays one of the
    following messages:

    %SDA-E-BLKSNRLSD, no dump blocks in page file to release,
                      or no page file
    %SDA-E-NOTPAGFIL, specified file is not the page file

2.3.1  –  Examples

  $ ANALYZE/CRASH_DUMP/RELEASE SYS$SYSTEM:PAGEFILE.SYS
  $ ANALYZE/CRASH_DUMP/RELEASE PAGEFILE.SYS

      These commands invoke SDA to release to the page file those
      blocks in SYS$SYSTEM:PAGEFILE.SYS occupied by a crash dump.

2.4    /SHADOW_MEMBER

    Valid for Alpha and Integrity server systems only.

    Specifies which member of a shadow set contains the system dump
    to be analyzed, or allows the user to determine what system dumps
    have been written to the members of the shadow set.

    Format:

    /CRASH_DUMP/SHADOW_MEMBER [filespec]

2.5    /SYMBOL

    Specifies an alternate system symbol table for SDA to use, for
    example, if you want to analyze a crash dump taken on a processor
    running a different version of OpenVMS.

    /SYMBOL is ignored if it is specified with /OVERRIDE or /RELEASE.

    Format:

      /SYMBOL = system-symbol-table

    system-symbol-table

    The file specification of the SDA system symbol table required
    by SDA to analyze a system dump. The specified system-symbol-table
    must contain those symbols required by SDA to find certain
    locations in the executive image.

    If you do not specify the /SYMBOL qualifier, SDA uses
    SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols into the
    SDA symbol table. When you specify the /SYMBOL qualifier,
    SDA assumes the default disk and directory to be SYS$DISK:[ ],
    that is, the disk and directory specified in your last DCL command
    SET DEFAULT. If you specify a file for this parameter that is
    not a system symbol table, SDA exits with a fatal error.

2.5.1  –  Examples

    $ ANALYZE/CRASH_DUMP/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM

        This command invokes SDA to analyze the crash dump stored in
        SYS$SYSTEM:SYSDUMP.DMP, using the base image in SDA$READ_DIR.

3    /DISK_STRUCTURE

    The Analyze/Disk_Structure utility checks the readability and
    validity of Files-11 Structure Levels 1, 2, and 5 disk volumes,
    and reports errors and inconsistencies. You can detect most
    classes of errors by invoking the utility once and using its
    defaults.

    Format

      ANALYZE/DISK_STRUCTURE  device-name:[/qualifier]

3.1  –  Parameter

 device-name

    Specifies the disk volume or volume set to be verified. If you
    specify a volume set, all volumes of the volume set must be
    mounted as Files-11 volumes. For information about the Mount
    utility, refer to the OpenVMS System Management Utilities
    Reference Manual.

3.2  –  Qualifiers

    Qualifier          Description

    /CONFIRM           Determines whether ANALYZE/DISK_STRUCTURE
                       prompts you to confirm each repair

    /HOMEBLOCKS        Erases damaged home blocks on an initialized
                       volume

    /LIST[=filespec]   Determines whether ANALYZE/DISK_STRUCTURE
                       produces a listing of the index file

    /LOCK_VOLUME       (Alpha/I64 only) Prevents updates to a
                       volume while you are analyzing it

    /OUTPUT[=filespec] Specifies the output file to which
                       ANALYZE/DISK_STRUCTURE writes the disk
                       structure errors

    /READ_CHECK        Determines whether ANALYZE/DISK_STRUCTURE
                       performs a read check of all allocated blocks
                       on the specified disk

    /RECORD_           Determines whether ANALYZE/DISK_STRUCTURE
    ATTRIBUTES         repairs files containing erroneous settings
                       in the record attributes section of their
                       associated file attribute block (FAT)

    /REPAIR            Determines whether ANALYZE/DISK_STRUCTURE
                       repairs errors that are detected in the file
                       structure of the specified device

    /SHADOW            Causes the entire contents of a shadow set or
                       a specified range of blocks in a shadow set to
                       be checked for discrepancies.

    /STATISTICS        Produces statistical information about the
                       volume under verification and creates a
                       file, STATS.DAT, which contains per-volume
                       statistics

    /USAGE[=filespec]  Specifies that a disk usage accounting file
                       should be produced, in addition to the other
                       specified functions of ANALYZE/DISK_STRUCTURE

3.3    /CONFIRM

    Determines whether the Analyze/Disk_Structure utility prompts you
    to confirm each repair. If you respond with Y or YES, the utility
    performs the repair. Otherwise, the repair is not performed.

    Format

      /CONFIRM

      /NOCONFIRM

3.4    /HOMEBLOCKS

    Erases home blocks from a volume whose home blocks were not
    deleted during previous initialization operations.

    Format

      /HOMEBLOCKS

3.5    /LIST

    Determines whether the Analyze/Disk_Structure utility produces a
    listing of the index file.

    Format

      /LIST[=filespec]

      /NOLIST

3.6    /LOCK_VOLUME

    Prevents updates to a volume while you are analyzing it.

    Format

      /LOCK_VOLUME

      /NOLOCK_VOLUME

3.7    /OUTPUT

    Specifies the output file to which the Analyze/Disk_Structure
    utility is to write the disk structure errors.

    Format

      /OUTPUT[=filespec]

      /NOOUTPUT[=filespec]

3.8    /READ_CHECK

    Determines whether the Analyze/Disk_Structure utility performs
    a read check of all allocated blocks on the specified disk.
    When the Analyze/Disk_Structure utility performs a read check,
    it reads the disk twice; this ensures that it reads the disk
    correctly. The default is /NOREAD_CHECK.

    Format

      /READ_CHECK

      /NOREAD_CHECK

3.9    /RECORD_ATTRIBUTES

    Determines whether the Analyze/Disk_Structure utility repairs
    files containing erroneous settings in the record attributes
    section of their associated file attribute block (FAT).

    Format

      /RECORD_ATTRIBUTES

3.10    /REPAIR

    Determines whether the Analyze/Disk_Structure utility repairs
    errors that are detected in the file structure of the specified
    device.

    Format

      /REPAIR

      /NOREPAIR

3.11    /SHADOW

    Examines the entire contents of a shadow set or a specified range
    of blocks in a shadow set for discrepancies.

    Format

      /SHADOW

3.11.1  –  Qualifiers

3.11.1.1    /BLOCKS

       /BLOCKS={(START:n, COUNT:x, END:y,) FILE_SYSTEM, ALL}

    Directs the system to compare only the range specified. The
    options are the following:

    START:n     Number of the first block to be analyzed. The default
                is the first block.

    COUNT:x     Number of blocks to be analyzed. You can use this
                option in combination with or instead of the END
                option.

    END:y       Number of the last block to be analyzed. The default
                is the last block of the volume.

    FILE_       Blocks currently in use by valid files on the disk.
    SYSTEM      This is the default.

    ALL         All blocks on the disk.

    You can specify START,END,COUNT and either ALL or FILE_SYSTEM.
    For example, if you specify /BLOCKS=(START,END,COUNT:100,ALL),
    the software checks the first 100 blocks on the disk, whether or
    not the file system is using them.

    If you specify /BLOCKS=(START,END,COUNT:100,FILE_SYSTEM), the
    software checks only those blocks that valid files on the disk
    are using.

3.11.1.2    /BRIEF

    Displays only the logical block number (LBN) if the data in
    a block is found to be different. Without this qualifier, if
    differences exist for an LBN, the hexadecimal data of that block
    will be displayed for each member.

3.11.1.3    /IGNORE

       /IGNORE
       [NO]IGNORE

    Ignore "special" files that are likely to have some blocks with
    different data. These differences, however, are not unusual and
    can, therefore, be ignored.

    Other special files are the following:

       SWAPFILE*.*
       PAGEFILE*.*
       SYSDUMP.DMP
       SYS$ERRLOG.DMP

    IGNORE is the default.

3.11.1.4    /OUTPUT

       /OUTPUT=filename

    Output the information to the specified file.

3.11.1.5    /STATISTICS

    Display only the file header and footer. The best use of this
    qualifier is with the /OUTPUT qualifier.

3.12    /STATISTICS

    Produces statistical information about the volume under
    verification and creates a file, STATS.DAT, which contains per-
    volume statistics.

    Format

      /STATISTICS

3.13    /USAGE

    Specifies that a disk usage accounting file should be produced,
    in addition to the other specified functions of the Analyze/Disk_
    Structure utility.

    Format

      /USAGE[=filespec]

4    /ERROR_LOG

    You must specify /ERROR_LOG/ELV to access the Error Log Viewer
    (ELV). This utility is used with error logs written on systems
    running OpenVMS Version 7.3 and later.

    /ERROR_LOG (without /ELV) invokes the Error Log Report Formatter
    (ERF), a utility that is no longer supported, but which may be
    useful for error logs written on systems running OpenVMS versions
    older than Version 7.2. (It is available only on Alpha and VAX
    systems.) For documentation about ERF, refer to the Freeware
    website:

             http://h71000.www7.hp.com/openvms/freeware/

    Before using ERF, you must convert error log files using ELV or the
    Binary Error Log Translation utility, which is part of DECevent.
    DECevent is no longer supported, but those who need it can download
    the software and related documentation from the Freeware website:

             http://h71000.www7.hp.com/openvms/freeware/

4.1    /ELV

    Valid for Alpha and I64 systems only.

    Invokes the Error Log Viewer (ELV) to selectively report the
    contents of an error log file.

    You can execute ELV commands directly from DCL command level or
    from ELV's interactive shell mode.

    To invoke ELV, enter the following command:

    $ ANALYZE/ERROR_LOG/ELV

    The utility enters interactive shell mode and displays the ELV
    prompt:

    ELV>

    You can then enter an ELV command. After ELV executes the
    command, it again displays the ELV> prompt. To return directly
    to DCL, use the /NOINTERACTIVE qualifier.

    You can also enter an ELV command directly from DCL; for example:

    $ ANALYZE/ERROR_LOG/ELV TRANSLATE ERRLOG.SYS;42

    After ELV executes the command, you are returned to the DCL
    prompt by default.

    To enter interactive shell mode after executing the command, use
    the /INTERACTIVE qualifier.

4.1.1  –  Categories of Events

    ELV recognizes several categories of events for inclusion in (or
    exclusion from) various operations. The first major separation
    is between valid and invalid events. Then, within the category
    of valid events are selected and rejected events. Explanations of
    these categories follow.

    o  Valid
       Valid events can be read into an internal buffer; also, bit-
       to-text translation data can be produced for the header.
       For an event to be valid, the event body does not need
       to be translatable; in this case, the event is valid but
       untranslatable.

       -  Selected
          A selected event is one that is of particular interest
          to you. You select events by using a selection qualifier:
          /ENTRY, /INCLUDE, /NODE, /SINCE, and /BEFORE. The events
          that are selected according to the selection criteria are
          included in or excluded from a report.

       -  Rejected
          A rejected event is one that is not included in a report
          because the command line specifies one of the following:

          *  An interval: /ENTRY, /SINCE, or /BEFORE

          *  A filter: /INCLUDE, /EXCLUDE, /NODE, or /NONODE

          You can use the /REJECTED qualifier to include rejected
          events in a report. (By default, only selected events are
          included in a report.)

    o  Invalid
       An invalid event is one that cannot be read into an internal
       buffer or whose header cannot be translated. You can use the
       ELV command DUMP/INVALID to output invalid events to an output
       dump file for further examination.

4.1.2  –  CONVERT

    Converts an error log file written in the newer format to an
    error log file written in the older format (that is read by
    ANALYZE/ERROR_LOG). This command is primarily used to enable
    translation of older error log events whose translation is not
    supported by ELV.

    Format

      CONVERT  [input-file,...]

4.1.2.1  –  Parameter

 input-file

    Supplies one or more names of binary error log files to be
    converted to the older format.

    If you do not specify an input file name, the default input file
    name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
    and directory, the system defaults to your current device and
    directory. If you do not specify a file name, the default file
    name is ERRLOG. If you do not specify a file type, the default
    file type is .SYS.

4.1.2.2  –  Qualifiers

4.1.2.2.1    /BEFORE

       /BEFORE=date-time

    Specifies that only those events dated earlier than the stated
    date and time are to be selected for the report.

    Date-time specifies that only those events dated earlier than
    the stated date and time are to be selected for the report. You
    can specify an absolute time, a delta time, or a combination of
    absolute and delta times. See the OpenVMS System Manager's Manual
    for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.2.2.2    /ENTRY

       /ENTRY=keyword[,...]

    Generates a report that includes the specified entry range or
    starts at the specified entry number.

    You can specify one or both keywords:

    Keyword               Description

    START:decimal-value   Indicates the start of a range of entries
                          in a report.

    END:decimal-value     Indicates the end of a range of entries
                          in a report.

    Usage Notes:

    o  You can specify one or both of these parameters. If you
       specify both parameters, you must enclose them in parentheses.

    o  If you specify /ENTRY without the entry range or omit the
       qualifier, the entry range defaults to START:1,END:end-of-
       file.

4.1.2.2.3    /EXCLUDE

       /EXCLUDE=event-class[,...]

    Excludes the specified event class or classes from the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Exclude device attention entries from the report.

    BUGCHECKS      Exclude all types of bugcheck entries from the
                   report.

    CONFIGURATION  Exclude system configuration entries from the
                   report.

    CONTROL_       Exclude control entries from the report. Control
    ENTRIES        entries include the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                   entries include the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Exclude device error entries from the report.
    ERRORS

    ENVIRONMENTAL_ Exclude environmental entries from the report.
    ENTRIES

    MACHINE_       Exclude machine check entries from the report.
    CHECKS

    MEMORY         Exclude memory errors from the report.

