The following series of commands and examples demonstrates how to gather information to complete the discovery of information from an HP NonStop server.
3P-POLICY-QUERY-01 Use a third party tool to gather and query information about the HP NonStop server to obtain the discovery information.
Command syntax.
Examples will generally follow a Syntax heading.
Output generated from the examples will be displayed in an outlined box. Text "" denotes items of interest
Example:
SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \SYDNEY Date 23 Apr 2003, 16:46:21 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997 System name \SYDNEY EXPAND node number 111 Current SYSnn SYS01 System number 44301 Software release ID G06.18 |
These wildcard characters can be used to match characters anywhere in a process name, filename, subvolume or volume name (but not a node name):
* The asterisk matches zero to eight characters.
? The question mark matches a single character.
More than one wildcard can be used in the same command. If a wildcard is used in the volume name, a dollar sign must be included .
Wildcards cannot be used to match the periods that separate the elements of a filename string (system, volume, subvolume, and file names ).
FILES $SYSTEM.SYS*
Example 1 lists all the files in every subvolume on the $SYSTEM disk whose sub- volume name begins with the letters SYS.
FILEINFO $DATA*.MN?.*
Example 2 lists all files that reside in the subvolume that has a three-character name beginning with MN and volumes beginning with $DATA.
FILEINFO $DATA*.MN?.CASH*
Example 3 lists all files with names beginning with CASH that reside in the sub- volume that has a three-character name beginning with MN and volumes beginning with $DATA.
FILEINFO $DA??01.SAFE*.A00*
Example 4 lists all files with names beginning with A00 that reside in the sub- volume with a name beginning with SAFE and all volumes with six character names starting with DA and ending with 01.
Use the SYSINFO command to get the system number of an HP NonStop server:
SYSINFO
SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \SYDNEY Date 23 Apr 2003, 16:46:21 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997 System name \SYDNEY EXPAND node number 111 Current SYSnn SYS01 System number 44301 Software release ID G06.18 |
Locate the CUSTFILE located in $SYSTEM.A<system number>
Note that the subvolume name will be the letter A followed by six characters. So, a leading zero (0) may need to be added after the 'A' as shown below.
FILEINFO $SYSTEM.A044301.*
$SYSTEM.A044301 CODE EOF LAST MODIFIED OWNER RWEP PExt SExt CUSTFILE 101 365896 13DEC2002 9:01 255,255 NUNU 20 20 ZMP0000B 961 1536 16DEC2002 17:22 255,255 NCCN 2 2 ZMP0000C 961 1536 30DEC2002 16:33 255,255 NCCC 2 2 ZPHI6030 961 178 02DEC2002 13:36 255,255 NCCN 2 2 ZPHIFI 961 1536 30DEC2002 17:05 255,255 NCCN 2 2 |
Use EDIT, in read only mode, to view the contents of the CUSTFILE file. The EDIT Command Interpreter prompt will be an asterisk "*".
EDIT $SYSTEM.A044301.CUSTFILE R
TEXT EDITOR - T9601D20 - (01JUN93 CURRENT FILE IS $SYSTEM.A043421.CUSTFILE * |
The EDIT command LC will display the column numbers . Locate the column number where the L (for LICENSE) appears. In this case it is column 62.
LC
....+....1....+....2....+....3....+....4....+....5....+....6....+....7 ....+....8....+. 6814 2 Y9683D43 ZNSSTMPL ZTEMPL SYSGEN TEMPLATE 980130141053 * |
The EDIT command PUT <output filename>/L/C62 will list all lines in the CUSTFILE where an upper case 'L' appears in column 62 to the output file. In this case, the output file is $DATAA.SECREVU.LICENSED.
PUT $DATAA.SECREVU.LICENSED /L/C62
CURRENT FILE IS $SYSTEM.A044301.CUSTFILE |
Examine the output file to review all the files for the Operating System Version that HP recommends be LICENSED.
GET $DATAA.SECREVU.LICENSED
CURRENT FILE IS $DATAA.SECREVU.LICENSED |
NUMBER ALL LIST LAST
101 2 Y9519D30 TAPERDR ZUTIL SYSGEN COPY SYSNN L 020624180724 |
In this case there are 101 program files that should LICENSED. The last line is shown above. The copy of TAPERDR residing in $SYSTEM.SYSnn should be LICENSED.
Y9519D30 is the product number.
ZUTIL is the 'installation subvolume' where this program file will be placed during the loading of the SUT tape.
COPY SYSNN means that the program will automatically be copied to the new SYSnn during the SYSGEN process.
SYSGEN means that the program will be copied by SYSGEN.
020624180724 is the compile date of the program.
L (in column 62) means that the program file should be LICENSED.
Use the DSAP utility to identify PROGID'd programs. Use EDIT to examine the output file.
[RUN] [ \node.]DSAP / out <filename> / [ <volume specification>] [,<options>]
<volume specification> is of the form:
$<volume name> a single volume. ($<vol-name>,$<vol-name>, ..) a list of volumes. $* -or- * ALL volumes.
A <volume name> may contain asterisks , which match 0-7 characters, or question marks, which match any single character.
Report options: TABULAR for tabular form of DSAP reports BYSUBVOL space allocation by subvol BYUSER space allocation by user-id AUDITED TMF audited files DETAIL detailed list of selected files DETAIL selection options. LICENSED PROGID
To create a listing of all the files and their owner, listed by subvolume:
DSAP [ /out <outfile> / ] $*, BYSUBVOL,DETAIL,TABULAR
To create a listing of all the files owned by a specific user:
DSAP [ /out <outfile> / ] $*, USER <user name> <user number>, DETAIL
When a file is owned by a userid that no longer exists on the system, the User Number is shown and the User Name is displayed as question marks (?????)
To create a listing of all files that are PROGID or LICENSED:
DSAP [ /out <outfile> / ] $*, DETAIL, LICENSED, PROGID
The FILEINFO command lists information about one or more files. Auditors will use this command to discover the location of certain sensitive files, their owners and their Guardian security string.
To send the output of the FILEINFO command to a file or the SPOOLER, use the OUT command.
FILEINFO [ / OUT outfile / ] [ [ wc-vol.] [ wc-subvol.] ] wc-filename ]
where WC stands for Wildcarded.
FILEINFO $SYSTEM.SYS*.OSMON
$SYSTEM.SYS00 CODE EOF LAST MODIFIED OWNER RWEP PExt SExt OSMON O 700 477512 16APR2001 10:16 255,255 NUNU 32 32 $SYSTEM.SYS06 CODE EOF LAST MODIFIED OWNER RWEP PExt SExt OSMON 700 477512 16APR2001 10:16 255,255 NUNU 32 32 |
Example 1 will display all the OSMON object files on any $SYSTEM.SYSnn subvolume.
FILEINFO $*.*.APPDEV
$SYSTEM.APPDEV CODE EOF LAST MODIFIED OWNER RWEP PExt SExt APPDEV O 100 4763648 24JUN2001 21:51 255,255 UUUU 278 64 |
Example 2 will display the APPDEV object file information.
FILEINFO /OUT $USER.BRIAN.SAFELIST/ $*.DATA*.A*
Example 3 will display all the files, on any disk, with a subvolume name beginning with the characters DATA and a filename beginning with the letter A. The listing will be sent to a file called SAFELIST in the $USER.BRIAN subvolume.
FILEINFO /OUT $S.#WIRELST/ $AUDIT*.WIRE.*
Example 4 will display all the files on any disk with a name beginning with the string AUDIT, with a subvolume name of WIRE and send the output to the SPOOLER location $S.#WIRELST.
