VMS Help  —  ANALYZE  /AUDIT  /SUMMARY
    Specifies that a summary of the selected records be produced
    after all records are processed.

    Note that the /SUMMARY qualifier code is executed after the
    Audit Analyzer is finished, that is, after all the records to be
    analyzed have been collected and processed. When you specify the
    /INTERACTIVE qualifier (which is the default), the Audit Analyzer
    never reaches the finished state because /INTERACTIVE prompts you
    repeatedly to enter another command (which might result in a new
    set of records to be analyzed).

    To use the /SUMMARY qualifier, you must also specify
    /NOINTERACTIVE, which ensures that the Audit Analyzer reaches
    the finished state that allows the SUMMARY code to be executed
    and to display the proper information. In a future version of
    OpenVMS, the Audit Analyzer will return an error when /SUMMARY
    and /INTERACTIVE are specified together.

    You can use the /SUMMARY qualifier alone or in combination with
    the /BRIEF, the /BINARY, or the /FULL qualifier.

    Format

      /SUMMARY=presentation

      /NOSUMMARY

    presentation

    Specifies the presentation of the summary. If you do not specify
    a presentation criterion, ANALYZE/AUDIT summarizes the number of
    audits.

    You can specify either of the following presentations:

    COUNT

    Lists the total number of audit messages for each class of
    security event that have been extracted from the security audit
    log file. This is the default.

    PLOT

    Displays a plot showing the class of the audit event, the time
    of day when the audit was generated, and the name of the system
    where the audit was generated.

1  –  Examples

    1.$ ANALYZE/AUDIT/SUMMARY SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example generates a summary report of all
      records processed.

        Total records read:        9701          Records selected:          9701
        Record buffer size:        1031
        Successful logins:          542          Object creates:            1278
        Successful logouts:         531          Object accesses:           3761
        Login failures:              35          Object deaccesses:         2901
        Breakin attempts:             2          Object deletes:             301
        System UAF changes:          10          Volume (dis)mounts:          50
        Rights db changes:            8          System time changes:          0
        Netproxy changes:             5          Server messages:              0
        Audit changes:                7          Connections:                  0
        Installed db changes:        50          Process control audits:       0
        Sysgen changes:               9          Privilege audits:            91
        NCP command lines:          120

    2.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example generates a full format listing
      of all logged audit messages that match the break-in or log
      failure event classes. A summary report is included at the end
      of the listing.

    3.$ ANALYZE/AUDIT/FULL/EVENT_TYPE=(BREAKIN,LOGFAIL)/SUMMARY=PLOT -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      This command generates a histogram that you can display on a
      character-cell terminal.
Close Help