    SNAPSHOT_      Exclude snapshot entries from the report.
    ENTRIES

    SYNDROME       Exclude firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Exclude device timeout entries from the report.

    UNKNOWN_       Exclude any entry that had either an unknown entry
    ENTRIES        type or an unknown device type or class.

    UNSOLICITED_   Exclude unsolicited MSCP entries from the output
    MSCP           report.

    VOLUME_        Exclude volume mount and dismount entries from the
    CHANGES        report.

4.1.2.2.4    /INCLUDE

       /INCLUDE=event-class[,...]

    Includes the specified event class or classes in the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Select device attention entries.

    BUGCHECKS      Select all types of bugcheck entries.

    CONFIGURATION  Select system configuration entries.

    CONTROL_       Select control entries. Control entries include
    ENTRIES        the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Select CPU-related entries. CPU entries include
                   the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Select device error entries.
    ERRORS

    ENVIRONMENTAL_ Select environmental entries.
    ENTRIES

    MACHINE_       Select machine check entries.
    CHECKS

    MEMORY         Select memory errors.

    SNAPSHOT_      Select snapshot entries.
    ENTRIES

    SYNDROME       Select firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Select device timeout entries.

    UNKNOWN_       Select any entry that has an unknown entry
    ENTRIES        class.

    UNSOLICITED_   Select unsolicited MSCP entries.
    MSCP

    VOLUME_        Select volume mount and dismount entries.
    CHANGES

4.1.2.2.5    /INTERACTIVE

       /INTERACTIVE
       /[NO]INTERACTIVE

    Specifies whether or not ELV is to run in interactive shell mode.
    By default, interactive shell mode results from the way ELV is
    invoked.

4.1.2.2.6    /LOG

       /LOG
       /NOLOG

    Specifies whether or not ELV is to output control and
    informational messages to the terminal. The default, /NOLOG,
    does not output these messages to the terminal.

4.1.2.2.7    /NODE

       /NODE=[node-name,...]
       /NONODE=[node-name,...]

    Includes or excludes events occurring on a specified node or
    nodes from a report.

    If you do not enter a node name, only events that occur on
    the node on which you are running ELV are selected. (This is
    important in a cluster.)

    If you enter /NONODE without a value, events occurring on all
    nodes that are represented in the error log file are processed.

4.1.2.2.8    /OUTPUT

       /OUTPUT=[output-file]

    Specifies the output file to contain converted copies of events
    chosen with interval and filter qualifiers.

    If you do not specify an output file name, the input file name
    is used. If you do not specify a device and directory, the system
    defaults to your current device and directory. If you do not
    specify a file type, the default file type is .CVT.

4.1.2.2.9    /REJECTED

    You can use the /REJECTED qualifier to include rejected events
    in a report. (By default, only selected events are included in a
    report.)

4.1.2.2.10    /SINCE

       /SINCE=[date-time]

    Specifies that only those events dated later than the stated date
    and time are to be selected for the report.

    You can use date-time to limit the report to those events dated
    later than the specified time. You can specify an absolute time,
    a delta time, or a combination of absolute and delta times. See
    the OpenVMS User's Manual for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.2.3  –  Examples

    1.ELV> CONVERT ERROR_LOG.SYS

      The command in this example converts events in ERROR_LOG.SYS to
      the older format and writes them to ERROR_LOG.CVT.

    2.ELV> CONVERT/OUTPUT

      The command in this example converts events in the default file
      ERRLOG.SYS to the older format and writes them to ERRLOG.CVT.

    3.ELV> CONVERT/OUTPUT=OUTFILE.OUT

      The command in this example converts events in the default file
      ERRLOG.SYS to the older format and writes them to OUTFILE.OUT.

4.1.3  –  DUMP

    Allows you to specify the name of a file to contain an OpenVMS
    dump-style record for each event.

    If you do not specify an output file name, the input file name
    is used. If you do not specify a device and directory, the system
    defaults to your current device and directory. If you do not
    specify a file type, the default file type is .DMP.

    Format

      DUMP  [input-file,...]

4.1.3.1  –  Parameter

 input-file

    Supplies one or more names of binary error log files to be used
    to produce an output dump file.

    If you do not specify an input file name, the default input file
    name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
    and directory, the system defaults to your current device and
    directory. If you do not specify a file name, the default file
    name is ERRLOG. If you do not specify a file type, the default
    file type is .SYS.

4.1.3.2  –  Qualifiers

4.1.3.2.1    /BEFORE

       /BEFORE=date-time

    Specifies that only those events dated earlier than the stated
    date and time are to be selected for the report.

    Date-time specifies that only those events dated earlier than
    the stated date and time are to be selected for the report. You
    can specify an absolute time, a delta time, or a combination of
    absolute and delta times. See the OpenVMS System Manager's Manual
    for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.3.2.2    /ENTRY

       /ENTRY=keyword[,...]

    Generates a report that includes the specified entry range or
    starts at the specified entry number.

    You can specify one or both keywords:

    Keyword               Description

    START:decimal-value   Indicates the start of a range of entries
                          in a report.

    END:decimal-value     Indicates the end of a range of entries
                          in a report.

    Usage Notes:

    o  You can specify one or both of these parameters. If you
       specify both parameters, you must enclose them in parentheses.

    o  If you specify /ENTRY without the entry range or omit the
       qualifier, the entry range defaults to START:1,END:end-of-
       file.

4.1.3.2.3    /EXCLUDE

       /EXCLUDE=event-class[,...]

    Excludes the specified event class or classes from the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Exclude device attention entries from the report.

    BUGCHECKS      Exclude all types of bugcheck entries from the
                   report.

    CONFIGURATION  Exclude system configuration entries from the
                   report.

    CONTROL_       Exclude control entries from the report. Control
    ENTRIES        entries include the following event types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                   entries include the following event types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Exclude device error entries from the report.
    ERRORS

    ENVIRONMENTAL_ Exclude environmental entries from the report.
    ENTRIES

    MACHINE_       Exclude machine check entries from the report.
    CHECKS

    MEMORY         Exclude memory errors from the report.

    SNAPSHOT_      Exclude snapshot entries from the report.
    ENTRIES

    SYNDROME       Exclude firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Exclude device timeout entries from the report.

    UNKNOWN_       Exclude any entry that had either an unknown event
    ENTRIES        type or an unknown device type or class.

    UNSOLICITED_   Exclude unsolicited MSCP entries from the output
    MSCP           report.

    VOLUME_        Exclude volume mount and dismount entries from the
    CHANGES        report.

4.1.3.2.4    /INCLUDE

       /INCLUDE=event-class[,...]

    Includes the specified event class or classes in the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Select device attention entries.

    BUGCHECKS      Select all types of bugcheck entries.

    CONFIGURATION  Select system configuration entries.

    CONTROL_       Select control entries. Control entries include
    ENTRIES        the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Select CPU-related entries. CPU entries include
                   the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Select device error entries.
    ERRORS

    ENVIRONMENTAL_ Select environmental entries.
    ENTRIES

    MACHINE_       Select machine check entries.
    CHECKS

    MEMORY         Select memory errors.

    SNAPSHOT_      Select snapshot entries.
    ENTRIES

    SYNDROME       Select firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Select device timeout entries.

    UNKNOWN_       Select any entry that has an unknown entry
    ENTRIES        class.

    UNSOLICITED_   Select unsolicited MSCP entries.
    MSCP

    VOLUME_        Select volume mount and dismount entries.
    CHANGES

4.1.3.2.5    /INTERACTIVE

       /INTERACTIVE
       /[NO]INTERACTIVE

    Specifies whether or not ELV is to run in interactive shell mode.
    By default, interactive shell mode results from the way ELV is
    invoked.

4.1.3.2.6    /INVALID

    Allows you to specify the name of a file to contain invalid
    entries.

4.1.3.2.7    /LOG

       /LOG
       /NOLOG

    Specifies whether or not ELV is to output control and
    informational messages to the terminal. The default, /NOLOG,
    does not output these messages to the terminal.

4.1.3.2.8    /NODE

       /NODE=[node-name,...]
       /NONODE=[node-name,...]

    Includes or excludes events occurring on a specified node or
    nodes from a report.

    If you do not enter a node name, only events that occur on
    the node on which you are running ELV are selected. (This is
    important in a cluster.)

    If you enter /NONODE without a value, events occurring on all
    nodes that are represented in the error log file are processed.

4.1.3.2.9    /OUTPUT

       /OUTPUT=[output-file]

    Specifies that the output file is to contain OpenVMS dump-style
    records for each event.

    If you do not specify an output file name, the input file name
    is used. If you do not specify a device and directory, the system
    defaults to your current device and directory. If you do not
    specify a file type, the default file type is .DMP.

4.1.3.2.10    /REJECTED

    You can use the /REJECTED qualifier to include rejected events
    in a report. (By default, only selected events are included in a
    report.)

4.1.3.2.11    /SINCE

       /SINCE=[date-time]

    Specifies that only those events dated later than the stated date
    and time are to be selected for the report.

    You can use date-time to limit the report to those events dated
    later than the specified time. You can specify an absolute time,
    a delta time, or a combination of absolute and delta times. See
    the OpenVMS User's Manual for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.3.3  –  Examples

    1.ELV> DUMP ERROR_LOG.SYS

      The command in this example creates a dump file named ERROR_
      LOG.DMP that contains OpenVMS dump-style records.

    2.ELV> DUMP/OUTPUT=OUTFILE.OUT

      The command in this example creates a dump file named
      OUTFILE.OUT that contains OpenVMS dump-style records.

    3.ELV> DUMP/INVALID

      The command in this example creates a dump file with the
      default name of ERRLOG.DMP that contains OpenVMS dump-style
      records of invalid events.

    4.ELV> DUMP/INVALID/OUTPUT=OUTFILE.OUT

      The command in this example creates a dump file named
      OUTFILE.OUT that contains OpenVMS dump-style records of invalid
      events.

4.1.4  –  EXIT

    Stops the execution of ELV and returns control to the DCL command
    level. You can also enter Ctrl/Z to perform the same function.

    Format

      EXIT

4.1.4.1  –  Example

  ELV> EXIT
  $

      The command in this example terminates the ELV session and
      returns control to the DCL command level.

4.1.5  –  TRANSLATE

    Performs a bit-to-text translation of one or more binary error
    log files.

    Format

      TRANSLATE  [input-file,...]

4.1.5.1  –  Parameter

 input-file

    Supplies one or more names of binary error log files to be
    translated.

    If you do not specify an input file name, the default input file
    name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
    and directory, the system defaults to your current device and
    directory. If you do not specify a file name, the default file
    name is ERRLOG. If you do not specify a file type, the default
    file type is .SYS.

4.1.5.2  –  Qualifiers

4.1.5.2.1    /BEFORE

       /BEFORE=date-time

    Specifies that only those events dated earlier than the stated
    date and time are to be selected for the report.

    Date-time specifies that only those events dated earlier than
    the stated date and time are to be selected for the report. You
    can specify an absolute time, a delta time, or a combination of
    absolute and delta times. See the OpenVMS System Manager's Manual
    for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.5.2.2    /BRIEF

    Specifies that ELV is to generate a brief report. A brief report
    is equivalent to using /DETAIL=LOW.

    Do not use the /BRIEF qualifier with /DETAIL, /FULL, /ONE_LINE,
    or /SUMMARY.

4.1.5.2.3    /DETAIL

       /DETAIL=[keyword]

    Specifies the detail level of the generated report.

    Do not use the /DETAIL qualifier with /BRIEF, /FULL, /ONE_LINE,
    or /SUMMARY. The keyword denotes the level of detail for the
    generated report. Keywords are the following:

    Keyword    Description

    MINIMUM    Contains only the minimum amount of information.
    LOW        Is the equivalent of a /BRIEF report.
    MEDIUM     Is the default type of report.
    HIGH       Is the equivalent of a /FULL report.
    MAXIMUM    Contains the maximum amount of information.

4.1.5.2.4    /ENTRY

       /ENTRY=keyword[,...]

    Generates a report that includes the specified entry range or
    starts at the specified entry number. You can specify one or
    both keywords:

    Keyword               Description

    START:decimal-value   Indicates the start of a range of entries
                          in a report.

    END:decimal-value     Indicates the end of a range of entries
                          in a report.

    Usage Notes:

    o  You can specify one or both of these parameters. If you
       specify both parameters, you must enclose them in parentheses.

    o  If you specify /ENTRY without the entry range or omit the
       qualifier, the entry range defaults to START:1,END:end-of-
       file.

4.1.5.2.5    /EXCLUDE

       /EXCLUDE=event-class[,...]

    Excludes the specified event class or classes from the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Exclude device attention entries from the report.

    BUGCHECKS      Exclude all types of bugcheck entries from the
                   report.

    CONFIGURATION  Exclude system configuration entries from the
                   report.

    CONTROL_       Exclude control entries from the report. Control
    ENTRIES        entries include the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                   entries include the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Exclude device error entries from the report.
    ERRORS

    ENVIRONMENTAL_ Exclude environmental entries from the report.
    ENTRIES

    MACHINE_       Exclude machine check entries from the report.
    CHECKS

    MEMORY         Exclude memory errors from the report.

    SNAPSHOT_      Exclude snapshot entries from the report.
    ENTRIES

    SYNDROME       Exclude firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Exclude device timeout entries from the report.

    UNKNOWN_       Exclude any entry that had either an unknown entry
    ENTRIES        type or an unknown device type or class.

