Previous | Contents | Index |
You can set and display the audit trail for a specific file or directory using the SET FILE and SHOW FILE commands.
Use the SET FILE command with the /AUDIT qualifier to specify the events to audit. The syntax for the SET FILE command is:
SET FILE path username/AUDIT=(audittype=event[,audittype=event,...])
The following table lists the audittypes you can specify using the SET FILE/AUDIT command.
Audit Type | Meaning |
---|---|
SUCCESS= event | Record successful events. |
FAILURE= event | Record unsuccessful events. |
NONE | Record no events. |
The following table lists the file and directory access events you can specify for event. The [NO] prefix clears auditing of the specified event.
Event | Meaning |
---|---|
ALL | Audits all events. |
NONE | Audits no events. |
[NO]READ | Audits attempts to display file names, attributes, permissions, and owner. |
[NO]WRITE | Audits attempts to create subdirectories and files, change attributes, and display permissions and owner. |
[NO]EXECUTE | Audits attempts to display attributes, permissions, and owner, and attempts to change subdirectories. |
[NO]DELETE | Audits attempts to delete a directory. |
[NO]CHANGE_PERMISSIONS | Audits attempts to change directory permissions. |
[NO]TAKE_OWNERSHIP | Audits attempts to change directory ownership. |
For example, to set auditing of operations on the LANMAN.INI file, enter the following command:
LANDOFOZ\\TINMAN> SET FILE C$\LANMAN\LANMAN.INI- _LANDOFOZ\\TINMAN>/AUDIT=(SUCCESS=ALL,FAILURE=ALL) %PWRK-S-FILEMOD, "\\TINMAN\C$\LANMAN\LANMAN.INI" modified %PWRK-S-FILESMODIFIED, total of 1 file modified LANDOFOZ\\TINMAN> |
To display the audit settings for a file:
Use the SHOW FILES/AUDIT command. For example:
LANDOFOZ\\TINMAN> SHOW FILES C$\LANMAN\LANMAN.INI/AUDIT Files in: \\TINMAN\C$\LANMAN LANMAN.INI Audit Events: Success Failure LION RWXDPO RWXDPO Owner: Administrator Total of 1 file LANDOFOZ\\TINMAN> |
The PATHWORKS Advanced Server records several types of messages in log files in the following locations:
The following table lists the log files kept in the PWRK$LOGS and PWRK$LMLOGS areas.
Log File Name | Message Type |
---|---|
In PWRK$LOGS: | |
NETBIOS_ nodename .LOG | NetBIOS protocol over DECnet |
NETBIOS_ERROR.LOG | NetBIOS protocol over DECnet error |
NETBIOS_OUTPUT.LOG | NetBIOS protocol over DECnet output |
PWRK$CONFIG_INFO_ nodename.LOG | Configuration information |
PWRK$CONFIG_ERROR_ nodename.LOG | Configuration errors |
PWRK$KNBDAEMON_ nodename.LOG | NetBIOS protocol over TCP/IP |
PWRK$LICENSE_R_ nodename.LOG | License registrar |
PWRK$LICENSE_REGISTRAR_ nodename.LOG | License registrar |
PWRK$LICENSE_S_ nodename.LOG | License server |
PWRK$LICENSE_SERVER_ nodename.LOG | License server |
PWRK$MASTER_ nodename.LOG | Master process (process start and shutdown) |
PWRK$MONITOR_ nodename.LOG | Monitor process |
PWRK$NBDAEMON_ nodename.LOG | NetBIOS protocol over NetBEUI |
In PWRKS$LMLOGS: | |
PWRK$ADMIN_ n_ nodename.LOG | Remo te task command |
PWRK$LMDMN_ nodename.LOG | LAN Manager daemon |
PWRK$LMMCP_ nodename.LOG | Master control process |
PWRK$LMSRV_ nodename.LOG | File server process |
PWRK$LMBROWSER_ nodename.LOG | Browser |
PWRK$UPGRADE.LOG | Upgrade utility |
You can use any ASCII text editor to look at log files, so long as the log files are not open (that is, in use).
The log files store records of the messages that have occurred during server operation. Not all the messages in the log need your attention. Many messages are caused by communication problems from which the server recovers automatically. If the server fails to recover from a problem, log files can provide you with information about the cause of the problem.
You can examine messages recorded in any log file. Each line in a log
file provides information about logged entries, including a date and
time stamp. For example, the PWRK$LMSRV_nodename.LOG file
provides information about cache exhaustion messages.
6.3 Troubleshooting Server Problems
To troubleshoot server problems, you should be familiar with the following topics:
The following sections describe how to determine the cause of a server problem and solve it if possible. Problem resolution includes determining whether or not the problem is caused by the PATHWORKS Advanced Server software. To solve client-based problems, hardware problems, and application-specific problems, see the documentation for the specific products involved.