FUP is designed to manage disk files on the HP NonStop system. Use FUP to create, display, and duplicate files, load data into files, alter file characteristics, and purge files.
Use the FUP INFO command to display summary attributes of a diskfile. To start FUP:
FUP
The FUP Command Interpreter prompt will be a dash "-".
FUP
File Utility Program - T6553G07 - (01AUG2002) System \Toronto Copyright Tandem Computers Incorporated 1981, 1983, 1985-2001 - |
INFO $DATA01.TEMP.CATDEL
CODE EOF LAST MODIF OWNER RWEP TYPE REC BL $DATA01.TEMP CATDEL 101 8312 4Feb2002 09:11 222,11 CCCC |
Use the INFO DETAIL command to display detail attributes of a diskfile.
INFO $DATA01.TEMP.CATDEL, DETAIL
$DATA01.TEMP.CATDEL 30 Jun 2003, 8:49 ENSCRIBE TYPE U FORMAT 1 CODE 101 EXT (4 PAGES, 28 PAGES) MAXEXTENTS 978 BUFFERSIZE 4096 OWNER 222,11 SECURITY (RWEP): CCCC DATA MODIF: 4 Feb 2002, 9:11 CREATION DATE: 9 Apr 2003, 11:13 LAST OPEN: 9 May 2003, 11:24 FILE LABEL: 158 (3.8% USED) EOF: 8312 (0.0% USED) EXTENTS ALLOCATED: 2 |
Use the STATUS command to determine if there are any Pathway applications running and the userids they are running under.
STATUS *,PROG $*.*.PATHMON
STATUS *,PROG $*.*.PATHMON
Process Pri PFR %WT Userid Program file Hometerm $BEN 0,100 145 001 222,9 $SYSTEM.SYSTEM.PATHMON $VHS $YPHI 0,144 100 005 255,255 $SYSTEM.SYSTEM.PATHMON $ZHOME $BMA1 0,146 145 001 222,210 $SYSTEM.SYSTEM.PATHMON $VHS $ABOP 0,183 160 005 255,255 $SYSTEM.SYSTEM.PATHMON $VHS $QAPQ 0,187 145 001 222,212 $SYSTEM.SYSTEM.PATHMON $VHS $DVMA 0,192 145 001 222,9 $SYSTEM.SYSTEM.PATHMON $VHS $BFMA B 0,212 145 001 222,11 $SYSTEM.SYSTEM.PATHMON $VHS $AMA 0,222 145 001 222,9 $SYSTEM.SYSTEM.PATHMON $VHS $ABOP B 1,22 160 001 255,255 $SYSTEM.SYSTEM.PATHMON $VHS $ZVHS B 1,31 148 001 255,255 $SYSTEM.SYSTEM.PATHMON $YMIOP.#CLCI $XPLP 0,97 145 005 255,255 $SYSTEM.SYSTEM.PATHMON $VHS |
For any Pathway applications running under SUPER.SUPER, use the PATHCOM INFO command to determine the internal Pathway security. To start PATHCOM:
PATHCOM $<process>.
The Pathway Command Interpreter prompt will be an equals sign "="
PATHCOM $XPLP
$Y7D7: PATHCOM - T8344D44 - (02MAY01) COPYRIGHT HP COMPUTER CORPORATION 1980 - 1985, 1987 2001 = |
INFO PATHWAY
PATHWAY MAXASSIGNS 50 [CURRENTLY 0] MAXDEFINES 20 [CURRENTLY 0] MAXEXTERNALTCPS 0 [CURRENTLY 0] MAXLINKMONS 5 [CURRENTLY 0] MAXPARAMS 20 [CURRENTLY 0] MAXPATHCOMS 5 [CURRENTLY 2] MAXPROGRAMS 10 [CURRENTLY 2] MAXSERVERCLASSES 50 [CURRENTLY 23] MAXSERVERPROCESSES 70 [CURRENTLY 23] MAXSPI 1 [CURRENTLY 0] MAXSTARTUPS 20 [CURRENTLY 0] MAXTCPS 5 [CURRENTLY 1] MAXTELLQUEUE 4 MAXTELLS 32 [CURRENTLY 0] MAXTERMS 5 [CURRENTLY 1] MAXTMFRESTARTS 5 OWNER \LA.255,255 SECURITY "N" = |
Look for any PATHMON process secured "N" or "A".
The STATUS command is used to list information about processes running on a system.
STATUS $<PROCESS NAME>
STATUS $CMON
System \LA Process Pri PFR %WT Userid Program file Hometerm $CMON 1,171 180 001 255,255 $SYSTEM.APPCM.APPCM $VHS Swap File Name: $AUDIT.#0 Current Extended Swap File Name: $AUDIT.#0483691 $CMON B 0,226 180 001 255,255 $SYSTEM.APPCM.APPCM $VHS Swap File Name: $AUDIT.#0 Current Extended Swap File Name: $AUDIT.#0483692 |
Use the FILEINFO $<volume>.<subvolume>.<fileinfo> to list the owner and RWEP string for the CMON process's object and source files. The STATUS command shown above, will display the CMON process's object file $SYSTEM.APPCM.APPCM..
FILEINFO $<volume>.<subvolume>.<filename>
FILEINFO $SYSTEM.APPCM.APPCM
$SYSTEM.APPCM CODE EOF LAST MODIFIED OWNER RWEP PExt SExt APPCM O 100 4763648 24JUN2001 21:51 255,255 OOOO 278 64 |
The Safeguard commands necessary to gather audit information are provided in the following table.
The following table shows the commands for gathering information about each type of object.
Information Needed | Safeguard Command |
---|---|
Diskfile access rules | INFO DISKFILE { $<vol name>.<subvol name>.<filename>} ,DETAIL |
Subvolume access rules | INFO SUBVOL { $<vol name>.<subvol name> },DETAIL |
Volume access rules | INFO VOL { $<volume name > }, DETAIL |
Process access rules | INFO PROCESS { $<process name> }, DETAIL |
Subprocess access rules | INFO SUBPROCESS {$<subprocess name> },DETAIL |
Device access rules | INFO DEVICE { $<device name> }, DETAIL |
Subdevice access rules | INFO SUBDEVICE {$<subdevice name> },DETAIL |
Safeguard global settings | INFO SAFEGUARD,DETAIL |
Groups - Security | INFO SECURITY-GROUP SECURITY-ADMININSTRATOR INFO SECURITY- GROUP SYSTEM-OPERATOR |
Groups - File-sharing | INFO GROUP NAME <group name>,DETAIL INFO GROUP NUMBER <group number>,DETAIL |
Audit Configuration | INFO AUDIT SERVICE INFO AUDIT POOL <audit pool> |
User - Audit parameters | INFO USER {user name user number},AUDIT |
User - Remote passwords | INFO USER {user name user number}, REMOTEPASSWORD User - OSS parameters INFO USER {user name user number}, OSS User - CI parameters INFO USER {user name user number}, CI |
User - Aliases | INFO USER {user name user number}, ALIAS |
User - STATUS | INFO USER {user name user number}, GENERAL |
User - File Sharing Groups | INFO USER {user name user number}, GROUP |
User - all parameters | INFO USER {user name user number}, DETAIL |
Alias - Audit parameters | INFO ALIAS {alias }, AUDIT |
Alias - Remote passwords | INFO ALIAS {alias}, REMOTEPASSWORD |
Alias - OSS parameters | INFO ALIAS {alias}, OSS |
Alias - CI parameters | INFO ALIAS {alias}, CI |
Alias - STATUS | INFO ALIAS {alias}, GENERAL |
Alias- File Sharing Groups | INFO ALIAS {user name user number}, GROUP |
Alias - All fields | INFO ALIAS {alias}, DETAIL |
Objecttype settings | INFO OBJECTTYPE {objecttype}, DETAIL |
Many Safeguard OBJECTs, such as User Group Name or Number, Volume, Sub- volume or Diskfile names can be wildcarded with an asterisk (*).