    UNSOLICITED_   Exclude unsolicited MSCP entries from the output
    MSCP           report.

    VOLUME_        Exclude volume mount and dismount entries from the
    CHANGES        report.

4.1.5.2.6    /FULL

    Specifies that ELV is to generate a full report. A full report is
    equivalent to using /DETAIL=HIGH.

    Do not use the /FULL qualifier with /BRIEF, /DETAIL, ONE_LINE, or
    /SUMMARY.

4.1.5.2.7    /INCLUDE

       /INCLUDE=event-class[,...]

    Includes the specified event class or classes in the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Select device attention entries.

    BUGCHECKS      Select all types of bugcheck entries.

    CONFIGURATION  Select system configuration entries.

    CONTROL_       Select control entries. Control entries include
    ENTRIES        the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Select CPU-related entries. CPU entries include
                   the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Select device error entries.
    ERRORS

    ENVIRONMENTAL_ Select environmental entries.
    ENTRIES

    MACHINE_       Select machine check entries.
    CHECKS

    MEMORY         Select memory errors.

    SNAPSHOT_      Select snapshot entries.
    ENTRIES

    SYNDROME       Select firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Select device timeout entries.

    UNKNOWN_       Select any entry that has an unknown entry
    ENTRIES        class.

    UNSOLICITED_   Select unsolicited MSCP entries.
    MSCP

    VOLUME_        Select volume mount and dismount entries.
    CHANGES

4.1.5.2.8    /INTERACTIVE

       /INTERACTIVE
       /[NO]INTERACTIVE

    Specifies whether or not ELV is to run in interactive shell mode.
    By default, interactive shell mode results from the way ELV is
    invoked.

4.1.5.2.9    /LOG

       /LOG
       /NOLOG

    Specifies whether or not ELV is to output control and
    informational messages to the terminal. The default, /NOLOG,
    does not output these messages to the terminal.

4.1.5.2.10    /NODE

       /NODE=[node-name,...]
       /NONODE=[node-name,...]

    Includes or excludes events occurring on a specified node or
    nodes from a report.

    If you do not enter a node name, only events that occur on
    the node on which you are running ELV are selected. (This is
    important in a cluster.)

    If you enter /NONODE without a value, events occurring on all
    nodes that are represented in the error log file are processed.

4.1.5.2.11    /ONE_LINE

    Specifies that a one-line-per-event report be generated instead
    of a standard report.

    Do not use /ONE_LINE with /BRIEF, /DETAIL, /FULL, or /SUMMARY
    qualifiers.

4.1.5.2.12    /OUTPUT

       /OUTPUT=[output-file]

    Specifies that the output file is to contain a bit-to-text
    translations of events.

    By default, output is written to SYS$OUTPUT. If you do not
    specify an output file name, the input file name is used. If
    you do not specify a device and directory, the system defaults to
    your current device and directory. If you do not specify a file
    type, the default file type is .LIS.

4.1.5.2.13    /PAGE

       /PAGE
       /NOPAGE

    Specifies whether or not to enable paged output of the generated
    report.

4.1.5.2.14    /REJECTED

    You can use the /REJECTED qualifier to include rejected events
    in a report. (By default, only selected events are included in a
    report.)

4.1.5.2.15    /SINCE

       /SINCE=[date-time]

    Specifies that only those events dated later than the stated date
    and time are to be selected for the report.

    You can use date-time to limit the report to those events dated
    later than the specified time. You can specify an absolute time,
    a delta time, or a combination of absolute and delta times. See
    the OpenVMS User's Manual for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.5.2.16    /SUMMARY

    Specifies that a summary report is to be generated rather than a
    standard report.

    Do not use /SUMMARY with /BRIEF, /DETAIL, /FULL, ONE_LINE, or
    /TERSE qualifiers.

4.1.5.2.17    /TERSE

    Specifies that the data is to be displayed in a less interpreted
    format, regardless of detail level.

    /TERSE has no effect when used with ONE_LINE or /SUMMARY. You can
    use /TERSE with /BRIEF, /DETAIL, or /FULL, which use a default
    display. (/ONE_LINE and /SUMMARY do not use the same default
    display.)

4.1.5.3  –  Examples

    1.ELV> TRANSLATE /BEFORE=24-MAY-2002:04:51:33.87 ERRLOG.SYS;42

      For this example, the default report produced for ERRLOG.SYS;42
      contains all entries that were logged before 4:51 on May 24,
      2002.

    2.ELV> TRANSLATE /BRIEF ERRLOG.SYS;42

      The command in this example generates a brief report.

    3.ELV> TRANSLATE /DETAIL=LOW ERRLOG.SYS;42

      The command in this example generates a report with a LOW level
      of detail.

    4.ELV> TRANSLATE /ENTRY=END:18 ERRLOG.SYS;42

      The command in this example shows how to display entries before
      a specified entry in a sequence.

    5.ELV> TRANSLATE /ENTRY=(START:18,END:37) ERRLOG.SYS;42

      The command in this example shows how to display entries within
      a specified entry range.

    6.ELV> TRANSLATE /EXCLUDE=DEVICE_ERRORS ERRLOG.SYS;42

      The command in this example shows how to exclude the DEVICE_
      ERRORS entry type from a report.

    7.ELV> TRANSLATE /FULL ERRLOG.SYS;42

      The command in this example generates a full report.

    8.ELV> TRANSLATE /INCLUDE=(VOLUME_CHANGES, CPU_ENTRIES,
      BUGCHECKS)
      ERRLOG.SYS;42

      The command in this example shows how to select VOLUME_
      CHANGES, CPU_ENTRIES, and BUGCHECKS entry types.

    9.ELV> TRANSLATE /INTERACTIVE ERRLOG.SYS

      The command in this example enables interactive shell mode
      after translating ERRLOG.SYS. (The default, NOINTERACTIVE,
      returns you to the DCL prompt.)

    10. ELV> TRANSLATE /LOG ERRLOG.SYS

      This example shows how to enable the logging of control and
      informational messages.

    11. ELV> TRANSLATE /NONODE=(BEAVIS, BUTTHD) ERRLOG.SYS

      The command in this example generates a report containing all
      events except those occurring on nodes BEAVIS and BUTTHD.

    12. ELV> TRANSLATE /ONE_LINE ERRLOG.SYS

      The command in this example requests ELV to produce a one-line-
      per-event report instead of a standard report.

    13. ELV> TRANSLATE /OUTPUT=ERRLOG.DAT;3 ERRLOG.SYS;42

      This example creates a binary file named ERRLOG.DAT. If a
      version number is specified, as in this example, and a file
      with the same name and version number does not exist, then the
      binary file will be created with the specified version number.

    14. ELV> TRANSLATE /PAGE ERRLOG.SYS

      This example shows how to generate a paged report.

    15. ELV> TRANSLATE /SINCE="24-MAY-2002 04:51:33.87" ERRLOG.SYS;42

      For this example, the default report produced for ERRLOG.SYS;42
      contains all entries that were logged after 4:51 on May 24,
      2002.

    16. ELV> TRANSLATE /SUMMARY ERRLOG.SYS

      This example shows how to generate a summary report.

    17. ELV> TRANSLATE /TERSE ERRLOG.SYS

      This example shows how to generate a terse report.

4.1.6  –  WRITE

    Performs an image copy of events from one or more binary error
    log files.

    Format

      WRITE  [input-file,...]

4.1.6.1  –  Parameter

 input-file

    Supplies one or more names of binary error log files from which
    events are to be copied to a new binary error log file.

    If you do not specify an input file name, the default input file
    name is SYS$ERRORLOG:ERRLOG.SYS. If you do not specify a device
    and directory, the system defaults to your current device and
    directory. If you do not specify a file name, the default file
    name is ERRLOG. If you do not specify a file type, the default
    file type is .SYS.

4.1.6.2  –  Qualifiers

4.1.6.2.1    /BEFORE

       /BEFORE=date-time

    Specifies that only those events dated earlier than the stated
    date and time are to be selected for the report.

    Date-time specifies that only those events dated earlier than
    the stated date and time are to be selected for the report. You
    can specify an absolute time, a delta time, or a combination of
    absolute and delta times. See the OpenVMS System Manager's Manual
    for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.6.2.2    /ENTRY

       /ENTRY=keyword[,...]

    Generates a report that includes the specified entry range or
    starts at the specified entry number. You can specify one or
    both keywords:

    Keyword               Description

    START:decimal-value   Indicates the start of a range of entries
                          in a report.

    END:decimal-value     Indicates the end of a range of entries
                          in a report.

    Usage Notes:

    o  You can specify one or both of these parameters. If you
       specify both parameters, you must enclose them in parentheses.

    o  If you specify /ENTRY without the entry range or omit the
       qualifier, the entry range defaults to START:1,END:end-of-
       file.

4.1.6.2.3    /EXCLUDE

       /EXCLUDE=event-class[,...]

    Excludes the specified event class or classes from the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Exclude device attention entries from the report.

    BUGCHECKS      Exclude all types of bugcheck entries from the
                   report.

    CONFIGURATION  Exclude system configuration entries from the
                   report.

    CONTROL_       Exclude control entries from the report. Control
    ENTRIES        entries include the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Exclude CPU-related entries from the report. CPU
                   entries include the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Exclude device error entries from the report.
    ERRORS

    ENVIRONMENTAL_ Exclude environmental entries from the report.
    ENTRIES

    MACHINE_       Exclude machine check entries from the report.
    CHECKS

    MEMORY         Exclude memory errors from the report.

    SNAPSHOT_      Exclude snapshot entries from the report.
    ENTRIES

    SYNDROME       Exclude firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Exclude device timeout entries from the report.

    UNKNOWN_       Exclude any entry that had either an unknown entry
    ENTRIES        type or an unknown device type or class.

    UNSOLICITED_   Exclude unsolicited MSCP entries from the output
    MSCP           report.

    VOLUME_        Exclude volume mount and dismount entries from the
    CHANGES        report.

4.1.6.2.4    /INCLUDE

       /INCLUDE=event-class[,...]

    Includes the specified event class or classes in the report. Do
    not use the /EXCLUDE qualifier with /INCLUDE.

    For event-class, specify one or more of the keywords shown in the
    following table. If you specify more than one keyword, you must
    use a comma-separated list of values enclosed in parentheses.

    Keyword        Description

    ATTENTIONS     Select device attention entries.

    BUGCHECKS      Select all types of bugcheck entries.

    CONFIGURATION  Select system configuration entries.

    CONTROL_       Select control entries. Control entries include
    ENTRIES        the following entry types:

                   o  System power failure restarts
                   o  Time stamps
                   o  System startups
                   o  $SNDERR messages (system service to send
                      messages to error log)
                   o  Operator messages
                   o  Network messages
                   o  ERRLOG.SYS created

    CPU_ENTRIES    Select CPU-related entries. CPU entries include
                   the following entry types:

                   o  SBI alerts/faults
                   o  Undefined interrupts
                   o  MBA/UBA adapter errors
                   o  Asynchronous write errors
                   o  UBA errors

    DEVICE_        Select device error entries.
    ERRORS

    ENVIRONMENTAL_ Select environmental entries.
    ENTRIES

    MACHINE_       Select machine check entries.
    CHECKS

    MEMORY         Select memory errors.

    SNAPSHOT_      Select snapshot entries.
    ENTRIES

    SYNDROME       Select firmware-generated entries that describe
                   a symptom set used by VSI support personnel to
                   identify problems.

    TIMEOUTS       Select device timeout entries.

    UNKNOWN_       Select any entry that has an unknown entry
    ENTRIES        class.

    UNSOLICITED_   Select unsolicited MSCP entries.
    MSCP

    VOLUME_        Select volume mount and dismount entries.
    CHANGES

4.1.6.2.5    /INTERACTIVE

       /INTERACTIVE
       /[NO]INTERACTIVE

    Specifies whether or not ELV is to run in interactive shell mode.
    By default, interactive shell mode results from the way ELV is
    invoked.

4.1.6.2.6    /LOG

       /LOG
       /NOLOG

    Specifies whether or not ELV is to output control and
    informational messages to the terminal. The default, /NOLOG,
    does not output these messages to the terminal.

4.1.6.2.7    /NODE

       /NODE=[node-name,...]
       /NONODE=[node-name,...]

    Includes or excludes events occurring on a specified node or
    nodes from a report.

    If you do not enter a node name, only events that occur on
    the node on which you are running ELV are selected. (This is
    important in a cluster.)

    If you enter /NONODE without a value, events occurring on all
    nodes that are represented in the error log file are processed.

4.1.6.2.8    /OUTPUT

       /OUTPUT=[output-file]

    Specifies that the output file is to contain image copies of
    events.

    If you do not specify an output file name, the input file name
    is used. If you do not specify a device and directory, the system
    defaults to your current device and directory. If you do not
    specify a file type, the default file type is .DAT.

4.1.6.2.9    /REJECTED

    You can use the /REJECTED qualifier to include rejected events
    in a report. (By default, only selected events are included in a
    report.)

4.1.6.2.10    /SINCE

       /SINCE=[date-time]

    Specifies that only those events dated later than the stated date
    and time are to be selected for the report.

    You can use date-time to limit the report to those events dated
    later than the specified time. You can specify an absolute time,
    a delta time, or a combination of absolute and delta times. See
    the OpenVMS User's Manual for details on specifying times.

    If you omit a date and time, TODAY is used.

4.1.6.3  –  Examples

    1.ELV> WRITE ERROR_LOG.SYS

      The command in this example copies events in ERROR_LOG.SYS to
      ERROR_LOG.DAT.