Troubleshooting a server problem requires the following steps:
The following sections describe each step in more detail.
6.3.1.1 Step 1: Collecting Information About the Problem
When you first detect a server problem, or when the problem is reported, collect as much information as possible immediately. Record the following information:
If you are investigating a recurring or ongoing problem, you should, if
possible, implement an immediate solution that allows the client to
continue working. Record server problems and save a dump file, if one
was generated, and save associated log files and data files before
restarting the server or changing the server configuration. You can use
the information gathering command procedure
SYS$STARTUP:PWRK$GATHER_INFO.COM to save these files.
6.3.1.2 Step 2: Analyzing the Problem
When you analyze the server problem, you should also look for the solution to the problem. Therefore, you must isolate the component that needs to be modified, replaced, removed, or enhanced.
PATHWORKS Advanced Server software provides information in log files
and tools to help you determine the cause of a server problem. These
tools keep records of activities and errors. You can use them to
isolate problem areas and to help solve problems. You may be able to
solve the problem using the PATHWORKS Advanced Server commands and
utilities.
6.3.1.3 Step 3: Solving the Problem
The cause of a server problem may be within your ability to correct. At best, you may determine a configuration or definition change that will correct the problem. Or, you may be able to modify a server parameter or disable a service until the problem is solved more satisfactorily.
The procedure for solving a server problem depends on your ability to capture information about the problem and the state of the server at the time of the problem. If a problem is reported to be intermittent and is difficult to reproduce at will, the procedure for analysis and solution will take longer and be more difficult. Thus, it is particularly important to collect detailed information as soon as the problem is reported.
The following sections show how to use the PATHWORKS Advanced Server tools in the problem-solving process. Using these tools, you can modify the server to report on network activity and events, providing more detailed investigation of problems that you have already determined to be caused by the server or its network resources.
If you cannot determine the cause of a server problem, or if you cannot solve the problem, report the problem to your Compaq service contact and keep the PATHWORKS data structure PWRK$LMROOT and the log files for future analysis.
To help you report the information required for analyzing a server problem, the PATHWORKS for OpenVMS software includes a procedure you can run to gather server information.
To gather information about server status:
Enter the following commands:
$ SET DEFAULT SYS$STARTUP $ @PWRK$GATHER_INFO.COM |
The resulting file (PATHWORKS_AS_INFO.BCK) is a BACKUP saveset containing copies of the PATHWORKS log files and dump files.
If the problem you are investigating causes a system-wide failure,
create a dump file for the system. The system dump file captures system
information. Be sure to verify that your system dump file size is
sufficient to capture a full system dump.
6.3.2 The Problem Analysis Process
Problem analysis is a process of elimination. Given little information to start, you must begin at the general level and use the information-gathering tools described in this chapter to determine the area from which the problem originates. If you have sufficient information at the beginning to isolate the problem area or if the problem is ongoing or if you can reproduce the problem, you can proceed directly to the section in this chapter that addresses the type of problem you are investigating.
The problem-solving procedure differs depending on the type of problem reported. The following sections describe several types of problems, in analytical order, from the generic characteristics of server problems to the more specific.
Problem types are characterized by behavior or source as follows:
Intermittent problems are those that are not easily reproducible. They may not prevent server operation, like ongoing problems, and they may be difficult to analyze and solve. For these types of problems, your analysis depends heavily on the log files and messages reported before and during the time the problem occurred. To help locate such problems, you can use network traces, both on the condition where the problem can be reproduced, and when the problem is intermittent.
For intermittent problems, use the following procedure:
Step 1: Collect Information | Step 2: Analyze the Problem | Step 3: Solve the Problem |
---|---|---|
Record the time and date when the problem occurred, the nature of the symptoms, the computer name of the client, if any. Related information can include applications that have connections to the server, server shares, and resources consumed by the client. | Check for alerts around the time the problem occurred. Attempt to reproduce the problem on the same client and on other clients in the domain. | You can enable and modify the Alerter service to provide more specific, immediate error notification. If the problem circumstances can be reproduced, use the Alerter service to watch the messages during the occurrence of the problem. |
If the problem is unique to a specific group or one client, see Analyze
the Problem in the next column of this table.
If the problem is continuous, or if you can reproduce the problem at will, continue to Section 6.3.2.2, Domain and Computer Problems. |
Use the SHOW EVENTS command to see the event messages that were
recorded for the time the problem occurred. Enable additional
event/audit tracking to get more detailed information. See
Section 6.2.3, Event Logging in this guide for more information.
Check PATHWORKS log files for additional messages. (See Section 6.2.4, PATHWORKS Log Files.) |
Review events and log files to isolate the cause of the problem and
address it accordingly.
