HP OpenVMS Systems

ask the wizard
Content starts here

Message Status Codes? Auditing?

» close window

The Question is:

I want to ignore certain types of login failures from an ANAL/AUDIT report
(which I assume I can put a "-" to exclude codes)
but this requires the numeric value of the code.
How do I find the numeric value of an error message?
Is there a decode utility for message files?
The code I'm trying to ignore is:
%LOGIN-F-CMDINPUT, error reading command input
which is generated when a user doesn't type in their username/pwd within
the allowed time limit (eg - the phone rung).
I don't consider this to be an actual breakin attempt.
Thanks in advance,
David Hayes
Dept Education & Training NSW

The Answer is :

  There are simple DCL tools which iteratively list the contents
  of specific (or of all) OpenVMS message files in SYS$MESSAGE:.
  There are also the OpenVMS source listings.
  There are also the BLISS (and other language-specific) symbol
  libraries, when these are installed.
$ search sys$share:*.req cmdinput
literal LGI$_CMDINPUT = 13860964;
$ x = f$message(13860964)
$ sho sym x
  X = "%LOGIN-F-CMDINPUT, error reading command input"
$ x = f$fao("!XL",13860964)
$ show symbol x
  X = "00D38064"
  You could also look at the binary contents of the record, or
  (easier) you could catch the status value from the ACCOUNTNG.DAT
  record associated with the failure:
Queue entry:                         Final status code: 10D38064
Queue name:
Job name:
Final status text: %LOGIN-F-CMDINPUT, error reading command input
  The status is thus (hexadecimal) 10D38064.  The 1 in the flags
  portion of the condition status value (bit 28; STS$V_INHIB_MSG;
  the difference between the 10D38064 and 00D38064 values) indicates
  that the message has already been signaled.

answer written or last revised on ( 23-MAY-2000 )

» close window