Use the INFO SAFEGUARD DETAIL command to display all the Global Security attributes of Safeguard software. To start SAFECOM:
SAFECOM
The prompt for SAFECOM is an equal sign "=".
SAFECOM
SAFEGUARD COMMAND INTERPRETER - T9750G06 - (22JUL02) SYSTEM \LA = |
INFO SAFEGUARD, DETAIL
SAFEGUARD IS CONFIGURED WITH SUPER.SUPER UNDENIABLE AUTHENTICATE-MAXIMUM-ATTEMPTS = 3 AUTHENTICATE-FAIL-TIMEOUT = 60 SECONDS AUTHENTICATE-FAIL-FREEZE = OFF PASSWORD-REQUIRED = OFF PASSWORD-HISTORY = 0 PASSWORD-ENCRYPT = ON PASSWORD-MINIMUM-LENGTH = 6 PASSWORD-MAY-CHANGE = 1 DAYS BEFORE-EXPIRATION PASSWORD-EXPIRY-GRACE = 7 DAYS AFTER-EXPIRATION WARNING-MODE = OFF WARNING-FALLBACK-SECURITY = GUARDIAN DIRECTION-DEVICE = SUBDEVICE-FIRST CHECK-DEVICE = ON COMBINATION-DEVICE = FIRST-ACL CHECK-SUBDEVICE = ON ACL-REQUIRED-DEVICE = OFF DIRECTION-PROCESS = SUBPROCESS-FIRST CHECK-PROCESS = ON COMBINATION-PROCESS = FIRST-ACL CHECK-SUBPROCESS = ON ACL-REQUIRED-PROCESS = OFF DIRECTION-DISKFILE = FILENAME-FIRST CHECK-VOLUME = OFF COMBINATION-DISKFILE = FIRST-ACL CHECK-SUBVOLUME = ON ACL-REQUIRED-DISKFILE = OFF CHECK-FILENAME = ON CLEARONPURGE-DISKFILE = OFF AUDIT-OBJECT-ACCESS-PASS = NONE AUDIT-AUTHENTICATE-PASS = ALL AUDIT-OBJECT-ACCESS-FAIL = ALL AUDIT-AUTHENTICATE-FAIL = ALL AUDIT-OBJECT-MANAGE-PASS = ALL AUDIT-SUBJECT-MANAGE-PASS = ALL AUDIT-OBJECT-MANAGE-FAIL = ALL AUDIT-SUBJECT-MANAGE-FAIL = ALL AUDIT-DEVICE-ACCESS-PASS = NONE AUDIT-PROCESS-ACCESS-PASS = NONE AUDIT-DEVICE-ACCESS-FAIL = ALL AUDIT-PROCESS-ACCESS-FAIL = ALL AUDIT-DEVICE-MANAGE-PASS = ALL AUDIT-PROCESS-MANAGE-PASS = ALL AUDIT-DEVICE-MANAGE-FAIL = ALL AUDIT-PROCESS-MANAGE-FAIL = ALL AUDIT-DISKFILE-ACCESS-PASS = NONE AUDIT-DISKFILE-ACCESS-FAIL = ALL AUDIT-DISKFILE-MANAGE-PASS = ALL AUDIT-DISKFILE-MANAGE-FAIL = ALL AUDIT-CLIENT-SERVICE = OFF CI-PROG = $SYSTEM.SYSTEM.TACL CMON = ON CI-LIB = * NONE * CMONERROR = ACCEPT CI-SWAP = * NONE * CMONTIMEOUT = 29 SECONDS CI-CPU = * NONE * BLINDLOGON = ON CI-PRI = 150 NAMELOGON = ON CI-PARAM-TEXT = TERMINAL-EXCLUSIVE-ACCESS = OFF |
Example 1 shows the Safeguard Globals. Note the first line, which shows that SUPER.SUPER is undeniable.
INFO USER 222,77,DETAIL
GROUP.USER USER-ID OWNER LAST-MODIFIED LAST-LOGON STATUS ABCO.PAM 222,77 \*.253,1 12APR02, 11:00 23DEC02, 7:45 THAWED UID = 56909 USER-EXPIRES = 23DEC02, 7:45 PASSWORD-EXPIRES = 23DEC02, 7:45 PASSWORD-MAY-CHANGE = * NONE * PASSWORD-MUST-CHANGE EVERY = 30 DAYS PASSWORD-EXPIRY-GRACE = 29 DAYS LAST-LOGON = 23DEC02 , 7:45 LAST-UNSUCCESSFUL-ATTEMPT = 4DEC02, 13:11 LAST-MODIFIED = 12APR02, 11:00 FROZEN/THAWED = THAWED STATIC FAILED LOGON COUNT = 4 GUARDIAN DEFAULT SECURITY = NCCC GUARDIAN DEFAULT VOLUME = $DATAA.PAM AUDIT-AUTHENTICATE-PASS = ALL AUDIT-MANAGE-PASS = ALL AUDIT-AUTHENTICATE-FAIL = ALL AUDIT-MANAGE-FAIL = ALL AUDIT-USER-ACTION-PASS = NONE AUDIT-USER-ACTION-FAIL = ALL CI-PROG = * NONE * CI-LIB = * NONE * CI-NAME = * NONE * CI-SWAP = * NONE * CI-CPU = * NONE * CI-PRI = * NONE * CI-PARAM-TEXT = INITIAL-PROGTYPE = PROGRAM INITIAL-PROGRAM = INITIAL-DIRECTORY = PRIMARY-GROUP = ABCO GROUP = ABCO REMOTEPASSWORD = \LA xxxx REMOTEPASSWORD = \SYDNEY xxxx REMOTEPASSWORD = \LONDON xxxx ALIAS = pamela ALIAS = pam1 ALIAS = pam-noseg ALIAS = plh1a SUBJECT DEFAULT-PROTECTION SECTION UNDEFINED ! |
Example 2 shows a user record.
INFO USER 222,77,REMOTEPASSWORD
GROUP.USER USER-ID OWNER LAST-MODIFIED LAST-LOGON STATUS ABCO.PAM 222,77 \*.253,1 12APR02, 11:00 23DEC02, 7:45 THAWED REMOTEPASSWORD = \LA xxxx REMOTEPASSWORD = \SYDNEY xxxx REMOTEPASSWORD = \LONDON xxxx |
Example 3 shows only the remote passwords in a user record.
INFO OBJECTTYPE VOLUME
LAST-MODIFIED OWNER STATUS VOLUME 30SEP02, 15:10 \*.255,255 THAWED 253,001 C,O \*.253,001 C,O AUDIT-ACCESS-PASS = ALL AUDIT-MANAGE-PASS = ALL AUDIT-ACCESS-FAIL = ALL AUDIT-MANAGE-FAIL = ALL |
Example 4 shows an OBJECTTYPE VOLUME record.