Intermittent problems that do not prevent use of the server may be due to faulty hardware. Check the connections to the client, the client configuration, and the network hardware. |
6.3.2.2 Domain and Computer Problems
The domain-wide functions of the server depend on its role in the
domain and on the other servers in the domain. The PATHWORKS command
line interface lets you display information about the domain and modify
server activity in the domain.
For domain and computer problems, use the following procedure:
Step 1: Collect Information | Step 2: Analyze the Problem | Step 3: Solve the Problem |
---|---|---|
Determine whether users of other computers in the domain receive error messages when attempting to connect to a server, or whether server administrators receive error messages using ADMINISTER commands. | If so, the problem may be due to a server's relationship to the other servers in the domain. Use the SHOW COMPUTERS command to determine the status of other computers in the domain. |
Use the REMOVE COMPUTER command to take the computer off the domain.
Use the SET COMPUTER/ACCOUNT_SYNCH command to synchronize the user accounts database across the domain. Use the SET COMPUTER/ROLE command to change the server role of a server in the domain. (See Section 2.2.3, Changing a Server's Role in a Domain.) |
Domain problems may require changes on multiple servers in the domain. | Use the SHOW ADMINISTER command to display the server and domain name of the server currently being administered. | Use the SET ADMINISTRATION command to set the server and domain name of the server to be managed. (See Section 2.2.2, Administering Another Domain in this guide, for more information.) |
When setting up trusts between domains, determine whether you receive the error message "Could not find domain controller for this domain." |
Check that each domain has a running domain controller.
Check that both domains are running the same transport protocol (TCP/IP, DECnet, or NetBEUI). |
Start at least one server in each domain.
Use the Configuration Manager to enable the same transport on both domains. (See Chapter 7, Managing Your Configuration.) |
6.3.2.3 Server Operation Problems
If the server fails to complete routine operations, the log files and
error messages from the software usually indicate the nature and source
of the problem.
If problems occur during server startup, shutdown, or failover, use the following procedure:
Step 1: Collect Information | Step 2: Analyze the Problem | Step 3: Solve the Problem |
---|---|---|
Check the error messages seen during failing procedures and operations. | Use PATHWORKS Advanced Server log files to display messages about problems during software startup and operation. | Use the Configuration Manager to modify server parameters that affect the way the server runs (see Chapter 7, Managing Your Configuration), or modify LANMAN.INI parameters (see Appendix A, The LANMAN.INI File in this guide). |
Check service startup failures, which are logged in the System Event log files. | Use the SHOW EVENTS command to display System events. | Use the START SERVICES and STOP SERVICES commands to manage services. |
6.3.2.4 Problems with Services
PATHWORKS Advanced Server software includes several optional services.
For example, Auditing is a service useful for analyzing server
problems. However, the services must be enabled.
If services are not enabled to run, use the following procedure:
Step 1: Collect Information | Step 2: Analyze the Problem | Step 3: Solve the Problem |
---|---|---|
Check whether the services are running. | Use the SHOW SERVICES command to display the services and their status (enabled or disabled). |
Use the following commands to control the operation of the services:
START SERVICE
(See Section 2.4.3, Managing Services for more information.) |
6.3.2.5 Client Connection Problems
Clients may be individually or collectively reporting a failure to
connect to the server or selected shares, or reporting slow response
time in connecting to the server or the share.
If the problem affects a client, a group, or all clients attempting to access the server, use the following procedure:
Step 1: Collect Information | Step 2: Analyze the Problem | Step 3: Solve the Problem |
---|---|---|
If a client cannot end a session or there are too many sessions, you can control the user sessions. | Use the SHOW SESSIONS command to display current PATHWORKS Advanced Server client sessions. | Use the CLOSE SESSION command to close unneeded sessions. |
If more than one client reports a problem when connection to the server is lost or with slow response time, the problem may be caused by too many connections to the same server. |
Use the SHOW
CONNECTIONS command to display the connections that clients have established to PATHWORKS Advanced Server shares. |
Use the CLOSE CONNECTION command to end one or more connections. |
If some clients report problems connecting to a share, the problem may be caused by too many connections. | Use the SHOW SHARES command to display information about the connection limit on the share. | Use the MODIFY SHARE command to change the connection limit on the share. |
If clients report failure to access a specific file, the problem may be caused by incorrect permission settings on the file. | Use the SHOW FILE command to display files that are open, clients who have the files open, and the permissions granted to the clients. |
Use the
SET FILE/PERMISSIONS command to let you set the file permissions correctly. |
Determine whether a client trying to log on over a WAN gets the "logon but not validated" message. | These clients use NetBIOS to send logon requests and these requests do not go over the router. | Use LMHOST or a WINS server so that logon requests can be routed to the primary domain controller for authentication. |
Previous | Next | Contents | Index |