Document revision date: 19 July 1999 | |
Previous | Contents | Index |
The following table lists the types of thresholds:
Keyword | Description |
---|---|
WARNING=value | Specifies the threshold at which the audit server notifies all security operator terminals that resources are getting low. |
ACTION=value | Specifies the threshold at which the audit server starts suspending processes that are generating audit records. (Certain processes are immune to this: refer to OpenVMS Guide to System Security). |
The following table lists the default warning and action values for each monitoring mode.
Mode | Warning | Action |
---|---|---|
Blocks | 100 | 25 |
Delta time | 2 0:00:00 | 0 0:30:00 |
If you do not want to wait for the command to complete, specify /NOVERIFY.
#1 |
---|
$ SET AUDIT/AUDIT/ENABLE= - _$ (CREATE,ACCESS=(SYSPRV,BYPASS),DEACCESS)/CLASS=FILE $ SHOW AUDIT/AUDIT System security audits currently enabled for: . . . FILE access: Failure: read,write,execute,delete,control SYSPRV: read,write,execute,delete,control BYPASS: read,write,execute,delete,control Other: create,deaccess |
The SET AUDIT command in this example enables auditing of file creation and file deaccess; it also enables auditing for any file access done by using either SYSPRV or BYPASS privilege.
#2 |
---|
$ SET AUDIT/JOURNAL=SECURITY/DESTINATION=AUDIT$:[AUDIT]TURIN $ SET AUDIT/SERVER=NEW $ SHOW AUDIT/JOURNAL List of audit journals: Journal name: SECURITY Journal owner: (system audit journal) Destination: AUDIT$:[AUDIT]TURIN.AUDIT$JOURNAL |
The SET AUDIT command in this example demonstrates how to switch to a new journal.
#3 |
---|
$ SET AUDIT/SERVER=FINAL=CRASH $ SHOW AUDIT/SERVER Security auditing server characteristics: Database version: 4.4 Backlog (total): 100, 200, 300 Backlog (process): 5, 2 Server processing intervals: Archive flush: 0 00:01:00.00 Journal flush: 0 00:05:00.00 Resource scan: 0 00:05:00.00 Final resource action: crash system |
The SET AUDIT command in this example changes the audit server's final action setting so the system crashes when the audit server runs out of memory.
#4 |
---|
$ SET AUDIT/ARCHIVE/DESTINATION=SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE $ SHOW AUDIT/ARCHIVE Security archiving information: Archiving events: system audits Archive destination: SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE.AUDIT$JOURNAL |
The SET AUDIT command in this example enables a node-specific archive file.
#5 |
---|
$ SET AUDIT/JOURNAL/RESOURCE=ENABLE $ SHOW AUDIT/JOURNAL List of audit journals: Journal name: SECURITY Journal owner: (system audit journal) Destination: SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL Monitoring: enabled Warning thresholds, Block count: 100 Duration: 2 00:00:00.0 Action thresholds, Block count: 25 Duration: 0 00:30:00.0 |
The SET AUDIT command in this example enables disk monitoring and switches the mode so the disk space is monitored in terms of time rather than free blocks.
Enables you to selectively screen out various kinds of messages from being broadcast to your terminal.
SET BROADCAST =(class-name[,...])
class-name[,...]
Specifies the class of message that you want to enable or disable for broadcast to your terminal. If you specify only one class, you can omit the parentheses. The class names are as follows:
ALL Enables all message classes. [NO]DCL Specifies Ctrl/T and SPAWN/NOTIFY messages. [NO]GENERAL Specifies all normal REPLY messages or messages from $BRDCST. [NO]MAIL Specifies notification of mail. NONE Disables all message classes. [NO]OPCOM Specifies messages issued by the operator communication process (OPCOM). [NO]PHONE Specifies messages from the Phone utility. [NO]QUEUE Specifies messages referring to print or batch jobs issued by the queue manager. [NO]SHUTDOWN Specifies messages issued from the REPLY/SHUTDOWN command. [NO]URGENT Specifies messages issued from the REPLY/URGENT command. [NO]USER1 to [NO]USER16 Specifies messages from specific user groups. (For information on setting up user-written broadcast messages, see the description of the $BRKTHRU system service in the OpenVMS System Services Reference Manual.)
The SET BROADCAST command enables you to receive certain kinds of messages at your terminal, but not others. By default, you receive all messages at your terminal (SET BROADCAST=ALL). SET BROADCAST=NONE screens out all messages.After you have used the SET BROADCAST command to screen out some classes of messages (for example, SET BROADCAST=NOPHONE), you can use the command to restore that class (SET BROADCAST=PHONE).
