Copyright Digital Equipment Corp. All rights reserved.
/SELECT
Specifies the criteria for selecting records from the audit log
file. For a description of how to generate audit records, see the
VSI OpenVMS Guide to System Security.
Format
/SELECT=criteria[,...]
/NOSELECT
criteria[,...]
Specifies the criteria for selecting records. For each specified
criterion, ANALYZE/AUDIT has two selection requirements:
o The packet corresponding to the criterion must be present in
the record.
o One of the specified values must match the value in that
packet.
For example, if you specify (USER=(PUTNAM,WU),SYSTEM=DBASE) as
the criteria, ANALYZE/AUDIT selects an event record containing
the SYSTEM=DBASE packet and a USER packet with either the PUTNAM
value or the WU value.
If you omit the /SELECT qualifier, all event records selected
through the /EVENT_TYPE qualifier are extracted from the audit
log file and included in the report.
You can specify any of the following criteria:
Additional information available:
ACCESS ACCOUNT ACCOUNT ASSOCIATION_NAME
AUDIT_NAME COMMAND_LINE CONNECTION_IDENTIFICATION
DECNET_LINK_IDENTIFICATION DECNET_OBJECT_NAME
DECNET_OBJECT_NUMBER DEFAULT_USERNAME DEVICE_NAME
DIRECTORY_ENTRY DIRECTORY_NAME DISMOUNT_FLAGS EVENT_CLUSTER_NAME
FACILITY FIELD_NAME FILE_NAME FILE_IDENTIFICATION
FLAGS HOLDER IDENTIFIER IDENTIFIERS_MISSING
IDENTIFIERS_USED IMAGE_NAME INSTALL LNM_PARENT_NAME
LNM_TABLE_NAME LOCAL LOGICAL_NAME MAILBOX_UNIT MOUNT_FLAGS
NEW_DATA NEW_IMAGE_NAME NEW_OWNER OBJECT PARENT
PASSWORD PRIVILEGES_MISSING PRIVILEGES_USED PROCESS
REMOTE REQUEST_NUMBER SECTION_NAME SENSITIVE_FIELD_NAME
SENSITIVE_NEW_DATA SNAPSHOT_BOOTFILE
SNAPSHOT_SAVE_FILENAME STATUS SUBJECT_OWNER SUBTYPE
SYSTEM SYSTEM_SERVICE_NAME TARGET_DEVICE_NAME
TARGET_PROCESS_IDENTIFICATION TARGET_PROCESS_NAME
TARGET_PROCESS_OWNER TARGET_USERNAME TERMINAL TRANSPORT_NAME
UAF_SOURCE USERNAME VOLUME_NAME VOLUME_SET_NAME Examples