    2.ELV> WRITE/OUTPUT

      The command in this example copies events in the default file
      ERRLOG.SYS to ERRLOG.DAT.

    3.ELV> WRITE/OUTPUT=OUTFILE.OUT

      The command in this example copies events in the default file
      ERRLOG.SYS to OUTFILE.OUT.

5    /IMAGE

    Analyzes the contents of an executable image file or a shareable
    image file on OpenVMS VAX and Alpha systems, and an Executable
    and Linkable Format (ELF) image file or sharable image file on
    OpenVMS I64 systems, identifying obvious errors in the file. This
    analysis includes translated images on I64 and Alpha systems. The
    /IMAGE qualifier is required.

    For general information about image files, refer to the
    description of the linker in the VSI OpenVMS Linker Utility
    Manual. (Use the ANALYZE/OBJECT command to analyze the contents
    of an object file.)

    Format

      ANALYZE/IMAGE  filespec[,...]

5.1  –  Parameter

 filespec[,...]

    Specifies the name of one or more image files that you want
    analyzed. You must specify at least one file name. If you specify
    more than one file, separate the file specifications with either
    commas (,)  or plus signs (+). The default file type is .EXE.

    The asterisk (*)  and percent sign (%) wildcard characters are
    allowed in the file specification.

5.2  –  Description

    The ANALYZE/IMAGE command provides a description of the
    components of an executable image file or shareable image file on
    OpenVMS VAX and Alpha systems, and of an Executable and Linkable
    Format (ELF) image file or sharable image file on OpenVMS I64
    systems. It also verifies that the structure of the major parts
    of the image file is correct. However, the ANALYZE/IMAGE command
    cannot ensure that program execution is error free.

    On OpenVMS I64 systems, the ANALYZE/IMAGE command automatically
    distinguishes between I64, Alpha, and VAX images by examining the
    header information.

    If errors are found, the first error of the worst severity is
    returned. For example, if a warning (A) and two errors (B and
    C) are found, the first error (B) is returned as the image exit
    status. The image exit status is placed in the DCL symbol $STATUS
    at image exit.

                                  NOTES

       For I64 images and objects, the Analyze utility determines
       whether the file it analyzes is an image file or object
       file. Although Analyze allows you to specify ANALYZE/OJBECT
       on an ELF image file, use ANALYZE/IMAGE for ELF image files
       and ANALYZE/OJBECT for ELF object files.

       When parsing output from ANALYZE/IMAGE, be aware that the
       output for ELF images may change.

    When using ANALYZE without a qualifier, the default is /OBJECT.
    Therefore, when using this default to analyze an image in the
    output file, the utility correctly identifies itself as "Analyze
    Object File".

    The OpenVMS VAX and Alpha versions of ANALYZE/IMAGE do not have
    the capability of analyzing all non-platform images. For example,
    ANALYZE/IMAGE cannot analyze I64 images on VAX or Alpha images on
    older versions of VAX.

    When you analyze I64 images on I64 platforms, ANALYZE/IMAGE
    accepts VAX-only or Alpha-only qualifiers, but ignores any effect
    of these qualifiers.

    Depending on the platform, the ANALYZE/IMAGE command
    distinguishes I64 images from VAX and ALpha images by examining
    the meta information (e.g., ELF, EIHD, or IHD).

    The ANALYZE/IMAGE command provides the following information for
    image files:

    o  Image architecture and type - The OpenVMS platform and whether
       the image is executable or shareable.

    o  Image name - The name of the image or shareable image.

    o  Image identification - The identification given in a link
       operation.

    o  Creating linker identification - The linker that generated the
       image.

    o  Link date and time - The date and time of the link operation.

    o  Image transfer addresses - The addresses to which control is
       passed at image execution time.

    o  Image version - The revision level (major ID and minor ID) of
       the image.

    o  Location and size of the image's symbol vector (Alpha and I64
       only).

    o  List of required sharable images - The dependencies on
       sharable images.

    o  Location of the debugger symbol table (DST)-Identifies the
       location of the DST in the image file. DST information is
       present only in executable images that have been linked with
       the /DEBUG or the /TRACEBACK command qualifier. (VAX and Alpha
       only.)

    o  Location and interpretation of the debug and traceback
       information - The sections that contain the information and
       formats the data (DWARF) (I64 only).

    o  Location of the global symbol table (GST)- The location of
       the GST in the image file. GST information is present only in
       shareable image files. (VAX and Alpha only.)

    o  Location of the global symbol table (.symtab) - The location
       of the GST in the image file. GST informaton is present only
       in sharable image files (I64 only.)

    o  Patch information-Indicates whether the image has been patched
       (changed without having been recompiled or reassembled and
       relinked). If a patch is present, the actual patch code can be
       displayed. (VAX and Alpha only.)

    o  Image section descriptors (ISD)-Identify portions of the image
       binary contents that are grouped in OpenVMS Cluster systems
       according to their attributes. An ISD contains information
       that the image activator needs when it initializes the address
       space for an image. For example, an ISD tells whether the ISD
       is shareable, whether it is readable or writable, whether it
       is based or position independent, and how much memory should
       be allocated. (VAX only.)

    o  Summary of internal tables - Lists the program segments and
       sections of which the image consists. (I64 only.)

    o  Fixup vectors-Contain information that the image activator
       needs to ensure the position independence of shareable image
       references. (VAX and Alpha only.)

    o  Fixup information-Information that the image activator
       needs to ensure the position independence of sharable image
       references. (I64 only.)

    o  System version categories-For an image that is linked against
       the executive (the system shareable image on I64 and Alpha or
       the system symbol table on VAX), displays both the values of
       the system version categories for which the image was linked
       originally and the values for the system that is currently
       running. You can use these values to identify changes in the
       system since the image was linked last.

    The ANALYZE/IMAGE command has command qualifiers and positional
    qualifiers. For VAX and Alpha images, by default, if you do not
    specify any positional qualifiers (for example, /GST or /HEADER),
    the entire image is analyzed. If you do specify a positional
    qualifier, the analysis excludes all other positional qualifiers
    except the /HEADER qualifier (which is always enabled) and any
    qualifier that you request explicitly.

    The default behavior for analyzing ELF images differs from the
    behavior for analyzing Alpha or VAX images. For ELF images,
    a summary of the major ELF tables is displayed. With this
    information, you can select specific segments and/or sections for
    analysis. To locate errors, analyze the entire image by selecting
    all sections and segments.

5.3  –  Qualifiers

5.3.1    /FIXUP_SECTION

       /FIXUP_SECTION (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all information in the
    fixup section of the image.

    If you specify the /FIXUP_SECTION qualifier after the
    ANALYZE/IMAGE command, the fixup section of each image file in
    the parameter list is analyzed.

    If you specify the /FIXUP_SECTION qualifier after a file
    specification, only the information in the fixup section of that
    image file is analyzed.

5.3.2    /FLAGVALUES

       /FLAGVALUES (I64 only)

    Several fields in an ELF module represent bit flags. Where
    possible, these bit-flag values are examined and displayed
    individually. By default, only the flag values that are set to
    1 (ON) are displayed.

    The keywords are as follows:

    Keyword    Description

    ON         The keyword ON displays all flags whose value is 1.
    OFF        The keyword OFF displays all flags whose value is 0.
    ALL        The keyword ALL displays all flag values. The keywords
               ON and OFF, in contrast, indicate the value of each
               specific flag bit.

5.3.3    /GST

       /GST (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all global symbol
    table records. This qualifier is valid only for shareable images.

    If you specify the /GST qualifier after the ANALYZE/IMAGE
    command, the global symbol table records of each image file in
    the parameter list are analyzed.

    If you specify the /GST qualifier after a file specification,
    only the global symbol table records of that file are analyzed.

5.3.4    /HEADER

       /HEADER (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all header items and
    image section descriptions. The image header items are always
    analyzed.

5.3.5    /INTERACTIVE

       /INTERACTIVE
       /NOINTERACTIVE (default)

    Specifies whether the analysis is interactive. In interactive
    mode, as each item is analyzed, the results are displayed on the
    screen and you are asked whether you want to continue.

5.3.6    /MODULE

       /MODULE [=(module_name[,...]) ] (I64 only)

    Selectively formats debug or traceback information for the named
    module or list of modules. You must request debug or traceback
    information by using the /SECTIONS qualifier with keywords ALL,
    DEBUG or TRACE. If debug or traceback information is selectively
    formatted, then the module name is a subselection.

    If you do not specify a module name, only debug or traceback meta
    information about the available modules is printed. In this case,
    any other debug or traceback selection is deactivated.

                                   NOTE

       This qualifier is only valid for ANALYZE/IMAGE. Although
       ANALYZE/OBJECT can be used to format I64 images, Analyze
       rejects the /MODULE qualifier.

5.3.7    /OUTPUT

       /OUTPUT=filespec

    Identifies the output file for storing the results of the image
    analysis. The asterisk (*) and the percent sign (%) wildcard
    characters are not allowed in the file specification. If you
    specify a file type and omit the file name, the default file
    name ANALYZE is used. The default file type is .ANL. If you omit
    the qualifier, the results are output to the current SYS$OUTPUT
    device.

5.3.8    /PAGE_BREAK

       /PAGE_BREAK=keyword (I64 only)

    Specifies if and where page breaks (form feeds) are inserted in
    the report file. This qualifier is only useful if /OUTPUT is used
    to write a report file. It is ignored if /INTERACTIVE is used to
    specify an interactive analysis.

    Keywords include NONE, which sets no page breaks; PRINTABLE_
    REPORT, which creates page breaks as in listing files, and
    SEPARATE_INFORMATION, which sets page breaks between section
    information.

5.3.9    /PATCH_TEXT

       /PATCH_TEXT (VAX only)

    Positional qualifier.

    Specifies that the analysis include all patch text records. If
    you specify the /PATCH_TEXT qualifier after the ANALYZE/IMAGE
    command, the patch text records of each image file in the
    parameter list are analyzed.

    If you specify the /PATCH_TEXT qualifier after a file
    specification, only the patch text records of that file are
    analyzed.

5.3.10    /SECTIONS

       /SECTIONS [=(keyword[,...])] (I64 only)

    Selects individual program sections or section types to display.

                                   NOTE

       This qualifier and its keywords can only be used to form an
       inclusion list of sections to be displayed. This qualifier
       is not negatable and cannot be used to form an exclusion
       list. If no values are specified, the default keyword is
       HEADERS.

    The keywords are as follows:

    Keyword            Description

    ALL                Displays a detailed analysis of every section
                       in the module. Note that this keyword can
                       generate a large amount of output.
    CODE               Displays all of all sections of type SHT_
                       PROGBITS where the executable flag is set
                       (SHDR$M_SHF_EXECINSTR in the section header).
                       The section data will be displayed as machine
                       instructions.
    DEBUG              Analyzes and displays sections consisting
    [=(suffix[,...])]  of DWARF formatted debug information. In
                       addition, you can use a list of debug section
                       name suffixes to selectively format DEBUG
                       information.
    EXTENSIONS         Analyzes and displays sections of type SHT_
                       IA64_EXT. The data is displayed in hexadecimal
                       format.
    GROUP              Analyzes and displays sections of type SHT_
                       GROUP. Sections of this type consist of a list
                       of the section numbers of sections belonging
                       to that group.
    HEADERS            The default keyword. Displays the ELF header
                       and the section header details.
    LINKAGES           Analyzes and displays sections of type SHT_
                       VMS_LINKAGES.The data is displayed as a list
                       of linkage descriptors.
    NOBITS             Analyzes and displays sections of type SHT_
                       NOBITS. There is no module data associated
                       with sections of this type.
    NOTE               Analyzes and displays sections of type SHT_
                       NOTE. The data for this section is displayed
                       as a list of formatted OpenVMS note entries.
    NULL               Displays all sections of type PT_NULL. No a
                       data will be displayed for segments of this
                       type.
    NUMBERS=           Displays individual sections, as follows:
    (number [,...])
                       o  The selected sections will have a detailed
                          display of their header and their contents.
                          An informational message is displayed for
                          section numbers that do not exist in the
                          module.

                       o  One or more numeric values may be
                          specified.

                       o  Section numbers may be specified in
                          decimal, octal (using the %O prefix), or
                          hexadecimal (using the %X prefix).

    STRTAB             Analyzes and displays sections of type SHT_
                       STRTAB. The data for this section is displayed
                       as a string table.
    SYMTAB             Displays sections of type SHT_SYMTAB. The
                       data for this section is displayed as a symbol
                       table.
    SYMBOL_VECTOR      Sections of this type will only appear in
                       sharable image files. If present, they point
                       to the same data as the dynamic segment DT_
                       VMS_SYMVEC tags.
    TRACE              Analyzes and displays sections consisting of
    [=(suffix[,...])]  traceback information. In addition, you can
                       use a list of trace section name suffixes to
                       selectively format TRACE information.
    UNWIND             Analyzes and displays sections of type SHT_
                       IA64_UNWIND. Each section of this type has an
                       associated Unwind Information section of type
                       SHT_PROGBITS. This associated section is also
                       displayed.

5.3.11    /SEGMENTS

       /SEGMENTS [=(keyword[,...])] (I64 only)

    Selects individual program segments or program segments of a
    specified type to be displayed.

                                   NOTE

       This qualifier and its keywords can only be used to form an
       inclusion list of segments to be displayed. This qualifier
       is not negatable and cannot be used to form an exclusion
       list. If no values are specified, the default keyword is
       HEADERS.

