HP OpenVMS Systems Documentation
OpenVMS DCL Dictionary
Use the SET AUDIT/NOEXCLUDE command to remove a process from the process exclusion list; however, processes listed above cannot be removed from the exclusion list. Also note that PIDs are not automatically removed from the process exclusion list when processes log out of the system.
/INTERVAL=(keyword[,...])Specifies the delta times to be used for regular audit server operations. For information about specifying delta times, refer to the OpenVMS User's Manual.
The following table describes keywords for the /INTERVAL qualifier:
/JOURNAL[=journal-name]Specifies the name of the audit journal; the name defaults to SECURITY. (Currently, there is only one journal.)
The /JOURNAL qualifier is required when redefining the audit log file or when specifying resource monitoring characteristics with the /RESOURCE or the /THRESHOLD qualifier.
/NOLISTENERSpecifies the name of a mailbox device to which the audit server sends a binary copy of all security audit event messages. Users can create such a mailbox to process system security events as they occur. For a description of the message formats written to the listener mailbox, refer to the Audit Analysis Utility documentation in the OpenVMS System Management Utilities Reference Manual.
Use the SET AUDIT/NOLISTENER command to disable a listener device.
/RESOURCE=keyword[,...]Enables or disables the monitoring of disk volumes to ensure adequate space for audit journal entries; it also specifies the monitoring method to use. The /JOURNAL qualifier is required. For more information about resource monitoring, refer to the OpenVMS Guide to System Security.
/SERVER=keyword[,...]Modifies audit server characteristics. The following table describes keywords for the /SERVER qualifier:
/THRESHOLD=type=valueSpecifies threshold values used in monitoring available space in the audit log file. The auditing system issues advisory messages to central and security operators whenever free space in the audit log file falls below the WARNING threshold. The auditing system suspends processes that generate audit events when free disk space is below the action threshold. (See /RESOURCE=[enable|disable]). The /JOURNAL qualifier is required.
The following table lists the types of thresholds:
The following table lists the default warning and action values for each monitoring mode:
/VERIFYDo not return the dollar sign ($) prompt until the audit server completes the command. Associated qualifiers determine which of the following actions occur:
If you do not want to wait for the command to complete, specify /NOVERIFY.
$ SET AUDIT/AUDIT/ENABLE= - _$ (CREATE,ACCESS=(SYSPRV,BYPASS),DEACCESS)/CLASS=FILE $ SHOW AUDIT/AUDIT System security audits currently enabled for: . . . FILE access: Failure: read,write,execute,delete,control SYSPRV: read,write,execute,delete,control BYPASS: read,write,execute,delete,control Other: create,deaccess
The SET AUDIT command in this example enables auditing of file creation and file deaccess; it also enables auditing for any file access done by using either SYSPRV or BYPASS privilege.
$ SET AUDIT/JOURNAL=SECURITY/DESTINATION=AUDIT$:[AUDIT]TURIN $ SET AUDIT/SERVER=NEW $ SHOW AUDIT/JOURNAL List of audit journals: Journal name: SECURITY Journal owner: (system audit journal) Destination: AUDIT$:[AUDIT]TURIN.AUDIT$JOURNAL
The SET AUDIT command in this example demonstrates how to switch to a new journal.
$ SET AUDIT/SERVER=FINAL=CRASH $ SHOW AUDIT/SERVER Security auditing server characteristics: Database version: 4.4 Backlog (total): 100, 200, 300 Backlog (process): 5, 2 Server processing intervals: Archive flush: 0 00:01:00.00 Journal flush: 0 00:05:00.00 Resource scan: 0 00:05:00.00 Final resource action: crash system
The SET AUDIT command in this example changes the audit server's final action setting so the system crashes when the audit server runs out of memory.
$ SET AUDIT/ARCHIVE/DESTINATION=SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE $ SHOW AUDIT/ARCHIVE Security archiving information: Archiving events: system audits Archive destination: SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE.AUDIT$JOURNAL
The SET AUDIT command in this example enables a node-specific archive file.
$ SET AUDIT/JOURNAL/RESOURCE=ENABLE $ SHOW AUDIT/JOURNAL List of audit journals: Journal name: SECURITY Journal owner: (system audit journal) Destination: SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL Monitoring: enabled Warning thresholds, Block count: 100 Duration: 2 00:00:00.0 Action thresholds, Block count: 25 Duration: 0 00:30:00.0
The SET AUDIT command in this example enables disk monitoring and switches the mode so the disk space is monitored in terms of time rather than free blocks.