INFO DISKFILE $DATAA.PAM.*,WARNINGS OFF
LAST-MODIFIED OWNER STATUS $DATAA.PAM MYFILE 13AUG01, 10:08 20,245 THAWED \*.020,245 R,W,E,P,C,O \*.222,077 R \*.222,210 R,W AUDIT-ACCESS-PASS = ALL AUDIT-MANAGE-PASS = ALL AUDIT-ACCESS-FAIL = ALL AUDIT-MANAGE-FAIL = ALL LICENSE = OFF PROGID = OFF CLEARONPURGE = OFF PERSISTENT = ON |
Example 5 shows a diskfile record.
INFO SECURITY-GROUP SECURITY-ADMINISTRATOR
LAST-MODIFIED OWNER STATUS SECURITY-ADMINISTRATOR 7JAN03, 11:12 255,255 THAWED 222,233 E, O 222,250 E, O 253,001 E, O |
Example 6 shows a SECURITY-GROUP record.
INFO GROUP NAME TEST,DETAIL
GROUP NAME NUMBER OWNER LAST-MODIFIED test 300 255,255 8DEC00, 17:53 AUTO-DELETE = OFF DESCRIPTION = "aaa;bbb" MEMBER = Manuel MEMBER = sec-bryan MEMBER = daryl1 |
Example 7 shows a FILE-SHARING Group record.
There are two commands used to display the configuration of Safeguard audit trails:
INFO AUDIT POOL
INFO AUDIT SERVICE
The INFO AUDIT POOL displays parameters that determine the name and size of any Audit Pools.
If the command is entered without a specific Audit Pool name, the Current Audit Pool is assumed.
NFO AUDIT POOL
AUDIT POOL $SYSTEM.SAFE CONFIGURATION MAXFILES 5 MAXEXTENTS 16 EXTENTSIZE 128, 128 |
Example 1 shows the configuration of the Current Audit Pool.
INFO AUDIT POOL $DATAA.TEMPPOOL
AUDIT POOL $DATAA.TEMPPOOL CONFIGURATION MAXFILES 15 MAXEXTENTS 32 EXTENTSIZE 256, 256 |
Example 2 shows the configuration of a secondary Audit Pool.
The INFO AUDIT SERVICE Command displays parameters that determine Safe- guard's RECOVERY OPTIONS and the manner in which audit records are written to the Audit Trail.
INFO AUDIT SERVICE
CURRENT AUDIT POOL $SECURE.SAFE CURRENT AUDIT FILE $SECURE.SAFE.A0007739 NEXT AUDIT POOL $WORK.SFGAUDIT RECOVERY RECYCLE FILES CURRENT STATE RECYCLING FILES WRITE-THROUGH CACHE OFF EOF REFRESH OFF |
Example 3 shows the AUDIT SERVICE parameters. The current Audit Pool is $SECURE.SAFE. The next Audit Pool is $WORK.SFGAUDIT. Audit files are being RECYCLED. Audit records are held in memory before being written to disk and the End of File pointer is not updated until the records are actually written to disk.
The SQLCI program is used to interact with the SQL database system. To find the SQL system catalog and version, start SQLCI:
SQLCI
SQLCI has two prompt levels. A prompt of two right carets (>>) is displayed when SQLCI is ready to start processing a command. A prompt of a plus sign and a right caret is displayed when SQLCI is in the middle of processing an extended line command. All commands in SQLCI are terminated with a semi- colon ; otherwise , SQLCI assumes extended line commands and continues processing for input.
SQLCI
SQL Conversational Interface - T9191G07 - (05AUG02) COPYRIGHT COMPAQ COMPUTER CORPORATION 1987-2002 |
GET CATALOG OF SYSTEM;
CATALOG: \LA.$DSMSCM.SQL -- SQL operation complete. |
GET VERSION OF CATALOG $DSMSCM.SQL;
VERSION: 345 -- SQL operation complete. |
To view the file label information for SQL objects, use FUP INFO or FILEINFO at the TACL prompt in the same manner as any other file on the system.
FILEINFO $DSMSCM.SQL.*;
$DSMSCM.SQL CODE EOF LAST MODIFIED OWNER RWEP PExt SExt BASETABS O 572A 6384 06AUG2002 15:49 255,255 NNNU 16 128 CATALOGS 571A 16384 18JUN2003 14:09 255,255 NNUU 16 128 CATDEFS O 900A 12288 12OCT1999 10:08 255,255 AA-A 16 64 COLUMNS O 573A 159744 06AUG2002 15:49 255,255 NNNU 16 128 COMMENTS 574A 0 04DEC1998 7:02 255,255 NNNU 16 128 CONSTRNT 575A 0 04DEC1998 7:02 255,255 NNNU 16 128 CPRLSRCE 587A 0 04DEC1998 7:02 255,255 NNNU 16 128 CPRULES 586A 0 04DEC1998 7:02 255,255 NNNU 16 128 |
Researching SQL catalog information is performed using the SQL query language to execute queries against the SQL catalogs. Generally, research of this type requires extensive knowledge of SQL and SQL query format. A large number of queries can be performed against the SQL catalogs. Some examples are:
To display a list of catalog names from the System Catalog;
select * from $dsmscm.sql.catalogs for browse access;
CATALOGNAME SUBSYSTEMNAME VERSION ---------------------------------------------------------------- VERSIONUPGRADETIME CATALOGCLASS CATALOGVERSION ------------------------------------------------ \LA.$DATA1.AMACATL SQL A350 0 U 350 \LA.$DATA1.AMATEST SQL A350 0 U 350 \LA.$DATA1.P05AACAT SQL A350 0 U 350 \LA.$DATA1.TAPECAT SQL A350 |
To display a list of tables from a specified catalog:
select * from $dsmscm.tapecat.tables for browse access;
TABLENAME TABLETYPE TABLECODE COLCOUNT GROUPID ---------------------------------------------- USERID CREATETIME REDEFTIME SECURITYVECTOR SECURITYMODE ------------------------------------ OBJECTVERSION SIMILARITYCHECK ----------------------------- \LA.$DSMSCM.TAPECAT.BASETABS TA 572 9 255 255 211793825082668460 211793824964685790 NNCC G 1 DISABLED \LA.$DSMSCM.TAPECAT.COLUMNS TA 573 26 255 255 211793825082824170 211793824964685790 NNCC G 1 DISABLED |
To discover the security and owner of catalog tables, query the TABLES table as shown:
LOG <log-file> CLEAR; SELECT TABLENAME, SECURITYVECTOR, GROUPID, USERID FROM <catalog-name>.TABLES WHERE TABLENAME = "\SYSTEM.$<VOLUME>.<CATALOG-NAME>.TABLES";
To find out the security and owner of the USAGES, TRANSIDS, and PROGRAMS tables:
SELECT TABLENAME, SECURITYVECTOR, GROUPID, USERID FROM <catalog-name>.TABLES WHERE TABLENAME = "\SYSTEM.$<VOLUME>.<CATALOG-NAME>.USAGES" OR TABLENAME = "\SYSTEM.$<VOLUME>.<CATALOG-NAME>.TRANSIDS" OR TABLENAME = "\SYSTEM.$VOLUME.<CATALOG-NAME>.PROGRAMS";
To display information such as System Name, Number and Operating System release numbers and the current SYSnn, use the SYSINFO command.
On NonStop K-series servers, the System number displayed using SYSINFO may not be correct. The RLSEID file is a more reliable reference.