    The keywords are as follows:

    Keyword    Description

    ALL        Analyzes and displays information for every program
               segment. Note that this can generate a large amount of
               output.
    CODE       Analyzes and displays all executable segments
               (PHDR$M_PF_X bit set in the segment header). Segment
               data is displayed as machine instructions.
    DYNAMIC    Analyzes and displays the segment of type PT_DYNAMIC.
    EXTENSIONS Analyzes and displays segments of type IA_64_ARCHEXT.
    HEADERS    The default keyword. Analyzes and displays the ELF
               header and segment header details.
    LOAD       Analyzes and displays segments of type PT_LOAD. If the
               segment header indicates this is an executable segment
               (PHDR$M_PF_X bit set in the segment header), the
               contents will be formatted as machine instructions,
               otherwise the contents are formatted as hexadecimal
               data.
    NULL       Analyzes and displays segments of type PT_NULL. No a
               data will be displayed for segments of this type.
    NUMBERS=   Analyzes and displays individual segments, as follows:
    (number
    [,...])    o  The selected segments have a detailed display of
                  header and content information. For section numbers
                  that do not exist in the module, an informational
                  message is displayed.

               o  One or more numeric values may be specified.

               o  Segment numbers may be specified in decimal, octal
                  (using the %O prefix), or hexadecimal (using the %X
                  prefix).

5.3.12    /SELECT

       /SELECT=(keyword[,...])

    Allows for the collection of specific image file information and
    displays the selected keyword items in the order specified.

    Analyze creates DCL symbols for all selectable information with
    the /SELECT qualifier. The symbol names consist of the prefix
    ANALYZE$ and a descriptive name of the information they hold.
    The symbol value is the selected information, usually printed
    to SYS$OUTPUT. Effectively, all of the printed information
    is duplicated in the symbols. For unselected information, the
    corresponding symbols will contain the null string.

    The keywords are as follows:

    Keyword         Description

    ARCHITECTURE    Writes the architecture information into the DCL
                    symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS
                    IA64" if the file is an OpenVMS I64 image file.
                    Returns "OpenVMS Alpha" if the file is an OpenVMS
                    Alpha image file. Returns "OpenVMS VAX" if the
                    file is an OpenVMS VAX image file.

    BUILD_          Writes build identification information into
    IDENTIFICATION  the DCL symbol ANALYZE$BUILD_IDENTIFICATION.
                    For OpenVMS I64 and Alpha image files, returns
                    the image build identification stored in the
                    image file, enclosed in quotation marks. For
                    OpenVMS VAX image files, the null string that
                    is represented by adjacent quotation marks is
                    returned.

    FILE_TYPE       Writes file type information into the DCL symbol
                    ANALYZE$FILE_TYPE. Returns "Image" if the file is
                    an OpenVMS I64, Alpha, or VAX image file.

    IDENTIFICATION  The possible keywords are as follows:
    [=keyword]
                    o  IMAGE (default) - Writes the image
                       identification information into the DCL symbol
                       ANALYZE$IDENTIFICATION. Returns the image
                       identification that is stored in the image
                       file, enclosed in quotation marks. Otherwise,
                       returns "Unknown".

                    o  LINKER - Writes the linker identification
                       information into the DCL symbol
                       ANALYZE$LINKER_IDENTIFICATION. Returns the
                       identification of the linker used to link the
                       image.

    IMAGE_TYPE      Writes image type information into the DCL
                    symbol ANALYZE$IMAGE_TYPE. Returns "Shareable"
                    if the file is a shareable image file.
                    Returns "Executable" if the file is either an
                    OpenVMS I64, Alpha, or OpenVMS VAX executable
                    (nonshareable) image file.

    LINK_TIME       Writes link time information into the DCL symbol
                    ANALYZE$LINK_TIME. For image files, returns the
                    image link time that is stored in the image file,
                    enclosed in quotation marks.

    NAME            Writes link time information into the DCL symbol
                    ANALYZE$NAME. For image files, returns the image
                    name that is stored in the image file, enclosed
                    in quotation marks.

    VERSION_        Writes the system and component version numbers
    NUMBERS         into DCL symbols. The DCL symbol names and
    (Alpha and      values are similar to the printed output of
    I64 only)       ANALYZE/IMAGE; that is, there is a symbol for
                    each component. The symbol names consist of the
                    prefix "ANALYZE$SYS$K_" and the component name
                    consists of "BASE_IMAGE", "MEMORY_MANAGEMENT",
                    and so forth. If the analyzed image depends on a
                    component, the component's version number saved
                    in the image is also in the corresponding DCL
                    symbol. The other DCL symbols contain an empty
                    string. The symbol value, the version, consists
                    of a major and minor version number, separated by
                    a dot and enclosed in parantheses.

                    In addition, if the image runs on the same
                    platform as Analyze, then the component's version
                    of the running system are stored in the DCL
                    symbols. Then, within the parentheses, the image
                    and system versions are separated by a slash.
                    In this case, both versions are compared. The
                    comparision is performed by an LEQUAL check for
                    major-/minor-IDs. If there is a mismatch, Analyze
                    prints an informational message. Note also that
                    the system version is saved in the DCL symbol of
                    the BASE_IMAGE component.

                                   NOTE

       The Analyze utility can work on several files. Because
       there is only one set of DCL symbols, the symbols only
       contain information from the last analyzed file. When an
       error occurs, symbol values are undefined. Check for Analyze
       errors first, then use the symbols.

5.4  –  Examples

    1.$ ANALYZE/IMAGE  LINEDT

      The ANALYZE/IMAGE command in this example produces a
      description and an error analysis of the image LINEDT.EXE.
      Output is sent to the current SYS$OUTPUT device.

    2.$ ANALYZE/IMAGE/OUTPUT=LIALPHEX/FIXUP_SECTION/PATCH_TEXT
       LINEDT, ALPRIN (VAX and Alpha only)

      The ANALYZE/IMAGE command in this example produces a
      description and an error analysis of the fixup sections
      and patch text records of LINEDT.EXE and ALPRIN.EXE in file
      LIALPHEX.ANL. Output is sent to the file LIALPHEX.ANL.

    3.$ ANALYZE/IMAGE/SELECT=(ARCH,FILE,NAME,IDENT,BUILD,LINK) *.EXE
      DISK:[DIRECTORY]ALPHA.EXE;1
      OpenVMS ALPHA
      Image
      "Test image ALPHA"
      "A11-27"
      "X5SC-SSB-0000"
      14-JUN-2004 07:16:19.24
      DISK:[DIRECTORY]VAX.EXE;1
      OpenVMS VAX
      Image
      "Test image VAX"
      "V11-27"
      ""
      15-JUN-2004 13:18:40:70

      On an Alpha system, this example displays the information
      requested about the executable files ALPHA.EXE and VAX.EXE.

    4.$ ANALYZE/IMAGE/SELECT=(ARCHITECTURE,IDENT,NAME) HELLO 1

      USER:[JOE]HELLO.EXE;1
      OpenVMS IA64
      "V1.0"
      "HELLO"
      $
      $ SHOW SYMBOL ANALYZE$*
        ANALYZE$ARCHITECTURE = "OpenVMS IA64"
        ANALYZE$BUILD_IDENTIFICATION = ""
        ANALYZE$FILE_TYPE = ""
        ANALYZE$IDENTIFICATION = ""V1.0""
        ANALYZE$IMAGE_TYPE = ""
        ANALYZE$LINKER_IDENTIFICATION = ""
        ANALYZE$LINK_TIME = ""
        ANALYZE$NAME = ""HELLO""
      $
      $ ANALYZE/IMAGE/SELECT=(IDENT=(IMAGE,LINKER),IMAGE,LINK) HELLO 2
      USER:[JOE]HELLO.EXE;1
      "V1.0"
      "Linker I01-54"
      Executable
       7-JUN-2004 11:47:08.10
      $
      $ SHOW SYMBOL ANALYZE$*
        ANALYZE$ARCHITECTURE = ""
        ANALYZE$BUILD_IDENTIFICATION = ""
        ANALYZE$FILE_TYPE = ""
        ANALYZE$IDENTIFICATION = ""V1.0""
        ANALYZE$IMAGE_TYPE = "Executable"
        ANALYZE$LINKER_IDENTIFICATION = ""Linker I01-54""
        ANALYZE$LINK_TIME = " 7-JUN-2004 11:47:08.10"
        ANALYZE$NAME = ""
      $
      $ ANALYZE/IMAGE/SELECT=FILE HELLO.* 3
      USER:[JOE]HELLO.C;1
      %ANALYZE-E-ILLFIL, Illegal file format encountered
      USER:[JOE]HELLO.EXE;1
      Image
      USER:[JOE]HELLO.MAP;1
      %ANALYZE-E-ILLFIL, Illegal file format encountered
      USER:[JOE]HELLO.OBJ;1
      Object
      $
      $ SHOW SYMBOL ANALYZE$*
        ANALYZE$ARCHITECTURE = ""
        ANALYZE$BUILD_IDENTIFICATION = ""
        ANALYZE$FILE_TYPE = "Object"
        ANALYZE$IDENTIFICATION = ""
        ANALYZE$IMAGE_TYPE = ""
        ANALYZE$LINKER_IDENTIFICATION = ""
        ANALYZE$LINK_TIME = ""
         ANALYZE$NAME =
      $

      This I64 example displays the information requested for the
      executable file, HELLO.EXE. The following text is keyed to the
      callout numbers at the ends of each ANALYZE/IMAGE command line
      in the example:

      1  Only the selected information can be found in the DCL
         symbols. The information in the symbols is identical to
         what is printed to SYS$OUTPUT, that is, if quoted strings
         are printed there are quotes strings in the symbol.

      2  If the new linker identification is selected, it is
         necessary to use IDENT with a keyword list.

      3  When using wildcards, errors in the analyzed file (for
         example illegal file format errors) do not terminate
         Analyze. Only the information from the last analyzed file
         can be found in the DCL symbols.

6    /MEDIA

   Invokes the Bad Block Locator utility (BAD), which analyzes
   block-addressable devices and records the location of blocks that
   cannot reliably store data. The /MEDIA qualifier is required. For
   a complete description of BAD, including information about the
   ANALYZE/MEDIA command and its qualifiers, see the OpenVMS Bad Block
   Locator Utility Manual. This manual is posted with other archived
   manuals on the OpenVMS Documentation website.

   Format

     ANALYZE/MEDIA device

   device

   Specifies the device that BAD will analyze. The device has the form:

        ddcu: or logical-name

6.1  –  Qualifiers

6.1.1    /BAD_BLOCKS

  /BAD_BLOCKS[=LIST]

   Adds the specified bad blocks to the detected bad block file
   (DBBF). If the /BAD_BLOCK qualifier is specified along with the
   /EXERCISE qualifier, the medium is tested once the bad blocks are
   added to the DBBF.

   If you do not specify a value for the /BAD_BLOCK qualifier, you are
   prompted as follows:

        BAD_BLOCKS =

   In prompt mode, BAD reports any duplicate bad blocks.

   Qualifier Value

   List

        Specifies the bad block locations to be added to the DBBF. Valid
        codes for specifying bad block locations are:

        Code                  Meaning

        LBN                   Specifies the logical block number (LBN)
                              of a single bad block.

        LBN:count             Specifies a range of contiguous bad blocks
                              starting at the logical block number (LBN)
                              and continuing for "count" blocks.

        SEC.TRK.CYL           Specifies the physical disk address (sector,
                              track, and cylinder) of a single bad
                              sector. This code is valid only for last
                              track devices.

        SEC.TRK.CYL:count     Specifies a range of bad sectors starting
                              at the specified physical disk address
                              (sector, track, and cylinder) and
                              continuing for "count" sectors. This code
                              is valid only for last track devices.

                              You can specify these formats in any
                              integer combination or radix combination.

                                   Note

           The term "block" denotes a standard unit of 512
           bytes, whereas the term "sector" denotes the
           physical size of the device sector, which is not
           always the same for all devices. For example, an
           RL02 has a sector size of 256 bytes, while an RK07
           has a standard sector size of 512 bytes.

6.1.2    /EXERCISE

  /EXERCISE=(FULL,[NO]KEEP,PATTERN)
  /NOEXERCISE (default)

   Controls whether the media should actually be tested. You can
   update the DBBF without erasing the contents of the volume by
   using the /NOEXERCISE qualifier along with the /BAD_BLOCKS
   qualifier.

   Qualifier Keywords

   FULL

        Causes BAD to test the media using three test patterns (0s,
        1s, and "worst case") instead of the default single "worst
        case" pattern. The FULL keyword can be used only with
        /EXERCISE.  Note that the "worst case" test pattern always
        remains on media tested with the /EXERCISE qualifier.

   KEEP

        Ensures the preservation of the current software detected bad
        block file (SDBBF). The keep keyword is the default when
        /NOEXERCISE is specified.

   NOKEEP

        Causes BAD to create a new SDBBF. The NOKEEP keyword is the
        default when /EXERCISE is specified. This keyword cannot be
        used with the /NOEXERCISE qualifier.

   PATTERN=(value[,...])

        Allows users to specify the value of a test pattern to be
        used as "worst case". Up to an octaword of test pattern
        data may be specified in decimal (%D), hexadecimal (%X),
        or octal (%O) radixes. The default radix is decimal.

        The pattern is specified in longwords. If two or more
        longwords are specified, they must be enclosed in
        parentheses and separated by commas.

6.1.3    /LOG

  /LOG
  /NOLOG (default)

   Specifies whether a message is sent to the current SYS$OUTPUT
   device and SYS$ERROR, indicating the total number of bad blocks
   detected by BAD.

6.1.4    /OUTPUT

  /OUTPUT[=filespec]

   Specifies whether the contents of the DBBF are written to the
   specified file.  If you omit the /OUTPUT qualifier, no output
   is generated.