Use the SHOW BROADCAST command to see which message classes are currently being screened out.
Note
SYS$COMMAND must be a terminal.
#1 |
---|
$ SET BROADCAST=(NOMAIL, NOPHONE) . . . $ SET BROADCAST=MAIL |
In this example, the first SET BROADCAST command screens out all mail and phone messages. Later the second SET BROADCAST command restores mail messages. Phone messages are still screened.
#2 |
---|
$ SET BROADCAST=NONE . . . $ SET BROADCAST=(SHUTDOWN, URGENT, DCL, OPCOM) |
In this example, the first SET BROADCAST command screens out all messages. Later the second SET BROADCAST command restores shutdown, urgent, DCL, and OPCOM messages. General, phone, mail, queue, and user messages are still screened.
Defines the default translation mode for cards read from a card reader. All subsequent input read from the specified card reader is converted using the specified mode.
SET CARD_READER device-name[:]
device-name[:]
Specifies the name of the card reader for which the translation mode is to be set. The device must not be currently allocated to any other user.
When the system is bootstrapped, the translation mode for cards read into all card readers is set at 029. If you do not specify either of the command qualifiers, the SET CARD_READER command has no effect; that is, the current translation mode for the device remains the same.
/026
Sets the card reader for cards punched on an 026 punch./029
Sets the card reader for cards punched on an 029 punch./LOG
/NOLOG (default)
Controls whether log information is displayed at the terminal to confirm that the card reader is set.
$ ALLOCATE CR: _CRA0: ALLOCATED $ SET CARD_READER CRA0:/029 $ COPY CRA0: [MALCOLM.DATAFILES]CARDS.DAT |
The ALLOCATE command requests the allocation of a card reader by specifying the generic device name. When the ALLOCATE command displays the name of the device, the SET CARD_READER command sets the translation mode at 029. Then the COPY command copies all the cards read by the card reader CRA0 into the file CARDS.DAT in the directory [MALCOLM.DATAFILES].
Sets the total expected votes in the OpenVMS Cluster to a value that you specify or, if no value is specified, sets the total votes to a value determined by the system.Requires OPER (operator) privilege.
SET CLUSTER/EXPECTED_VOTES [=value]
value
Specifies the total number of expected votes in the cluster.
The SET CLUSTER/EXPECTED_VOTES command enables you to adjust the total number of expected votes in the cluster. Set this value equal to the number of votes contributed by each node plus the number of votes contributed by the cluster quorum disk. The system will automatically calculate the value of the cluster quorum from the total number of expected votes in the cluster.You can specify the expected total votes value as part of the SET CLUSTER/EXPECTED_VOTES command string. If you enter the command without specifying a value for expected votes, the system calculates the value for you, using the following formula:
EXPECTED_VOTES=(NODE1_VOTES+NODE2_VOTES+...)+QUORUM_DISK_VOTESNODEn_VOTES is the value of the system parameter VOTES for each node in the cluster and QUORUM_DISK_VOTES is the value of the system parameter QDSKVOTES.
When you enter the SET CLUSTER/EXPECTED_VOTES command without specifying a value, the system assumes that all nodes that are expected to be in the cluster are currently members.
In general, you use the SET CLUSTER/EXPECTED_VOTES command only when a node is leaving the cluster for an extended period of time. Under normal circumstances, quorum is not reduced when a node leaves the cluster, because it is assumed that the node may be rebooted and rejoin the cluster. If a node is removed and is unable to rejoin the cluster within a reasonable period of time (for example, if a node crashes due to a hardware problem and cannot rejoin the cluster for several days), the quorum for the cluster can safely be reduced by lowering the total expected votes until that node rejoins.
The purpose of a cluster quorum is to eliminate any possibility of the cluster partitioning into separate clusters and simultaneously accessing the same resources (such as disks). If the sum of the votes for all members of the cluster is smaller than the cluster quorum, all nodes will block activity until new nodes join to increase the vote total. Lowering the quorum value (by reducing the value of the total expected votes) when one or more nodes leave the cluster for long periods of time reduces this possibility.
Note that no matter what value you specify for the SET CLUSTER/EXPECTED_VOTES command, you cannot increase quorum to a value that is greater than the number of the votes present, nor can you reduce quorum to a value that is half or fewer of the votes present.