Enables you to selectively screen out various kinds of messages from being broadcast to your terminal.
SET BROADCAST =(class-name[,...])
class-name[,...]Specifies the class of message that you want to enable or disable for broadcast to your terminal. If you specify only one class, you can omit the parentheses. The class names are as follows:
ALL Enables all message classes. [NO]DCL Specifies Ctrl/T and SPAWN/NOTIFY messages. [NO]GENERAL Specifies all normal REPLY messages or messages from $BRDCST. [NO]MAIL Specifies notification of mail. NONE Disables all message classes. [NO]OPCOM Specifies messages issued by the operator communication process (OPCOM). [NO]PHONE Specifies messages from the Phone utility. [NO]QUEUE Specifies messages referring to print or batch jobs issued by the queue manager. [NO]SHUTDOWN Specifies messages issued from the REPLY/SHUTDOWN command. [NO]URGENT Specifies messages issued from the REPLY/URGENT command. [NO]USER1 to [NO]USER16 Specifies messages from specific user groups. (For information on setting up user-written broadcast messages, see the description of the $BRKTHRU system service in the OpenVMS System Services Reference Manual.)
The SET BROADCAST command enables you to receive certain kinds of messages at your terminal, but not others. By default, you receive all messages at your terminal (SET BROADCAST=ALL). SET BROADCAST=NONE screens out all messages.
After you have used the SET BROADCAST command to screen out some classes of messages (for example, SET BROADCAST=NOPHONE), you can use the command to restore that class (SET BROADCAST=PHONE).
Use the SHOW BROADCAST command to see which message classes are currently being screened out.
SYS$COMMAND must be a terminal.
$ SET BROADCAST=(NOMAIL, NOPHONE) . . . $ SET BROADCAST=MAIL
In this example, the first SET BROADCAST command screens out all mail and phone messages. Later the second SET BROADCAST command restores mail messages. Phone messages are still screened.
$ SET BROADCAST=NONE . . . $ SET BROADCAST=(SHUTDOWN, URGENT, DCL, OPCOM)
In this example, the first SET BROADCAST command screens out all messages. Later the second SET BROADCAST command restores shutdown, urgent, DCL, and OPCOM messages. General, phone, mail, queue, and user messages are still screened.
Resets systemwide I/O caching statistics for the extended file cache (XFC).
The SET CACHE/RESET command resets several of the systemwide I/O caching statistics that are displayed by the SHOW MEMORY/CACHE and SDA SHOW MEMORY commands. Statistics that are reset include: I/O counts, hit rates, hit counts, reads bypassing cache, and the read/write ratio.
A timestamp displays the time the cache was last reset, thus subsequent SHOW MEMORY/CACHE commands display statistics from this time.
$ SHOW MEMORY/CACHE System Memory Resources on 22-AUG-2001 11:22:22.50 Extended File Cache (Time of last reset: 16-AUG-2001 11:16:24.96) Allocated (Mbytes) 151.39 Maximum size (Mbytes) 1024.00 Free (Mbytes) 0.21 Minimum size (Mbytes) 0.23 In use (Mbytes) 151.18 Write hit rate 0% Read hit rate 97% Write I/O count 5321 Read I/O count 208052 Write hit count 0 Read hit count 203761 Writes bypassing cache 0 Reads bypassing cache 1787 Vols in Full XFC mode 0 Files cached open 316 Vols in VIOC Compatible mode 1 Files cached closed 300 Vols in No Caching mode 0 Read/Write ratio 97% Vols in Perm. No Caching mode 0
This example shows the cache statistics prior to issuing the SET CACHE/RESET command.
$ SET CACHE/RESET
This command resets the cache statistics and updates the timestamp.
$ SHOW MEMORY/CACHE System Memory Resources on 22-AUG-2001 11:27:41.11 Extended File Cache (Time of last reset: 22-AUG-2001 11:27:37.76) Allocated (Mbytes) 151.39 Maximum size (Mbytes) 1024.00 Free (Mbytes) 0.21 Minimum size (Mbytes) 0.23 In use (Mbytes) 151.18 Write hit rate 0% Read hit rate 100% Write I/O count 0 Read I/O count 9 Write hit count 0 Read hit count 9 Writes bypassing cache 0 Reads bypassing cache 0 Vols in Full XFC mode 0 Files cached open 316 Vols in VIOC Compatible mode 1 Files cached closed 300 Vols in No Caching mode 0 Read/Write ratio 100% Vols in Perm. No Caching mode 0
This example shows the reset cache statistics and the modified timestamp.