SYSINFO
SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \LONDON Date 23 Apr 2003, 13:08:28 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997 System name \LONDON EXPAND node number 153 Current SYSnn SYS01 System number 045422 Software release ID G06.18 |
Example 1 shows a SYSINFO on a NonStop S-series system.
SYSINFO
SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \TORONTO Date 07 May 2003, 07:07:38 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997 System name \TORONTO EXPAND node number 152 Current SYSnn SYS04 System number B29625 Software release ID D48.03 |
Example 2 shows a SYSINFO on a NonStop K-series system. Note that the System number displayed here differs from that in the RLSEID file shown below.
The system number and Operating System and Release Version can be found in the file called RLSEID. This file is located in the current $SYSTEM.SYSnn.
FUP COPY $SYSTEM.SYS01.RLSEID
R24 045422 G06.18 1 RECORDS TRANSFERRED |
Example 1 shows the RLSEID file on a NonStop S-series server. The system number is '045422"; the software release number is Release Version Update G06.18.
FUP COPY $SYSTEM.SYS04.RLSEID
Q11 064421 D48.03 1 RECORDS TRANSFERRED |
Example 2 shows the RLSEID file on a NonStop K-series system. The system number is '064421", the software release number is D48.03.
In an interactive TACL session:
Enter the keyword ASSIGN at a TACL prompt to display ASSIGNs that are added as part of the authentication and TACL initialization process or after the execution of a TACL macro or OBEY file.
In the Pathway Environment:
Enter the command: INFO SERVER *
Manually examine the TACLLOCL file and any TACLCSTM files located for the keyword ASSIGN.
Manually examine all OBEY files for the keyword ASSIGN.
In the NETBATCH Environment:
Within an ATTACHMENT-SET
Use the BATCHCOM utility to research ATTACHMENT-SETs.
To start BATCHCOM:
BATCHCOM
The prompt for BATCHCOM is a right curly brace ("}").
BATCHCOM
First locate a job to examine using the STATUS JOB command:
STATUS JOB *
JOB STATUS JOB JOBNAME USERID LOG STATE CLASSNAME -------------------------------------------------------------- 1 AUTOBACKUP 255,255 5487 18:00:00 DEFAULT 5 INCREMENTAL-BACKUP 255,255 6094 31MAR03 DEFAULT 29 SETTIME 255,255 6170 29MAR03 DEFAULT 45 NIGHTLY-MAINTENANCE 222,250 6163 29MAR03 DEFAULT |
Then examine the job using the INFO JOB command:
INFO 29
JOB ATTRIBUTES for SETTIME jobnumber: 29 volume: \LA.$SYSTEM.TIME, "NUNU" in: out: \LA.$S.#BATCH.SETTIME executor-program: \LA.$SYSTEM.SYSPROBJ.ADJTIME pfs: 0 pri: 120 selpri: 3 maxprintlines: None maxprintpages: None class: DEFAULT hold: Off stall: Off stop-on-abend: Off every: 1 DAYS at: 14DEC99 04:00:00 iffails: On attachment-set: (SUPER.SUPER)STANDARD highpin: Of submit: 14DEC99 10:22:04 alter: 30APR02 08:41:33 user: 255,255 next-runtime: 29MAR03 04:00:00 |
Look for an entry such as: "attachment-set: "(SUPER.SUPER)STANDARD", in the example above.
Finally, to see the contents of the ATTACHMENT-SET, enter the following command:
INFO ATTACHMENT-SET (SUPER.SUPER) STANDARD
The items contained in the ATTACHMENT-SET will be displayed ATTACHMENT-SET ATTRIBUTES for (SUPER.SUPER)STANDARD security: "UUUU" temporary: Off |
In an interactive TACL session:
INFO DEFINE =*
Define Name =TCPIP^PROCESS^NAME CLASS MAP FILE \LA.$ZTCP2 Define Name =ABOPS_EMS_COLLECTOR CLASS MAP FILE \LA.Define Name =TCPIP^PROCESS^NAME CLASS MAP FILE \LA.$ZTCP2 Define Name =ABOPS_EMS_COLLECTOR CLASS MAP FILE \LA.$0 Define Name =ABOPS_XOUT CLASS MAP FILE \LA.$XOUT Define Name =_DEFAULTS CLASS DEFAULTS VOLUME $DATAA.MARKDefine Name =ABOPS_XOUT CLASS MAP FILE \LA.$XOUT Define Name =_DEFAULTS CLASS DEFAULTS VOLUME $DATAA.MARK |
Displays all DEFINEs that may have been added as part of the authentication and TACL initialization process or after the execution of a TACL macro or OBEY file.
In the Pathway Environment enter the command:
INFO SERVER *
SERVER XPLS000 PROCESSTYPE GUARDIAN AUTORESTART 0 CPUS (1:0) CREATEDELAY 1 MINS DEBUG OFF DELETEDELAY 10 MINS HIGHPIN OFF HOMETERM \LA.$VHS LINKDEPTH 1 MAXSERVERS 1 NUMSTATIC 1 OWNER \LA.255,255 PRI 120 PROGRAM \LA.$DATAA.XPLPROBJ.XPLS000 SECURITY "N" TMF OFF VOLUME \LA.$DATAA.XPLPRDAT |
Manually examine the TACLLOCL file and any TACLCSTM files located for the keyword DEFINE.
Manually examine all OBEY files for the keyword DEFINE.
In an interactive TACL session:
PARAM
Displays PARAMs that may have been added as part of the authentication and TACL initialization process or after the execution of a TACL macro or OBEY file.
In the Pathway Environment enter the command:
PATHCOM INFO SERVER *
Manually examine the TACLLOCL file and any TACLCSTM files located.
Manually examine all OBEY files.
Manually examine all ATTACHMENT-SETs
Use the following TACL commands to display the values of the TACLCONF parameters.
#getconfiguration/<parameter>/
The parameters are:
#getconfiguration/BLINDLOGON/ #getconfiguration/NOCHANGEUSER/ #getconfiguration/AUTOLOGOFFDELAY/ #getconfiguration/LOGOFFSCREENCLEAR/ #getconfiguration/NAMELOGON/ #getconfiguration/CMONTIMEOUT/ #getconfiguration/REMOTECMONTIMEOUT/ #getconfiguration/REMOTESUPERID/ #getconfiguration/CMONREQUIRED/ #getconfiguration/REMOTECMONREQUIRED/ #getconfiguration/STOPONFEMODEMERR /
#getconfiguration/BLINDLOGON/
#getconfiguration/BLINDLOGON/ expanded to: 0 |
#getconfiguration/NOCHANGEUSER/
#getconfiguration/NOCHANGEUSER/ expanded to: 0 |
#getconfiguration/AUTOLOGOFFDELAY/
#getconfiguration/AUTOLOGOFFDELAY/ expanded to: -1 |
The value returned from each query is 0 for false, 1 for true or a numeric value for those parameters like CMONTIMEOUT that require a count. A count of “1 for a timeout value means that there is no timeout.
The BIND program displays values from inside a compiled program. To start BIND:
BIND
The BINDER Command Interpreter prompt will be an "@".
Use the following BIND commands to display the PASSWORD Program parameters.