When you enter the SET CLUSTER/EXPECTED_VOTES command, either with or without an expected votes value specified, the system responds with a message indicating the new value that was actually set. Note that you need to enter this command only on one node in the cluster, because the new value for total expected votes is propagated through the cluster. This new expected votes value should then be stored in the system parameter EXPECTED_VOTES on each node, so that it remains in effect after the nodes reboot.
When a node that was previously a member of the cluster is ready to rejoin, you should increase the system parameter EXPECTED_VOTES to its original value before bringing the node back to the cluster. Note that you do not need to use the SET CLUSTER/EXPECTED_VOTES command to increase the number of expected votes, because the expected votes value will be increased automatically when the node rejoins the cluster.
#1 |
---|
$ SET CLUSTER/EXPECTED_VOTES |
The SET CLUSTER command in this example instructs the system to calculate the total expected votes value for you, because no value is specified as part of the command string. The system uses the NODEn_VOTES + QUORUM_DISK_VOTES formula.
#2 |
---|
$ SET CLUSTER/EXPECTED_VOTES=9 |
The SET CLUSTER command in this example sets the total expected votes to 9, which is the value specified in the command string.
Invokes the Command Definition Utility, which adds commands to your process command table or to a specified command table file. For a complete description of the Command Definition Utility, refer to the OpenVMS Command Definition, Librarian, and Message Utilities Manual.
SET COMMAND [filespec[,...]]
[filespec[,...]]
Specifies the name of one or more command definition files. If you specify more than one name, separate them with commas. The default file type is .CLD. Refer to the OpenVMS Command Definition, Librarian, and Message Utilities Manual for more information about writing a command definition file.The asterisk (*) and the percent sign (%) wildcard characters are allowed in the file specification.
/DELETE=(verb[,...])
Specifies /DELETE mode to delete verbs from the command table you are modifying.You can use the /DELETE qualifier to delete a verb in either your process command table or in a command table file specified with the /TABLE qualifier. If you do not use the /TABLE qualifier to specify an alternate command table, the default is to delete verbs from your process command table. If you do not use the /OUTPUT qualifier to specify an output file, the default is to return the modified command table to your process.
The verb specifies a verb to be deleted. If you specify two or more verbs, separate them with commas and enclose the list in parentheses. If you specify only one verb, you can omit the parentheses.
You cannot use the /LISTING, /OBJECT, or /REPLACE qualifiers in /DELETE mode.
/LISTING[=filespec]
/NOLISTING
Controls whether an output listing is created and optionally provides an output file specification for the listing file. A listing file contains a listing of the command definitions along with any error messages. The listing file is similar to a compiler listing.If you specify the /LISTING qualifier and omit the file specification, output is written to the default device and directory; the listing file will have the same name as the first command definition file and a file type of LIS.
You can use the /LISTING qualifier only in /OBJECT or /REPLACE mode; you cannot create a listing in /DELETE mode. In /OBJECT and /REPLACE modes, the default is /NOLISTING.
/OBJECT[=filespec]
Specifies /OBJECT mode to create an object module from a command definition file and optionally provides an object file specification. You cannot use the /OBJECT qualifier to create an object module from a command definition that contains the IMAGE keyword.You can specify only one command definition file when you use SET COMMAND/OBJECT.
If you specify the /OBJECT qualifier and omit the file specification, output is written to the default device and directory; the object file will have the same name as the input file and a file type .OBJ.
You cannot use the /DELETE, /OUTPUT, /REPLACE, or /TABLE qualifiers in /OBJECT mode.
/OUTPUT[=filespec]
/NOOUTPUT
Controls where the modified command table should be placed. If you provide an output file specification, the modified command table is written to the specified file. If you do not provide an output file specification, the edited command table replaces your process table. The /NOOUTPUT qualifier indicates that no output is to be generated.You can specify an output file specification with the /OUTPUT qualifier only when you also use the /TABLE=filespec qualifier to provide the input tables. The default file type is .EXE.
You can use the /OUTPUT qualifier only in /DELETE or /REPLACE mode; you cannot use the /OUTPUT qualifier in /OBJECT mode.
In /DELETE and /REPLACE mode, the default is /OUTPUT with no file specification.
/REPLACE
Specifies /REPLACE mode to add or replace verbs in the command table you are modifying.You can use the /REPLACE qualifier to modify either the process command table or a command table file specified with the /TABLE qualifier. If you do not use the /TABLE qualifier to specify an alternate command table, the default is to modify your process command table. If you do not use the /OUTPUT qualifier to specify an output file, the default is to return the modified command table to your process.
You cannot use the /OBJECT or /DELETE qualifiers in /REPLACE mode.