Defines the default translation mode for cards read from a card reader. All subsequent input read from the specified card reader is converted using the specified mode.
SET CARD_READER device-name[:]
device-name[:]Specifies the name of the card reader for which the translation mode is to be set. The device must not be currently allocated to any other user.
When the system is bootstrapped, the translation mode for cards read into all card readers is set at 029. If you do not specify either of the command qualifiers, the SET CARD_READER command has no effect; that is, the current translation mode for the device remains the same.
/026Sets the card reader for cards punched on an 026 punch.
/029Sets the card reader for cards punched on an 029 punch.
/NOLOG (default)Controls whether log information is displayed at the terminal to confirm that the card reader is set.
$ ALLOCATE CR: _CRA0: ALLOCATED $ SET CARD_READER CRA0:/029 $ COPY CRA0: [PEARLMAN.DATAFILES]CARDS.DAT
The ALLOCATE command requests the allocation of a card reader by specifying the generic device name. When the ALLOCATE command displays the name of the device, the SET CARD_READER command sets the translation mode at 029. Then the COPY command copies all the cards read by the card reader CRA0 into the file CARDS.DAT in the directory [PEARLMAN.DATAFILES].
Sets the total expected votes in the OpenVMS Cluster to a value that you specify or, if no value is specified, sets the total votes to a value determined by the system.
Requires OPER (operator) privilege.
SET CLUSTER/EXPECTED_VOTES [=value]
valueSpecifies the total number of expected votes in the cluster.
The SET CLUSTER/EXPECTED_VOTES command enables you to adjust the total number of expected votes in the cluster. Set this value equal to the number of votes contributed by each node plus the number of votes contributed by the cluster quorum disk. The system will automatically calculate the value of the cluster quorum from the total number of expected votes in the cluster.
You can specify the expected total votes value as part of the SET CLUSTER/EXPECTED_VOTES command string. If you enter the command without specifying a value for expected votes, the system calculates the value for you, using the following formula:
NODEn_VOTES is the value of the system parameter VOTES for each node in the cluster and QUORUM_DISK_VOTES is the value of the system parameter QDSKVOTES.
When you enter the SET CLUSTER/EXPECTED_VOTES command without specifying a value, the system assumes that all nodes that are expected to be in the cluster are currently members.
In general, you use the SET CLUSTER/EXPECTED_VOTES command only when a node is leaving the cluster for an extended period of time. Under normal circumstances, quorum is not reduced when a node leaves the cluster, because it is assumed that the node may be rebooted and rejoin the cluster. If a node is removed and is unable to rejoin the cluster within a reasonable period of time (for example, if a node crashes due to a hardware problem and cannot rejoin the cluster for several days), the quorum for the cluster can safely be reduced by lowering the total expected votes until that node rejoins.
The purpose of a cluster quorum is to eliminate any possibility of the cluster partitioning into separate clusters and simultaneously accessing the same resources (such as disks). If the sum of the votes for all members of the cluster is smaller than the cluster quorum, all nodes will block activity until new nodes join to increase the vote total. Lowering the quorum value (by reducing the value of the total expected votes) when one or more nodes leave the cluster for long periods of time reduces this possibility.
Note that no matter what value you specify for the SET CLUSTER/EXPECTED_VOTES command, you cannot increase quorum to a value that is greater than the number of the votes present, nor can you reduce quorum to a value that is half or fewer of the votes present.
When you enter the SET CLUSTER/EXPECTED_VOTES command, either with or without an expected votes value specified, the system responds with a message indicating the new value that was actually set. Note that you need to enter this command only on one node in the cluster, because the new value for total expected votes is propagated through the cluster. This new expected votes value should then be stored in the system parameter EXPECTED_VOTES on each node, so that it remains in effect after the nodes reboot.
When a node that was previously a member of the cluster is ready to rejoin, you should increase the system parameter EXPECTED_VOTES to its original value before bringing the node back to the cluster. Note that you do not need to use the SET CLUSTER/EXPECTED_VOTES command to increase the number of expected votes, because the expected votes value will be increased automatically when the node rejoins the cluster.
$ SET CLUSTER/EXPECTED_VOTES
The SET CLUSTER command in this example instructs the system to calculate the total expected votes value for you, because no value is specified as part of the command string. The system uses the NODEn_VOTES + QUORUM_DISK_VOTES formula.
$ SET CLUSTER/EXPECTED_VOTES=9
The SET CLUSTER command in this example sets the total expected votes to 9, which is the value specified in the command string.