1 CONTINUE' Resumes processing of event records. Format CONTINUE 2 Example; COMMAND> DISPLAY/SINCE=25-JAN-2005/SELECT=USERNAME=JOHNSON COMMAND> CONTINUEA The first command in this example selects only event recordsA generated by user JOHNSON after January 25, 2005. The second> command in the example displays a report based on the new selection criteria. Controls whether records matching the specified criteria areC excluded. If you specify /IGNORE two or more times, the criteriaD are combined. To specify a new set of exclusion criteria, include4 the /REMOVE qualifier with the /IGNORE qualifier. /PAUSE=secondsA For full-format displays (/FULL), specifies the length of time each record is displayed. /REMOVEA Controls whether the criteria specified by the /IGNORE and the> /SELECT qualifiers are no longer to be used to select event records to be displayed. /SELECT=criteria[,...]= Controls whether only those records matching the specifiedC criteria are selected. If you specify /SELECT two or more times,? the criteria are combined. To specify a new set of selection; criteria, include the /REMOVE qualifier with the /SELECT qualifier. /SINCE[=time]C Controls whether only those records dated the sam e or later than# the specified time are selected. 2 Examples' 1.COMMAND> DISPLAY/EVENT_TYPE=SYSUAF COMMAND> CONTINUE@ The first command in this example selects records that were? generated as a result of a modification to the system userA authorization file (SYSUAF). The second command displays the selected records.+ 2.COMMAND> DISPLAY/SELECT=USERNAME=CRICK COMMAND> CONTINUE . . . , COMMA ND> DISPLAY/SELECT=USERNAME=WATSON COMMAND> CONTINUEC The first DISPLAY command in this example selects records thatB were generated by user CRICK. The second command displays theD selected records. The next DISPLAY command selects records thatC were generated by user WATSON. The last command in the example> displays all records generated by users CRICK and WATSON. 1 EXIT Terminates the session. Format EXIT 1 HELP; Provides online help information for using ANALYZE/AUDIT commands. Format HELP [topic] 2 Parameter topic< Specifies the command for which help information is to be> displayed. If you omit the keyword, HELP displays a list ofB available help topics and prompts you for a particular keyword. 2 Example COMMAND> HELP DISPLAYD The command in this example displays help information about the DISPLAY c ommand. 1 LIST> Changes the criteria used to select event records. The LIST2 command is synonymous with the DISPLAY command. Format LIST 2 Qualifiers /BEFORE=time= Controls whether only those records dated earlier than the specified time are selected. /BRIEFC Controls whether a brief (one-line-per-record) format is used in ASCII displays. /EVENT_TYPE=event-type[,...]C Controls whether only those records matching the specified event type are selected. /FULLB Controls whether a full format for each record is used in ASCII displays. /IGNORE=criteria[,...]? Controls whether records matching the specified criteria areC excluded. If you specify /IGNORE two or more times, the criteriaD are combined. To specify a new set of exclusion criteria, include4 the /REMOVE qualifier with the /IGNORE qualifier. /PAUSE=secondsA For full-format displays (/FULL), specifies the length of time each record is displayed. /REMOVEA Controls whether the criteria specified by the /IGNORE and the> /SELECT qualifiers are no longer to be used to select event records to be displayed. /SELECT=criteria[,...]= Controls whether only those records matching the specifiedC criteria are selected. If you specify /SELECT two or more times,? the criteria are combined. To specify a new set of exclusion; criteria, include the /REMOVE qualifier with the /SELECT qualifier. /SINCE[=time]C Controls whether only those records dated the same or later than# the specified time are selected. 2 Example COMMAND> LIST/EVENT_TYPE=SYSUAF COMMAND> CONTINUE@ The first command in this example selects records that were? generated as a result of a modification to the system userA authorization file (SYSUAF). The second command displays the selected records. 1 NEXT 2 FILEA Controls whether the current security audit log file is closed? and the next log file opened. The command is useful when you< supply a wildcard file specification to the ANALYZE/AUDITD command; for example *.AUDIT$JOURNAL. If there are no other audit? log files to open, the audit analysis session terminates and control returns to DCL. Format NEXT FILE 2 RECORD@ Controls whether the next audit record is displayed. The NEXT6 RECORD command is the default for interactive mode.8 This command is synonymous with the POSITION command. Format NEXT RECORD 1 POSITIONB Moves the full-format display forward or backward the specified number of event records. Format POSITION number 2 Parameter numberB For positive numbers, displays the record that is the specifiedD number of records after the current record. For negative numbers,> displays the record that is the specified number of records before the current record. 2 Examples 1.COMMAND> POSITION 100D The command in this example moves the display forward 100 event records. 2.COMMAND> POSITION -100A The command in this example moves the display back 100 event records. 1 SHOWA Displays information about the selection or exclusion criteria0 currently being used to select event records. Format SHOW option[,...] 2 Parameter option[,...]= Displays information about selection or exclusion criteriaA currently being used to select records. Specify one or more of the following options:A ALL Displays all criteria being used to select% event records.B EXCLUSION_CRITERIA Displays the criteria being used to exclude% event records.A SELECTION_CRITERIA Display s the criteria being used to select% event records. 2 Example! COMMAND> SHOW SELECTION_CRITERIA@ The command in this example displays the selection criteria( currently in use to select records.