If you do not explicitly specify /DELETE, /OBJECT, or /REPLACE mode the default is /REPLACE.
/TABLE=[filespec]
Specifies the command table that is to be modified. If you specify the /TABLE qualifier and omit the file specification, the current process command table is modified. If you include a file specification, the specified command table is modified. The default file type is .EXE.If you use the /TABLE qualifier to provide an input command table file, you should also use the /OUTPUT qualifier to provide an output table file. Otherwise, the modified command table will be written to your process and will replace your process command table.
You can only use the /TABLE qualifier in /DELETE or /REPLACE mode; you cannot use the /TABLE qualifier in /OBJECT mode.
In /REPLACE and /DELETE mode, the default is /TABLE with no input file specification.
#1 |
---|
$ SET COMMAND SNAG |
This command adds the commands in SNAG.CLD to the command table in the current process.
#2 |
---|
$ SET COMMAND/OBJECT SNAG |
This command creates an object file using the commands in SNAG.CLD. This object file can then be linked with other object files to process application defined commands.
#3 |
---|
$ SET COMMAND/TABLE=MYTAB/OUTPUT=MYCLI SNAG |
This command adds the commands in SNAG.CLD to the command table MYTAB.EXE and writes the updated table to MYCLI.EXE.
When you use the /TABLE qualifier to specify an input command table, you should use the /OUTPUT qualifier to specify an an output file. Otherwise, your process command table will be overwritten.
#4 |
---|
$ SET COMMAND/DELETE=HOLD |
This command deletes the definition for the verb HOLD from your process command table. The modified command table is returned to your process.
Enables or disables the Ctrl/Y or the Ctrl/T function. Pressing Ctrl/Y interrupts a command and returns you to the DCL command level. Pressing Ctrl/T momentarily interrupts a command to print a line of statistics.SET CONTROL=T requires that SET TERMINAL/BROADCAST be set for the information to be displayed at your terminal.
SET CONTROL [=(T,Y)]
SET NOCONTROL [=(T,Y)]
(T,Y)
Specifies that T (Ctrl/T) or Y (Ctrl/Y) be enabled or disabled. If you specify only one character, you can omit the parentheses. If you do not specify either T or Y, Y is the default.
The Ctrl/Y function provides a general-purpose escape from the current operation. The Ctrl/Y function can generally be used during an interactive terminal session to interrupt the current command, command procedure, or program image.The SET NOCONTROL=Y command can be used for special application programs. When the SET NOCONTROL=Y command is executed in a system-specified command procedure for a particular user at login, that user can communicate only with the application program that controls the terminal.
When you press Ctrl/Y and SET NOCONTROL=Y is in effect, the INTERRUPT message is displayed, but no interruption takes place.1
SET NOCONTROL=Y also disables the Ctrl/C cancel function for all commands and programs that do not have special action routines responding to the Ctrl/C function.
The Ctrl/T function displays a single line of statistical information about the current process. When you press Ctrl/T during an interactive terminal session, it momentarily interrupts the current command, command procedure, or image to display statistics. The statistical information includes the node and user names, the current time, the current process, CPU usage, number of page faults, level of I/O activity, and memory usage. For example:
BOSTON::SMITH 16:21:04 EDT CPU=00:00:03.33 PF=778 IO=296 MEM=277When SET NOCONTROL=T (the default) is in effect, pressing Ctrl/T does not cause any statistics to be displayed.
#1 |
---|
$ SET NOCONTROL=Y |
The SET CONTROL command in this example disables the Ctrl/Y function as well as most Ctrl/C functions.
#2 |
---|
$ SET CONTROL=T |
The SET CONTROL command in this example enables the Ctrl/T function.
#3 |
---|
$ SET NOCONTROL=(T,Y) |
The SET CONTROL command in this example disables both the Ctrl/T and Ctrl/Y functions.
#4 |
---|
$ []Ctrl/T NODE22::SMITH 16:21:04 (DCL) CPU=00:03:29.39 PF=14802 IO=18652 MEM=68 $ SET NOCONTROL=T $ []Ctrl/T |
As shown in this example, when you press Ctrl/T, the system displays the appropriate information. The SET NOCONTROL=T command disables the Ctrl/T function. Now when you press Ctrl/T, no information is displayed.
1 Note that DCL maintains a pending Ctrl/Y asynchronous system trap (AST) to the terminal driver. This affects captive command procedures when using the SET HOST command. For more information, see the description of the SET HOST command. |
Previous | Next | Contents | Index |
privacy and legal statement | ||
9996PRO_047.HTML |