DUMP DATA <PARAMETER-NAME> * FROM $SYSTEM.SYS<NN>.PASSWORD
Four parameters control PASSWORD's behavior:
PROMPTPASSWORD BLINDPASSWORD MINPASSWORDLEN ENCRYPTPASSWORD
BIND
BINDER - OBJECT FILE BINDER - T9621D30 - (31MAY02) SYSTEM \LA Copyright Compaq Computers Corporation, 1988-2002 |
DUMP DATA PROMPTPASSWORD * FROM $SYSTEM.SYS03.PASSWORD
000000: 000001 |
DUMP DATA BLINDPASSWORD * FROM $SYSTEM.SYS03.PASSWORD
000000: 000001 |
DUMP DATA MINPASSWORDLEN * FROM $SYSTEM.SYS03.PASSWORD
000000: 000006 |
DUMP DATA ENCRYPTPASSWORD * FROM $SYSTEM.SYS03.PASSWORD
000000: 000001 |
The value returned from each query is either 000000 (false) or 0000001 (true), except for MINPASSWORDLEN, which returns a number between 000000 and 000008, representing the minimum length acceptable.
Use SCF LISTDEV to display all processes that have a device type and are known to SCF. To start SCF:
SCF (to enter the SCF command interpreter).
The SCF command interpreter prompt will be a number, dash, and a greater than sign "n->".
LISTDEV
LDev Name PPID BPID Type RSize Pri Program 0LDev Name PPID BPID Type RSize Pri Program 0 $0 0,5 1,5 (1,0) 102 201 \LA.$SYSTEM.SYS01.OSIMAGE 1 $NCP 0,16 1,13 (62,6) 1 199 \LA.$SYSTEM.SYS01.NCPOBJ 3 $YMIOP 0,256 1,256 (6,4) 80 205 \LA.$SYSTEM.SYS01.OSIMAGE 5 $Z0 0,7 1,7 (1,2) 102 200 \LA.$SYSTEM.SYS01.OSIMAGE 6 $SYSTEM 0,257 1,257 (3,41) 4096 104 \LA.$SYSTEM.SYS01.OSIMAGE 7 $ZOPR 0,8 1,8 (1,0) 102 201 \LA.$SYSTEM.SYS01.OSIMAGE 63 $MPATH 0,284 1,284 (63,1) 0 199 \LA.$SYSTEM.SYS01.LHOBJ 64 $ZZKRN 0,15 1,23 (66,0) 132 180 \LA.$SYSTEM.SYS01.OZKRN 65 $ZZWAN 0,277 1,289 (50,3) 132 180 \LA.$SYSTEM.SYS01.WANMGR 66 $ZZW01 1,266 0,0 (50,0) 0 199 \LA.$SYSTEM.SYS01.CONMGR 246 $QA0 1,357 0,363 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 247 $DV0 1,358 0,369 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 253 $ZPHI 0,375 1,356 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 264 $Z03H 0,104 0,0 (1,30) 132 150 \LA.$SYSTEM.SYS01.EMSDIST 270 $NMTRM 1,380 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 280 $Z6ND 1,390 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 282 $Z0WY 0,216 0,0 (1,30) 132 100 \LA.$SYSTEM.SYS01.EMSDIST 284 $Z6NJ 1,378 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 338 $X7MX 1,392 0,0 (1,30) 132 130 \LA.$SYSTEM.SYS01.EMSDIST Total Errors = 0 Total Warnings = 00,5 1,5 (1,0) 102 201 \LA.$SYSTEM.SYS01.OSIMAGE 1 $NCP 0,16 1,13 (62,6) 1 199 \LA.$SYSTEM.SYS01.NCPOBJ 3 $YMIOP 0,256 1,256 (6,4) 80 205 \LA.$SYSTEM.SYS01.OSIMAGE 5 $Z0 0,7 1,7 (1,2) 102 200 \LA.$SYSTEM.SYS01.OSIMAGE 6 $SYSTEM 0,257 1,257 (3,41) 4096 104 \LA.$SYSTEM.SYS01.OSIMAGE 7 $ZOPR 0,8 1,8 (1,0) 102 201 \LA.$SYSTEM.SYS01.OSIMAGE 63 $MPATH 0,284 1,284 (63,1) 0 199 \LA.$SYSTEM.SYS01.LHOBJ 64 $ZZKRN 0,15 1,23 (66,0) 132 180 \LA.$SYSTEM.SYS01.OZKRN 65 $ZZWAN 0,277 1,289 (50,3) 132 180 \LA.$SYSTEM.SYS01.WANMGR 66 $ZZW01 1,266 0,0 (50,0) 0 199 \LA.$SYSTEM.SYS01.CONMGR 246 $QA0 1,357 0,363 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 247 $DV0 1,358 0,369 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 253 $ZPHI 0,375 1,356 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 264 $Z03H 0,104 0,0 (1,30) 132 150 \LA.$SYSTEM.SYS01.EMSDIST 270 $NMTRM 1,380 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 280 $Z6ND 1,390 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 282 $Z0WY 0,216 0,0 (1,30) 132 100 \LA.$SYSTEM.SYS01.EMSDIST 284 $Z6NJ 1,378 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 338 $X7MX 1,392 0,0 (1,30) 132 130 \LA.$SYSTEM.SYS01.EMSDIST Total Errors = 0 Total Warnings = 0 |
Use LISTDEV TCPIP to display all TCPIP processes.
LISTDEV TCPIP
LDev Name PPID BPID Type RSize Pri Program 145 $ZTC0 0,329 1,308 (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP 161 $ZTC2 1,54 0,75 (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP 164 $ZTC1 1,318 0,334 (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP 175 $ZB018 0,345 1,328 (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP 176 $ZB01B 0,340 1,322 (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP 182 $ZTC3 0,351 1,333 (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP Total Errors = 0 Total Warnings = 0 |
Use SCF INFO SUBNET to display TCPIP SUBNET information. This information is particularly useful to determine what TCPIP addresses are configured for access to the system.
INFO SUBNET $ZTC0.*
TCPIP Info SUBNET \LA.$ZTCP0.* Name Devicename *IPADDRESS TYPE *SUBNETMASK SuName QIO *R #LOOP0 \NOSYS.$NOIOP 127.0.0.1 LOOP-BACK %HFF000000 OFF N #SN1 \LA.LANX 192.168.55.32 ETHERNET %HFFFFFF00 ON N 2-> |
Use SCF LISTDEV TELSERV to display all TELSERV processes.
LISTDEV TELSERV
LDev Name PPID BPID Type RSize Pri Program 147 $ZTN0 0,324 1,293 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV 165 $ZTN1 1,319 0,336 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV 179 $ZN018 0,339 1,330 (46,0) 6144 150 \LA.$SYSTEM.SYS01.TELSERV 210 $ZTN2 1,341 0,361 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV 211 $ZTNPX 1,337 0,352 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV |
Use SCF ASSUME and INFO to display a list of services associated with a TELSERV process.
ASSUME PROCESS $ZTN1 INFO SERVICE *
TELSERV Info SERVICE \LA.$ZTN1.* Name *Type *Subtype *Access *Display *Program TACL CONVERSATION DYNAMIC ALL ON $SYSTEM.SYSTEM.TACL ZVTL VTL STATIC N/A OFF N/A ZTELNET CONVERSATION DYNAMIC N/A OFF N/A ZBLOCK BLOCK STATIC N/A OFF N/A ZCONV CONVERSATION STATIC N/A OFF N/A ZPRINT PRINT STATIC N/A OFF N/A ZSPI SPI STATIC N/A OFF N/A |
Use SCF INFO SERVICE to display details of a TELSERV service.