   If you specify /OUTPUT but omit the filespec, the contents of
   the DBBF are written to the current SYS$OUTPUT device.

   When you specify /OUTPUT, the /SHOW=AFTER qualifier is implied.

   Qualifier Value

   filespec

        Identifies the output file for storing the results of the
        medium analysis. If you specify a file type and omit the
        file name, the default file name ANALYZE is used. The default
        file type is ANL. If you omit the filespec, the results are
        output to the current SYS$OUTPUT device.

        No wildcard characters are allowed in the file specification.

6.1.5    /RETRY

  /RETRY
  /NORETRY (default)

   Enables the device driver to retry soft errors.

6.1.6    /SHOW

  /SHOW[=(keyword[,...])]

   Lists the contents of the DBBF before or after (or both) the
   medium is exercised or modified.

   Qualifier Keywords

   [NO]BEFORE,[NO]AFTER

       Specifies whether the contents of the DBBF are listed before or
       after (or both) the medium is exercised. After is the default.

6.2  –  Examples

   In examples 1 and 2, the contents of the data region on the medium
   are not altered or destroyed; in examples 3, 4, and 5, all the data
   on the medium is destroyed.

   1.   $ ANALYZE/MEDIA/BAD_BLOCKS=(4.4.4:3) DBA1:

   The /BAD_BLOCKS qualifier in this example specifies a range of 3
   bad blocks beginning at the physical disk address sector 4, track
   4, cylinder 4.  This range is added to the DBBF.

   2.   $ ANALYZE/MEDIA/LOG DBB1:
        DEVICE DBB1: CONTAINS A TOTAL OF 340670 BLOCKS; 11 DEFECTIVE
        BLOCKS DETECTED.

   The command in this example requests BAD to report the total
   number of bad blocks recorded in DBBFs for the disk mounted on
   DBB1:. The medium is not exercised or altered in any way.

   3.   $ ANALYZE/MEDIA/EXERCISE/BAD_BLOCKS=(2) DBB1:

   The command in this example adds the bad block specification to
   the DBBF and then tests the media. The bad block in this example
   is located at logical block number (LBN) 2.

   4.   $ ANALYZE/MEDIA/EXERCISE=KEEP DBA1:

   This command tests the media while preserving the current SDBBF.

   5.   $ ANALYZE/MEDIA/EXERCISE/RETRY DBB1:

   The command in this example directs the device driver to retry soft
   errors.

7    /OBJECT

    Analyzes the contents of an object file on OpenVMS VAX and Alpha
    systems, and an Executable and Linkable Format (ELF) object
    file on OpenVMS I64 systems, and identifies obvious errors. The
    /OBJECT qualifier is required.

    For general information about object files, refer to the
    description of the linker in the VSI OpenVMS Linker Utility
    Manual. (Use the ANALYZE/IMAGE command to analyze the contents
    of an image file.)

    Format

      ANALYZE/OBJECT  filespec[,...]

7.1  –  Parameter

 filespec[,...]

    Specifies the object files or object module libraries you want
    analyzed (the default file type is .OBJ). Use commas (,)  or plus
    signs (+)  to separate file specifications. The asterisk (*) and
    the percent sign (%) wildcard characters are allowed in the file
    specification.

7.2  –  Description

    The ANALYZE/OBJECT command describes the contents of one or more
    object modules contained in one or more files. It also performs
    a partial error analysis. This analysis determines whether all
    records in an object module conform in content, format, and
    sequence to the specifications of the I64, Alpha, or VAX Object
    Language.

    On OpenVMS I64 systems, the ANALYZE/OBJECT command automatically
    distinguishes I64, Alpha, and VAX objects by examining the format
    of the object modules header.

    ANALYZE/OBJECT is intended primarily for programmers compilers,
    debuggers, or other software involving the operating system's
    object modules. It checks that that the ELF object format (I64)
    or the object language records (VAX and Alpha) generated by
    the object modules are acceptable to the Linker utility, and
    it identifies certain errors in the file. It also provides a
    description of the records in the object file or object module
    library. For more information on the linker and on the Alpha
    and VAX object languages, refer to the VSI OpenVMS Linker Utility
    Manual. Information on the I64 object format will be available in
    a future release.

                                  NOTES

       For I64 images and objects, the Analyze utility determines
       whether the file it analyzes is an image file or object
       file. Although Analyze allows you to specify ANALYZE/IMAGE
       on an ELF object file, use ANALYZE/IMAGE for ELF image files
       and ANALYZE/OJBECT for ELF object files.

       The OpenVMS VAX and OpenVMS Alpha versions of ANALYZE/OBJECT
       are not fully capable of analyzing non-platform objects (for
       example I64 objects on VAX or Alpha).

       The output format of ANALYZE/OBJECT for ELF objects may
       change. Further, the default behavior for analyzing ELF
       objects differs from the behavior for analyzing Alpha or VAX
       objects. For ELF objects, a summary of the major ELF tables
       is displayed. With this information, you can select specific
       sections for further analysis. To locate errors, the entire
       object should be analyzed by selecting all sections.

       When you analyze I64 objects on I64 platforms,
       ANALYZE/OBJECT accepts either VAX- or Alpha-only qualifiers,
       but ignores any effect of these qualifiers.

    The ANALYZE/OBJECT command analyzes the object modules in order,
    record by record, from the first to the last record in the object
    module. Fields in each record are analyzed in order from the
    first to the last field in the record. After the object module
    is analyzed, you should compare the content and format of each
    type of record to the required content and format of that record
    as described by the OpenVMS I64, Alpha, or OpenVMS VAX Object
    Language. This comparison is particularly important if the
    analysis output contains a diagnostic message.

    ANALYZE/OBJECT displays the following information for object
    modules:

    o  Module architecture and type

    o  Module name

    o  Module version

    o  Module creation date and time

    o  Language processor creator

    Linking an object module differs from analyzing an object module.
    The object's contents are not interpreted; rather, only the meta
    information is checked for consistancy. As a result, even if
    the analysis is error free, the linking operation may not be. In
    particular, the analysis does not check the following for VAX and
    Alpha objects:

    o  That data arguments in TIR commands are in the correct format

    o  That "Store Data" TIR commands are storing within legal
       address limits

    Therefore, as a final check, you should still link an object
    module whose analysis is error free.

    If an error is found, however, the first error of the worst
    severity that is discovered is returned. For example, if a
    warning (A) and two errors (B and C) are signaled, then the first
    error (B) is returned as the image exit status, which is placed
    in the DCL symbol $STATUS at image exit.

    ANALYZE/OBJECT uses positional qualifiers; that is, qualifiers
    whose function depends on their position in the command line.
    When a positional qualifier precedes all of the input files in
    a command line, it affects all input files. For example, the
    following command line requests that the analysis include the
    global symbol directory records in files A, B, and C:

    $ ANALYZE/OBJECT/GSD A,B,C

    Conversely, when a positional qualifier is associated with only
    one file in the parameter list, only that file is affected. For
    example, the following command line requests that the analysis
    include the global symbol directory records in file B only:

    $ ANALYZE/OBJECT A,B/GSD,C

    For VAX and Alpha objects, typically, all records in an object
    module are analyzed. However, when the /DBG, /EOM, /GSD, /LNK,
    /MHD, /TBT, or /TIR qualifier is specified, only the record types
    indicated by the qualifiers are analyzed. All other record types
    are ignored.

    By default, the analysis includes all record types unless
    you explicitly request a limited analysis using appropriate
    qualifiers.

                                   NOTE

       For VAX and Alpha End-of-Module (EOM) records and module
       header (MHD) records are always analyzed, no matter which
       qualifiers you specify.

       For I64 objects the Elf header, the section header table
       and the note section are always analyzed, no matter which
       qualifiers you specify.

7.3  –  Qualifiers

7.3.1    /DISASSEMBLE

       /DISASSEMBLE (I64 only)

    Positional qualifier.

    Displays all sections of type SHT_PROGBITS where the executable
    flag is set (SHDR$M_SHF_EXECINSTR in the section header). The
    section data will be displayed as machine instructions with
    symbolization of labels, branch targets, and so on. All local and
    global symbols from the symbol table are used for symbolization.
    The output is similar to compiler generated machine code
    listings.

                                   NOTE

       This qualifier is accepted only for objects. I64 images
       contain only global symbols, if any at all. In addition,
       output produced with this qualifier differs from output
       produced by ANALYZE/OBJECT/SECTIONS=CODE, which provides
       machine code output for the same sections, although without
       symbolization.

7.3.2    /DBG

       /DBG (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all debugger
    information records. If you want the analysis to include debugger
    information for all files in the parameter list, insert the /DBG
    qualifier immediately following the /OBJECT qualifier. If you
    want the analysis to include debugger information selectively,
    insert the /DBG qualifier immediately following each of the
    selected file specifications.

7.3.3    /EOM

       /EOM (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should be limited to MHD records, EOM
    records, and records explicitly specified by the command. If you
    want this to apply to all files in the parameter list, insert the
    /EOM qualifier immediately following the /OBJECT qualifier.

    To make the /EOM qualifier applicable selectively, insert it
    immediately following each of the selected file specifications.

                                   NOTE

       End-of-module records can be EOM or EOMW records. Refer to
       the VSI OpenVMS Linker Utility Manual for more information.

7.3.4    /FLAGVALUES

       /FLAGVALUES (I64 only)

    Several fields in an ELF module represent bit flags. Where
    possible, these bit-flag values are examined and displayed
    individually. By default, only the flag values that are set to
    1 (ON) are displayed.

    The keywords are as follows:

    Keyword    Description

    ON         The keyword ON displays all flags whose value is 1.
    OFF        The keyword OFF displays all flags whose value is 0.
    ALL        The keyword ALL displays all flag values. The keywords
               ON and OFF, in contrast, indicate the value of each
               specific flag bit.

7.3.5    /GSD

       /GSD (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all global symbol
    directory (GSD) records.

    If you want the analysis to include GSD records for each file
    in the parameter list, specify the /GSD qualifier immediately
    following the /OBJECT qualifier.

    If you want the analysis to include GSD records selectively,
    insert the /GSD qualifier immediately following each of the
    selected file specifications.

7.3.6    /INCLUDE

       /INCLUDE [=(module[,...])]

    When the specified file is an object module library, use this
    qualifier to list selected object modules within the library for
    analysis. If you omit the list or specify an asterisk (*),  all
    modules are analyzed. If you specify only one module, you can
    omit the parentheses.

7.3.7    /INTERACTIVE

       /INTERACTIVE
       /NOINTERACTIVE (default)

    Controls whether the analysis occurs interactively. In
    interactive mode, as each record is analyzed, the results are
    displayed on the screen, and you are asked whether you want to
    continue.

7.3.8    /LNK

       /LNK (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all link option
    specification (LNK) records.

    If you want the analysis to include LNK records for each file
    in the parameter list, specify the /LNK qualifier immediately
    following the /OBJECT qualifier.

    If you want the analysis to include LNK records selectively,
    insert the /LNK qualifier immediately following each of the
    selected file specifications.

7.3.9    /MHD

       /MHD (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should be limited to MHD records,
    EOM records, and records explicitly specified by the command.
    If you want this analysis to apply to all files in the parameter
    list, insert the /MHD qualifier immediately following the /OBJECT
    qualifier.

    To make the /MHD qualifier applicable selectively, insert
    immediately following each of the selected file specifications.

7.3.10    /PAGE_BREAK

       /PAGE_BREAK=keyword (I64 only)

    Specifies if and where page breaks (form feeds) are inserted in
    the report file. This qualifier is only useful if /OUTPUT is used
    to write a report file. It is ignored if /INTERACTIVE is used to
    specify an interactive analysis.

    Keywords include NONE, which sets no page breaks; PRINTABLE_
    REPORT, which creates page breaks as in listing files, and
    SEPARATE_INFORMATION, which sets page breaks between section
    information.

7.3.11    /OUTPUT

       /OUTPUT [=filespec]

    Directs the output of the object analysis (the default is
    SYS$OUTPUT). If you specify a file type and omit the file name,
    the default file name ANALYZE is used. The default file type is
    .ANL.

    The asterisk (*) and the percent sign (%) wildcard characters are
    not allowed in the file specification.

7.3.12    /SECTIONS

       /SECTIONS [=(keyword[,...])] (I64 only)

    Selects individual program sections or section types to display.

                                   NOTE

       This qualifier and its keywords can only be used to form an
       inclusion list of sections to be displayed. This qualifier
       is not negatable and cannot be used to form an exclusion
       list. If no values are specified, the default keyword is
       HEADERS.