INFO SERVICE TACL,DETAIL
TELSERV Detailed Info SERVICE \LA.$ZTN1.tacl *Type................... CONVERSATION *Subtype................ DYNAMIC *Display................ ON *Autodelete............. OFF *Owner.................. N/A *Access................. ALL *CPU.................... N/A *Pri.................... N/A *Swap................... N/A *Program................ $SYSTEM.SYSTEM.TACL *Lib.................... N/A *Resilient.............. OFF *Param.................. N/A *Assigned Window........ OFF *Default Service........ OFF |
Use SCF to list all nodes on the network. Compare list to network diagram provided by operations.
INFO PROCESS $NCP,DETAIL
EXPAND Detailed Info PROCESS $NCP AT \LA (253) Max System Number.. 254 *Aborttimer......... 0:02:30.00 Algorithm.......... SPLITHORIZON AutomaticMaptimer.. ON *Connecttime........ 0:00:00.00 Framesize.......... 132 *Maxtimeouts........ 3 *Maxconnects........ 10 *NetworkDiameter.... 15 Type............... (62,0) *Message 43......... OFF Message 44......... ON Message 45......... ON *Message 46......... OFF Message 47......... ON *Message 48......... OFF *Message 49......... OFF *AutoRebal.......... OFF Next Rebalance Time 0/00:00:00 *AutoRebalTime...... 1/00:00:00 Trace File Name.... none |
Use SCF maps to list all nodes on the network. Compare this list to a network diagram provided by operations.
Example 8:
INFO PROCESS $NCP,NETMAP
EXPAND Info PROCESS $NCP, NETMAP NETMAP AT \LA (253) #LINESETS=2 TIME: DEC 13,2002 15:38:01 SYSTEM TIME (DISTANCE) BY PATH INDEX 252 \CHICAGO 190K(01)* inf() [ 2] 254 \ABCO inf() 380K(01)* [ 2] --------------------------------------------------- LINESETS AT \LA (253) #LINESETS=2 LINESET NEIGHBOR LDEV TF PID LINE LDEV STATUS FileErr# 1 \CHICAGO (252) 117 190K (0, 330) 1 117 READY 2 \ABCO (254) 63 380K (0, 285) 1 119 READY 2 118 READY |
Use SCF to check the PASSTHRU setting.
SCF Syntax: INFO PROFILE $ZZWAN.#< profile-name >
Example 9:
INFO PROFILE $ZZWAN.#EXPIP
WAN MANAGER Info profile \LA.$ZZWAN.#EXPIP Devices using this profile Device.......... 1 : $EXPIP DEVICE SPECIFIC MODIFIERS: NEXTSYS 253 L4CONGCTRL_ON L4RETRIES 3 L4TIMEOUT 2000 COMPRESS_ON PASSTHRU_ON L4EXTPACKETS_ON SUPERPATH_OFF L4SENDWINDOW 254 PATHBLOCKBYTES 0 PATHPACKETBYTES 1024 RXWINDOW 7 TXWINDOW 7 ALGORITHM 1 AUTOMATICMAPTIMER 1 CONNECTTIME 0 FRAMESIZE 132 MAXTIMEOUTS 3 MAXCONNECTS 5 NETWORKDIAMETER 15 ABORTTIMER 15000 |
The TMFCOM program is used to monitor and control NonStop TMF software. Use the STATUS command to determine current active conditions.
TMFCOM
The NonStop TMF command interpreter prompt will be TMF, a number, and a right caret "TMF n>".
TMFCOM
TMFCOM - T8652G07 - (29NOV2002 - TMF) COPYRIGHT COMPAQ COMPUTER CORPORATION 2002 TMF 1> |
STATUS AUDITTRAIL
AuditTrail Status: Master Active audit trail capacity used: 24% First pinned file: $AUDIT.ZTMFAT.AA002978 Reason: Current File Current file: $AUDIT.ZTMFAT.AA002978 |
STATUS DATAVOLS
Audit Recovery
Volume Trail Mode State ----------------------------------- $DATAA Mat Online Started $DATAB Mat Online Started $DATAC Mat Online Started $DATAD Mat Online Started $DATAE Mat Online Started $DSMSCM Mat Online Started $SYSTEM Mat Online Started |
STATUS AUDITDUMP
AuditDump Status: Master: State: enabled, Status: inactive |
STATUS CATALOG
Catalog Status: Status: active |
STATUS SERVER
TMF Server Status: System: \LA (253) Date-Time: 17-Jun-2003 23:55:03 Process: $Y5WB (0,269) Creator ID: (222,230) Process ID: (222,230) Priority: 130 Object Name: \LA.$SYSTEM.SYS01.TMFSERVE HomeTerm: \LA.$ZTNP2 Swap Volume: $AUDIT Version: TMFSERVE - T8694G07 - (29NOV2002 - TMF) |
STATUS TMF
TMF Status: System: \LA, Time: 17-Jun-2003 16:53:57 State: started Transaction Rate: 0.88 TPS AuditTrail Status: Master Active audit trail capacity used: 5% First pinned file: $AUDIT.ZTMFAT.AA003070 Reason: Current File Current file: $AUDIT.ZTMFAT.AA003070 AuditDump Status: Master: State: enabled, Status: inactive BeginTrans Status: ENABLED Catalog Status: Status: active |
STATUS TRANSACTIONS
Transaction Identifier Process State Parent Children ---------------------------------------------------------------- \LA.1.22978248 $Z5WF (1,454) Active \LA.1.22978154 $Z5WA (1,415) Active \CHICAGO.1.3813572 $Y9X6 (1,294) Active \CHICAGO |
Use the INFO command to determine configuration settings.
INFO AUDITTRAIL
AuditTrail Configuration: Master ActiveVols: $AUDIT Subvolume ZTMFAT, Prefix AA, filesize 180, filespervolume 4, auditdump On, overflowthreshold 80%, begintransdisable 90% OverflowVols: $AUDIT RestoreVols: $SYSTEM |
INFO CATALOG
Catalog Configuration: retaindepth 3, released Off |
INFO TMF
Configuration Volume: $SYSTEM AuditTrail Configuration: Master ActiveVols: $AUDIT Subvolume ZTMFAT, Prefix AA, filesize 180, filespervolume 4, auditdump On, overflowthreshold 80%, begintransdisable 90% OverflowVols: $AUDIT RestoreVols: $SYSTEM Auditdump Configuration: Master: enabled, medium tape, Copies 1, verifytape Off , blocksize 28, system \LA |
Catalog Configuration: retaindepth 3, released Off BeginTrans Configuration: TransCountThresh (1500,1600) TmfLibMemThresh (85,90) TmpMemThresh (90,95) TransPerCpu (1024,1024) AutoAbort 7200 Seconds RecRMCount 256 RMOpenPerCpu 128 BranchesPerRM 128 After the next START TMF, the BeginTrans Configuration will be: TransPerCpu (1024,1024) RecRMCount 256 RMOpenPerCpu 128 BranchesPerRM 128 |
NonStop TMF software regularly copies its audit dumps to tape. To display information about the auditdump:
INFO AUDITDUMP
Auditdump Configuration: Master: enabled, medium tape, Copies 1, verifytape Off , blocksize 28,system \LA |
INFO DUMPS
Dump Dump Media FileName Serial Date-Time Type Type Media Name ---------------------------------------------------------------- $ZTMFAT.ZTMFAT AA003067 66 17-Jun-2003 15:06 audit tape TMF001 AA003068 67 17-Jun-2003 15:49 audit tape TMF002 AA003069 68 17-Jun-2003 16:20 audit tape TMF003 |
INFO TAPEMEDIA
Media Name Media Type Media Status ------------------------------------ TEST tape released TMF001 tape assigned TMF002 tape assigned TMF003 tape assigned TMF004 tape assigned |
NonStop TMF software can also create audit dumps by copying the information to disk:
INFO AUDITDUMP
Auditdump Configuration: Master: enabled, medium disk DiskMedia \LA.$DATAD.ZT |
The USERS program lists all or some of the users on the system. Enter an exact user name or user number or replace either the group name or member name with an asterisk (*).