    The keywords are as follows:

    Keyword            Description

    ALL                Displays a detailed analysis of every section
                       in the module. Note that this keyword can
                       generate a large amount of output.
    CODE               Displays all sections of type SHT_PROGBITS
                       where the executable flag is set (SHDR$M_
                       SHF_EXECINSTR in the section header). The
                       section data will be displayed as machine
                       instructions.
    DEBUG              Analyzes and displays sections consisting
    [=(suffix[,...])]  of debug formatted debug information. In
                       addition, you can use a list of debug section
                       name suffixes to selectively format DEBUG
                       information. The suffix can be specified as
                       follows:

                       o  ABBREV-Formats DEBUG abbreviations

                       o  ARANGES-Formats DEBUG address lookup tables

                       o  FRAME-Formats DEBUG frame descriptors for
                          unwinding

                       o  INFO-Formats DEBUG symbols

                       o  LINE-Formats DEBUG source line info

                       o  PUBNAMES-Formats DEBUG name lookup tables

                       o  PUBTYPES-Formats DEBUG type lookup tables

    EXTENSIONS         Analyzes and displays sections of type SHT_
                       IA64_EXT. The data is displayed in hexadecimal
                       format.
    GROUP              Analyzes and displays sections of type SHT_
                       GROUP. Sections of this type consist of a list
                       of the section numbers of sections belonging
                       to that group.
    HEADERS            The default keyword. Displays the ELF header
                       and the section header details.
    LINKAGES           Analyzes and displays sections of type SHT_
                       VMS_LINKAGES.The data is displayed as a list
                       of linkage descriptors.
    NOBITS             Analyzes and displays sections of type SHT_
                       NOBITS. There is no module data associated
                       with sections of this type.
    NOTE               Analyzes and displays sections of type SHT_
                       NOTE. The data for this section is displayed
                       as a list of formatted OpenVMS note entries.
    NULL               Displays all sections of type PT_NULL. No a
                       data will be displayed for segments of this
                       type.
    NUMBERS= (number   Displays individual sections, as follows:
    [,...])
                       o  The selected sections will have a detailed
                          display of their header and their contents.
                          An informational message is displayed for
                          section numbers that do not exist in the
                          module.

                       o  One or more numeric values may be
                          specified.

                       o  Section numbers may be specified in
                          decimal, octal (using the %O prefix), or
                          hexadecimal (using the %X prefix).

    PROGBITS           Displays all sections of type SHT_PROGBITS,
                       except unwind sections.

                       Formatting for the sections of type SHT_
                       PROGBITS depends on the EXECINSTR flag
                       (SHDR$M_SHF_EXECINSTR) in its section header.
                       If this bit set, the section data will be
                       displayed as machine instructions. Otherwise
                       it will be displayed as hexadecimal data.

                       Unwind sections will be displayed if
                       /SECTIONS=UNWIND is specified.
    RELOCATIONS        Analyzes and displays sections of type SHT_
                       RELA. The data for this section is displayed
                       as table of relocation entries.
    STRTAB             Analyzes and displays sections of type SHT_
                       STRTAB. The data for this section is displayed
                       as a string table.
    SYMTAB             Displays sections of type SHT_SYMTAB. The
                       data for this section is displayed as a symbol
                       table.
    TRACE              Analyzes and displays sections consisting of
    [=(suffix[,...])]  traceback information.

                       In addition, you can use a list of trace
                       section name suffixes to selectively format
                       TRACE information. The trace section names,
                       which appear as ".trace_suffix", can be
                       viewed in the summary table. The suffix can be
                       specified as shown below. In addition, because
                       there is one common debug and traceback
                       section, ".debug_line", the suffix "line"
                       can be specified as shown below as well:

                       o  ABBREV-Formats TRACE abbreviations

                       o  ARANGES-Formats TRACE address lookup tables

                       o  INFO-Formats TRACE symbols

                       o  LINE-Formats TRACE source line info

    UNWIND             Analyzes and displays sections of type SHT_
                       IA64_UNWIND. Each section of this type has an
                       associated Unwind Information section of type
                       SHT_PROGBITS. This associated section is also
                       displayed.

7.3.13    /SELECT

       /SELECT=(keyword[,...])

    Allows for the collection of specific object file information and
    displays the selected keyword items in the order specified.

                                   NOTE

       The /SELECT qualifier can be used on object and image
       files. The same keywords are valid selections. However,
       some information can not be in an object, such as the link
       date and time. Therfore, for some keywords the Analyze
       utility returns "Unknown.". In the following table, only
       the keywords (which are useful for object files) and their
       return values are listed.

    Analyze creates DCL symbols for all selectable information with
    the /SELECT qualifier. The symbol names consist of the prefix
    ANALYZE$ and a descriptive name of the information they hold.
    The symbol value is the selected information, usually printed
    to SYS$OUTPUT. Effectively, all of the printed information
    is duplicated in the symbols. For unselected information, the
    corresponding symbols will contain the null string.

    The keywords are as follows:

    Keyword         Description

    ARCHITECTURE    Writes the architecture information into the DCL
                    symbol ANALYZE$ARCHITECTURE. Returns "OpenVMS
                    IA64" if the file is an OpenVMS I64 object file.
                    Returns "OpenVMS Alpha" if the file an OpenVMS
                    Alpha object file. Returns "OpenVMS VAX" if the
                    file is an OpenVMS VAX object file.
    FILE_TYPE       Writes file type information into the DCL symbol
                    ANALYZE$FILE_TYPE. Returns "Object" if the file
                    is an OpenVMS I64, Alpha, or VAX object file.

7.3.14    /TBT

       /TBT (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all module traceback
    (TBT) records.

    If you want the analysis to include TBT records for each file
    in the parameter list, specify the /TBT qualifier immediately
    following the /OBJECT qualifier.

    If you want the analysis to include TBT records selectively,
    insert the /TBT qualifier immediately following each of the
    selected file specifications.

7.3.15    /TIR

       /TIR (VAX and Alpha only)

    Positional qualifier.

    Specifies that the analysis should include all text information
    and relocation (TIR) records.

    If you want the analysis to include TIR records for each file
    in the parameter list, specify the /TIR qualifier immediately
    following the /OBJECT qualifier.

    If you want the analysis to include TIR records selectively,
    insert the /TIR qualifier immediately following the selected file
    specifications.

7.4  –  Examples

    1.$ ANALYZE/OBJECT/INTERACTIVE  LINEDT

      In this example, the ANALYZE/OBJECT command produces a
      description and a partial error analysis of the object file
      LINEDT.OBJ. Output is to the terminal, because the /INTERACTIVE
      qualifier has been used. As each item is analyzed, the utility
      displays the results on the screen and asks if you want to
      continue.

    2.$ ANALYZE/OBJECT/OUTPUT=LIOBJ/DBG  LINEDT (VAX and Alpha only)

      In this example, the ANALYZE/OBJECT command analyzes only the
      debugger information records of the file LINEDT.OBJ. Output is
      to the file LIOBJ.ANL.

    3.$ ANALYZE/OBJECT/SELECT=(ARCH,FILE) *.OBJ
      DISK:[DIRECTORY]ALPHA.OBJ;1
         OpenVMS ALPHA
         Object
         DISK:[DIRECTORY]VAX.OBJ;1
         OpenVMS VAX
         Object

      This example displays the information requested about the
      object files ALPHA.OBJ and VAX.OBJ.

8    /PROCESS_DUMP

    Invokes the OpenVMS Debugger to analyze a process dump file that
    was created when an image failed during execution. (Use the /DUMP
    qualifier with the RUN or the SET PROCESS command to generate a
    dump file.)

    Note that on Alpha systems, you can also force a process to dump by
    using the DUMP/PROCESS command.

    The ANALYZE/PROCESS_DUMP command can display a process dump file
    for either an Alpha or a VAX image. For a complete description
    of the debugger, including information about the DEBUG command,
    refer to the OpenVMS Debugger Manual.

    Requires read (R) access to the dump file.

    Format

      ANALYZE/PROCESS_DUMP  dump-file

    dump-file

    Specifies the dump file to be analyzed with the debugger.

8.1  –  Qualifiers

8.1.1    /FULL

    On VAX and Alpha systems, displays all known information about the
    failing process.

8.1.2    /IMAGE

       /IMAGE=image-name
       /NOIMAGE

    On VAX systems, specifies the image to be activated to set up the
    process context for the analysis. If you use the /NOIMAGE qualifier,
    the DELTA debugger will be used for the analysis.

    By default, symbols are taken from the image with the same name as
    the image that was running at the time of the dump.

8.1.3    /IMAGE_PATH

      /IMAGE_PATH[=directory-spec] dump-file
      /NOIMAGE_PATH

    On Alpha systems, specifies the search path the debugger is to use
    to find the debugger symbol table (DST) file.  As in prior debuggers,
    the debugger builds an image list from the saved process image list.
    When you set an image (the main image is automatically set), the
    debugger attempts to open that image in order to find the DST file.

    If you include the /IMAGE_PATH=directory-spec qualifier, the
    debugger searches for the DST file in the specified directory.
    The debugger first tries to translate directory-spec as the logical
    name of a directory search list.  If that fails, the debugger
    interprets directory-spec as a directory specification, and searches
    that directory for matching .DSF or .EXE files.  A .DSF file takes
    precedence over an .EXE file.  The name of the .DSF or .EXE file
    must match the image.

    If you do not include the /IMAGE_PATH=directory-spec qualifier,
    the debugger looks for the DST file first in the directory that
    contains the dump file.  If that fails, the debugger searches
    directory SYS$SHARE and then directory SYS$MESSAGE.  If the debugger
    fails to find a DST file for an image, the symbolic information
    available to the debugger is limited to global and universal symbol
    names.

    Version 7.3 and later debuggers check for dumpfile image specification
    and DST file link date-time mismatches and issue a warning if one is
    discovered.

    The dump-file parameter is the name of the process dump file to
    be analyzed.  Note that the process dump file file type must be .DMP
    and the DST file type must be either .DSF or .EXE.

                             Restrictions

        You cannot use a logical to redirect the search for an image
        and use the /IMAGE_PATH qualifier at the same time.  If you
        use the /IMAGE_PATH qualifier, then all images that are not
        in their original locations must be found through that path.
        Individual image logicals (for example, the "SH" in "DEFINE
        SH SYS$LOGIN:SH.EXE") are not processed.

        Additionally, you cannot input a directory search path
        directly to the /IMAGE_PATH qualifier, as it does not
        process a directory list separated by commas; however, you
        can specify a logical that translates into a directory
        search path.

8.1.4    /INTERACTIVE

       /INTERACTIVE
       /NOINTERACTIVE (default)

    On VAX systems, causes the display of information to pause when your
    terminal screen is filled. Press Return to display additional
    information.  By default, the display is continuous.

8.1.5    /MISCELLANEOUS

    On VAX systems, displays process information and registers at the
    time of the dump.  Refer to the $GETJPI system service for further
    explanation of the process information displayed.

8.1.6    /RELOCATION

    On VAX systems, displays the addresses to which data structures saved
    in the dump are mapped in P0 space. (Examples of such data structures
    are the stacks.) The data structures in the dump must be mapped into P0
    space so that the debugger can use those data structures in P1 space.

8.2  –  Examples

    1.$ ANALYZE/PROCESS/FULL ZIPLIST

       R0 = 00018292  R1 = 8013DE20  R2 = 7FFE6A40   R3 = 7FFE6A98
       R4 = 8013DE20  R5 = 00000000  R6 = 7FFE7B9A   R7 = 0000F000
       R8 = 00000000  R9 = 00000000  R10 = 00000000  R11 = 00000000
       SP = 7FFAEF44  AP = 7FFAEF48  FP  = 7FFAEF84
       FREE_P0_VA  00001600    FREE_P1_VA  7FFAC600
       Active ASTs  00         Enabled ASTs 0F
       Current Privileges  FFFFFF80  1010C100
       Event Flags  00000000  E0000000
       Buffered I/O count/limit 6/6
       Direct I/O count/limit   6/6
       File count/limit         27/30
       Process count/limit      0/0
       Timer queue count/limit  10/10
       AST count/limit          6/6
       Enqueue count/limit      30/30
       Buffered I/O total 7      Direct I/O total 18

       Link Date  27-DEC-2000 15:02:00.48  Patch Date  17-NOV-2000 00:01:53
       ECO Level  0030008C  00540040  00000000  34303230
       Kernel stack 00000000 pages at 00000000 moved to 00000000
       Exec stack 00000000 pages at 00000000 moved to 00000000
       Vector page 00000001 page at 7FFEFE00 moved to 00001600
       PIO (RMS) area 00000005 pages at 7FFE1200 moved to 00001800
       Image activator context 00000001 page at 7FFE3400 moved to 00002200
       User writable context 0000000A pages at 7FFE1C00 moved to 00002400
      Creating a subprocess
               VAX DEBUG Version 5.4
      DBG>

    This example shows the output of the ANALYZE/PROCESS command when used
    with the /FULL qualifier on a VAX system. The file specified, ZIPLIST,
    contains the dump of a process that encountered a fatal error. The
    DBG> prompt indicates that the debugger is ready to accept commands.

9    /RMS_FILE

    Invokes the Analyze/RMS_File utility to inspect and analyze the
    internal structure of an RMS file. The /RMS_FILE qualifier is
    required. For a complete description of the Analyze/RMS_File
    utility, including more information about the ANALYZE/RMS_FILE
    command and its qualifiers, see the OpenVMS Record Management
    Utilities Reference Manual.

    ANALYZE/RMS_FILE  filespec[,...]

9.1  –  Parameter

 filespec[,...]

    Specifies the data file to be analyzed. The default file type
    is .DAT. You can use multiple file specifications and wildcard
    characters with the /CHECK qualifier, the /RU_JOURNAL qualifier,
    the /STATISTICS qualifier, and the /SUMMARY qualifier, but not
    with the /FDL qualifier or the /INTERACTIVE qualifier.

9.2  –  Qualifiers

9.2.1    /CHECK

    Checks the integrity of the file and generates a report of any
    errors in its structure. The report produced by the /CHECK
    qualifier includes a list of any errors and a summary of the
    file's structure. If you do not specify an output file, the
    report is written to the current SYS$OUTPUT device, which is
    generally your terminal. You can use wildcards and multiple file
    specifications. If you specify /NOOUTPUT, you only get a message
    indicating whether the file has errors.

    The check function is active by default when you use the ANALYZE
    /RMS_FILE command without any qualifiers. The /CHECK qualifier
    is not compatible with the /FDL qualifier, the /INTERACTIVE
    qualifier, the /STATISTICS qualifier, or the /SUMMARY qualifier.
    If /CHECK is used with any of the other qualifiers, /FDL takes
    precedence, next is /INTERACTIVE, then /STATISTICS, and lastly
    /SUMMARY.

9.2.2    /FDL

    Generates an FDL file describing the RMS data file being
    analyzed. By default, the /FDL qualifier creates a file with the
    file type .FDL and the same file name as the input data file. To
    assign a different type or name to the FDL file, use the /OUTPUT
    qualifier. If the data file is corrupted, the FDL file contains
    the Analyze/RMS_File utility error messages.

    For indexed files, the FDL file contains special analysis
    sections you can use with the EDIT/FDL Optimize script to make
    better design decisions when you reorganize the file.

    You cannot use wildcards or multiple file specifications with
    the /FDL qualifier. The /FDL qualifier is not compatible with the
    /CHECK qualifier, the /INTERACTIVE qualifier, the /STATISTICS
    qualifier, the /SUMMARY qualifier, or the /UPDATE_HEADER
    qualifier.  The /FDL qualifier takes precedence over all other
    qualifiers.

9.2.3    /INTERACTIVE

    Begins an interactive examination of the file's structure. You
    cannot use wildcards or multiple file specifications. For help
    with the interactive commands, enter the HELP command at the
    ANALYZE> prompt.

    Do not use this qualifier with the /CHECK, /FDL, /STATISTICS,
    /SUMMARY, or /UPDATE_HEADER qualifiers.  If used with the /FDL
    qualifier, the /FDL takes precedence.  All other qualifiers are
    ignored when used with /INTERACTIVE.

9.2.4    /OUTPUT

    /OUTPUT=filesspec
    /NOOUTPUT

    Identifies the destination file for the results of the analysis.
    The /NOOUTPUT qualifier specifies that no output file is to be
    created. In all cases, the Analyze/RMS_File utility displays a
    message indicating whether the data file has errors.

    /CHECK          Places the integrity report in the output file.
                    The default file type is .ANL, and the default
                    file name is ANALYZE. If you omit the output-
                    filespec parameter, output is written to the
                    current SYS$OUTPUT device, which is generally
                    your terminal.
    /FDL            Places the resulting FDL specification in the
                    output file. The default file type is .FDL, and
                    the default file name is that of the input file.
    /INTERACTIVE    Places a transcript of the interactive session in
                    the output file. The default file type is .ANL,
                    and the default file name is ANALYZE. If you omit
                    the output-filespec parameter, no transcript of
                    your interactive session is produced.
    /RU_JOURNAL     Places the recovery-unit journal information in
                    the output file. The default file type is .ANL,
                    and the default file name is ANALYZE. If you
                    omit the output-filespec parameter, output is
                    written to the current SYS$OUTPUT device, which
                    is generally your terminal.
    /STATISTICS     Places the statistics report in the output file.
                    The default file type is .ANL, and the default
                    file name is ANALYZE. If you omit the output-
                    filespec parameter, output is written to the
                    current SYS$OUTPUT device, which is generally
                    your terminal.
    /SUMMARY        Places the summary report in the output file.
                    The default file type is .ANL, and the default
                    file name is ANALYZE. If you omit the output-
                    filespec parameter, output is written to the
                    current SYS$OUTPUT device, which is generally
                    your terminal.

9.2.5    /RU_JOURNAL

    Provides information about recovery-unit journaling where
    applicable. You can use the /RU_JOURNAL qualifier on any file,
    but it is inoperative on files not marked for recovery-unit
    journaling.

    This qualifier provides the only way of accessing a file that
    would otherwise be inaccessible because of unresolved recovery
    units. This situation might be the result of an unavailable
    recovery-unit journal file or of unavailable data files that
    were included in the recovery unit.

    To use the /RU_JOURNAL qualifier, your process must have both
    CMEXEC privilege and access to the [SYSJNL] directory (either
    SYSPRV privilege or access for UIC [1,4]).

    This qualifier is compatible with all of the ANALYZE/RMS_FILE
    qualifiers, and you can use it with wildcards and multiple file
    specifications.

    When you specify the /RU_JOURNAL qualifier, the Analyze/RMS_File
    utility provides you with the following data for each active
    recovery unit:

    o  The journal file specification and the journal creation date

    o  The recovery-unit identification, recovery-unit start time,
       cluster system identification number (CSID), and process
       identification (PID)

    o  Information about the files involved in the recovery unit,
       including the file specification, the name of the volume where
       the file resides, the file identification, the date and time
       the file was created, and the current status of the file

    o  The state of the recovery unit - active, none, started,
       committed, or not available (for more information, see the
       RMS Journaling for OpenVMS Manual)

    o  An error statement

9.2.6    /STATISTICS

    Specifies that a report is to be produced containing statistics
    about the file. The /STATISTICS qualifier is used mainly on
    indexed files.

    By default, if you do not specify an output file with the /OUTPUT
    qualifier, the statistics report is written to the current
    SYS$OUTPUT device, which is generally your terminal.

    The /STATISTICS qualifier is not compatible with the /CHECK
    qualifier, the /FDL qualifier, the /INTERACTIVE qualifier, or
    the /SUMMARY qualifier.  If /STATISTICS is used with any other
    qualifiers, /FDL takes precedence, and then /INTERACTIVE.  All
    other qualifiers are ignored.  The /STATISTICS qualifier does an
    implicit check.

9.2.7    /SUMMARY

    Specifies that a summary report is to be produced containing
    information about the file's structure and use. The /SUMMARY
    qualifier generates a summary report containing information about
    the file's structure and use.

    If the file has no errors, the output generated from the /SUMMARY
    qualifier is identical to that produced by the /CHECK qualifier.
    Unlike the /CHECK qualifier, however, the /SUMMARY qualifier does
    not check the structure of your file, so output is generated more
    quickly.

    Do not use this qualifier with the /CHECK qualifier, the /FDL
    qualifier, the /INTERACTIVE qualifier, the /STATISTICS qualifier,
    or the /UPDATE_HEADER qualifier.  If /SUMMARY is used with any
    other qualifiers, /FDL takes precedence, next is /INTERACTIVE,
    and then /STATISTICS.

9.2.8    /UPDATE_HEADER

    Attempts to update the following attributes in the header of
    the file: longest record length (LRL) and/or file length hint
    attribute.

    You must use this qualifier in combination with either
    /STATISTICS or /CHECK (the default).

    This qualifier only applies to sequential file organizations and
    is ignored for any other file organization. The /UPDATE_HEADER
    qualifier attempts to update the LRL and/or file hint attribute
    in the file header if the calculated value(s) differ from the
    current value(s) in the file header. The /UPDATE_HEADER qualifier
    applies to:

    o  An LRL request - if the file is sequential and has a record
       format other than undefined (UDF).

    o  A HINT request - if the file is sequential, the record format
       is either variable (VAR) or variable with fixed control (VFC),
       and the file is located on an ODS-5 disk device.

    It is not supported for remote accesses; requests are ignored.

    The /UPDATE_HEADER qualifier requires either the STATISTICS or
    CHECK (default) functions since calculating new values for the
    LRL and/or file length hint presumes that all the records in the
    sequential file are processed. It is not compatible with the /FDL
    qualifier, the /INTERACTIVE qualifier, or the /SUMMARY qualifier.

    Any errors returned by the file system when an attempt to update
    the file header fails are ignored. If the update succeeds, the
    updated values are displayed at the end of the report.

9.3  –  EXAMPLES

    1.$ ANALYZE/RMS_FILE/CHECK CUSTFILE

    This command checks the file CUSTFILE.DAT for errors and displays
    the report on the terminal.

    2.$ ANALYZE/RMS_FILE/FDL ADDRFILE

    This command generates an FDL file named ADDRFILE.FDL from the
    data file ADDRFILE.DAT.

    3.$ ANALYZE/RMS_FILE DENVER::DB1:[PROD]RUN.DAT

    This command analyzes the structure of the file RUN.DAT residing
    at remote node DENVER.

    4.$ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A

      FILE HEADER

           File Spec: DISK$REGRES:[REGRES]A.A;3
           ...

         RMS FILE ATTRIBUTES

                  File Organization: sequential
                  Record Format: variable
                  Record Attributes:  carriage-return
                  Maximum Record Size: 0
                  Longest Record: 52
                  Blocks Allocated: 4, Default Extend Size: 0
                  End-of-File VBN: 1, Offset: %X'008E'
                  File Monitoring: disabled
                  File Length Hint (Record Count):    6 (invalid)
                  File Length Hint (Data Byte Count): 42 (invalid)
                  Global Buffer Count: 0

             The analysis uncovered NO errors.

                  UPDATED File Length Hint (Record Count) to:    10
                  UPDATED File Length Hint (Data Byte Count) to: 118

       ANALYZE/RMS_FILE/UPDATE_HEADER=HINT A.A

10    /SSLOG

    Valid for Alpha and I64 systems only.

    Displays the collected data.

    Format:

      ANALYZE/SSLOG  [/BRIEF | /FULL | /NORMAL | /STATISTICS]
                     [/OUTPUT=filename] [/SELECT=(option[,...])]
                     [/WIDE] [filespec]

    filespec

    Optional name of the log file to be analyzed. The default
    filename is SSLOG.DAT.

10.1  –  Qualifiers

10.1.1    /BRIEF

    Displays abbreviated logged information.

10.1.2    /FULL

    Displays logged information, error status messages and sequence
    numbers.

10.1.3    /NORMAL

       /NORMAL (Default)

    Displays basic logged information.

10.1.4    /STATISTICS

       /STATISTICS[=BY_STATUS]

    Displays statistics on system services usage; accepts BY_
    STATUS keyword. Outputs a summary of the services logged with
    a breakdown by access mode. Output is ordered with the most
    frequently requested services first. If BY_STATUS is included,
    the summary is further separated by completion status. Output is
    displayed up to 132 columns wide.

10.1.5    /OUTPUT

       /OUTPUT=filename

    Identifies the output file for storing the results of the log
    analysis. An asterisk (*) and percent sign (%) are not allowed
    as wildcards in the file specification. There is no default file
    type or filename. If you omit the qualifier, results are output
    to the current SYS$OUTPUT device.

10.1.6    /SELECT

       /SELECT=([option[,...]])

    Selects entries based on your choice of options. You must specify
    at least one of the following:

    Keyword                Meaning

    ACCESS_MODE=mode       Selects data by access mode.

    IMAGE=image-name       Selects data by image name.

    STATUS[=n]             Selects data by status. n is optional.
                           /SELECT=STATUS displays all entries that
                           have an error status.

    SYSSER=service-name    Selects data by service name.

10.1.7    /WIDE

    Provides for a display of logged information up to 132 columns
    wide.

10.2  –  Description

    The ANALYZE/SSLOG command displays the collected logged data.
    Note that a system service log must be analyzed on the same
    platform type as the one on which it was created; for example,
    a log created on an OpenVMS Alpha system must be analyzed on an
    OpenVMS Alpha system.

    For examples with explanations, see the System Service Logging
    chapter of the VSI OpenVMS System Analysis Tools Manual.

11    /SYSTEM

    Invokes the System Dump Analyzer utility, which analyzes a running system.
    The /SYSTEM qualifier is required.

    Requires CMKRNL (change-mode-to-kernel) privilege. Also requires PFNMAP
    (map-by-PFN) privilege to access memory by physical address.

    For more information about the System Dump Analyzer utility on Alpha and
    Integrity server systems, see the VSI OpenVMS System Analysis Tools Manual
    or online help.

    Format:

      ANALYZE/SYSTEM

11.1    /SYMBOL

    Specifies an alternate system symbol table for SDA to use.

    Format:

      ANALYZE/SYSTEM/SYMBOL=system-symbol-table

    system-symbol-table

    The file specification of the SDA system symbol table required
    by SDA to analyze a running system. The specified system-symbol-table
    must contain those symbols required by SDA to find certain
    locations in the executive image.

    On Alpha and I64 systems, if you do not specify the /SYMBOL qualifier,
    SDA uses SDA$READ_DIR:SYS$BASE_IMAGE.EXE to load system symbols
    into the SDA symbol table.

    On VAX systems, if you do not specify the /SYMBOL qualifier, SDA
    uses SYS$SYSTEM:SYS.STB by default.

    When you specify the /SYMBOL qualifier, SDA assumes the default disk
    and directory to be SYS$DISK and [default-dir]; that is, the disk
    and directory specified in your last SET DEFAULT command.  If no
    device and directory are given in the file name and the file is not
    found in the current default directory, SDA attempts to open the file
    SDA$READ_DIR:filename.type. If no type has been given in the file
    name, SDA assumes .EXE. If you specify a file for this parameter that
    is not a system symbol table, SDA halts with a fatal error.

11.2  –  Examples

    1.  $ ANALYZE/SYSTEM

        OpenVMS (TM) system analyzer

        SDA>

        This command invokes SDA to analyze the running system.

    2.  On Alpha and I64 systems:

        $ ANALYZE/SYSTEM/SYMBOL=SDA$READ_DIR:SYS$BASE_IMAGE.EXE SYS$SYSTEM

        This command invokes SDA to analyze the running system, using
        the base image in SDA$READ_DIR.

    3.  On VAX systems:

        $ ANALYZE/SYSTEM/SYMBOL=SYS$CRASH:SYS.STB SYS$SYSTEM

        This command invokes SDA to analyze the running system, using
        the system symbol table at SYS$CRASH:SYS.STB.
Close Help