USERS { [ groupname. group#, *. ] [ membername. member#, * ] }
USERS 222,*
GROUP .USER I.D. # SECURITY DEFAULT VOLUMEID ABCO .NOREMOTE 222,001 NNNN $DATAA.P15QATST ABCO .BANKING 222,005 OOOO $SYSTEM.NOSUBVOL ABCO .JULIE 222,007 OOOO $USERS.JULIEC ABCO .STEVE 222,008 CCCC $DATAA.STEVE |
The display includes the following information:
User Name and User Number, the user's default security vector and default volume.
The SPOOLCOM program allows management and display of information in a data output spooler. To start SPOOLCOM:
SPOOLCOM
The SPOOLER command interpreter will be a right parenthesis ")"
SPOOLCOM
SPOOLCOM - T9101D48 - (25JUL2002) SYSTEM \LA Copyright Tandem Computers Incorporated 1978, 1982, 1983, 1984, 1985, 1986, 1987, 1988, 1989, 1990, 1991) |
Use the COLLECT command to display the status of spooler collector configurations.
COLLECT
COLLECT STATE FLAGS CPU PRI UNIT DATA FILE %FULL $S ACTIVE 0 , 1 170 8 $SYSTEM.SYSPRSPL.SPLDATA 56 $TLH ACTIVE 1 , 0 145 4 $DATAA.P09QATH.SPLDATA 0 |
Use the JOB command to display a list of jobs in the spooler subsystem.
JOB
JOB BATCH STA FLAGS OWNER TIME COPY PAGE REPORT LOCATION 12 1310 RDY 3 222,210 06/08 1 5 QED ARCH222 210 #REPORT.TARCH 13 1310 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TARCH 14 1310 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TARCH 15 1310 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TARCH 16 1310 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TARCH 17 1311 RDY 3 222,210 06/08 1 8 QED ARCH222 210 #REPORT.TADEL 18 1311 RDY 3 222,210 06/08 1 2 ABCO LEE #REPORT.TADEL 19 1311 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TADEL 20 1311 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TADEL 21 1311 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TADEL 22 1311 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TADEL 23 1311 RDY 3 222,210 06/08 1 1 ABCO LEE #REPORT.TADEL 39 1317 RDY 3 222,11 06/09 1 5 BFMA ADD222 11 #BFMA.ADDARC 40 1317 RDY 3 222,11 06/09 1 1 ABCO MARK #BFMA.ADDARC 41 1317 RDY 3 222,11 06/09 1 1 ABCO MARK #BFMA.ADDARC |
The PERUSE program is used to display the contents of an output job in the spooler.
Syntax: PERUSE
The PERUSE command interpreter will be an underscore "_".
PERUSE
PERUSE - T9101D48 - (25JUL2002) SYSTEM \LA Copyright Tandem Computers Incorporated 1978, 1982, 1983, 1984, 1985, 1986, 1987, 1988, 1989, 1990, 1991 |
Use the JOB command to display a list of spooled jobs.
JOB
JOB BATCH STATE PAGES COPIES PRI HOLD LOCATION REPORT 39 1317 READY 5 1 3 #BFMA ADDARC BFMA ADD222 11 40 1317 READY 1 1 3 #BFMA ADDARC ABCO MARK 41 1317 READY 1 1 3 #BFMA ADDARC ABCO MARK 42 1317 READY 1 1 3 #BFMA ADDARC ABCO MARK 43 1317 READY 1 1 3 #BFMA ADDARC ABCO MARK 46 1319 READY 6 1 3 #BFMA DELARC BFMA DEL222 11 47 1319 READY 1 1 3 #BFMA DELARC ABCO MARK 48 1319 READY 1 1 3 #BFMA DELARC ABCO MARK 49 1319 READY 1 1 3 #BFMA DELARC ABCO MARK 50 1319 READY 1 1 3 #BFMA DELARC ABCO MARK 51 1319 READY 1 1 3 #BFMA DELARC ABCO MARK 222 1328 READY 5 1 3 #BFMA ADDARC BFMA ADD222 11 |
Use the JOB n command to set the current job.
JOB 7676
Use the LIST n command to display pages from the current job to the screen.
LIST 1
ABCompany AUDITLOG Report Date Produced: 05-Jun-2003 at 06:38 AM Criteria:2003-06-04 00:00 to 2003-06-05 23:59 Subvol:$DATAD.BFMADAT Oper:LOGON, ------------------------------------------------------------------------------ F 2003-06-04 08:12:31 Subsystem: \LA.SAFEGUARD Alerted: N Subject User: 222,210 ABCO.LEE Term: \LA.$VHS Process: \LA.$X5PX Op: AUTHENTICATE Object: USER ABCO.LEE Result: WRONG-PASSWORD Wrong-password Authenticate to User ABCO.LEE |
The BATCHCOM program is used to manage the NetBatch subsystem. To start the BATCHCOM program:
BATCHCOM
The NetBatch command interpreter will be a number and close bracket "n}".
BATCHCOM
Use the STATUS JOB command to display a list of jobs.
STATUS JOB *
JOB STATUS JOB JOBNAME USERID LOG STATE CLASSNAME --------------------------------------------------------------- 1 AUTOBACKUP 255,255 2264 04JUL03 DEFAULT 5 INCREMENTAL-BACKUP 255,255 2232 18:00:00 DEFAULT 29 SETTIME 255,255 2518 01JUL03 DEFAULT 45 NIGHTLY-MAINTENANCE 222,250 2504 01JUL03 DEFAULT 2746 QED-ARCH-TST 222,210 2486 20:00:00 DEFAULT 2747 QED-ARCH-TDEL 222,210 2491 23:00:00 DEFAULT 2894 QED-ARCH-STEVE 222,9 2481 19:00:00 DEFAULT 2895 QED-ARCHDEL-STEVE 222,9 2498 23:30:00 DEFAULT 3183 BFMA-ADD-ARC 222,11 2513 01JUL03 DEFAULT 3184 BFMA-DEL-ARC 222,11 2520 01JUL03 DEFAULT 3246 SW20030610092752-COLLECT 222,233 2459 09:30:00 DEFAULT 3301 TESTJOB 222,8 1879 06JUL03 DEFAULT |
Use the INFO JOB command to details about a job.
INFO JOB 1
JOB ATTRIBUTES for AUTOBACKUP jobnumber: 1 volume: \LA.$SYSTEM.OPER, "NUNU" in: \LA.$SYSTEM.OPERBACK.LABACK out: \LA.$S.#BACKUP.RUNLOG executor-program: \LA.$SYSTEM.SYSTEM.TACL pfs: 0 pri: 10 selpri: 3 maxprintlines: None maxprintpages: None class: DEFAULT hold: Off restart: On stall: Off stop-on-abend: Off calendar: \LA.$SYSTEM.SYSBATCH.LAFBACKC highpin: Off submit: 23JUN99 08:46:04 alter: 03FEB03 10:46:41 user: 255,255 next-runtime: 04JUL03 18:00:00 |