PATHWORKS for OpenVMS (Advanced Server)
Server Administrator's Guide


Previous Contents Index

6.2.3.5 Setting and Displaying Auditing for Files and Directories

You can set and display the audit trail for a specific file or directory using the SET FILE and SHOW FILE commands.

Use the SET FILE command with the /AUDIT qualifier to specify the events to audit. The syntax for the SET FILE command is:

SET FILE path username/AUDIT=(audittype=event[,audittype=event,...])

The following table lists the audittypes you can specify using the SET FILE/AUDIT command.

Table 6-6 SET FILE Audit Types
Audit Type Meaning
SUCCESS= event Record successful events.
FAILURE= event Record unsuccessful events.
NONE Record no events.

The following table lists the file and directory access events you can specify for event. The [NO] prefix clears auditing of the specified event.

Table 6-7 Auditable Access Events for Files and Directories
Event Meaning
ALL Audits all events.
NONE Audits no events.
[NO]READ Audits attempts to display file names, attributes, permissions, and owner.
[NO]WRITE Audits attempts to create subdirectories and files, change attributes, and display permissions and owner.
[NO]EXECUTE Audits attempts to display attributes, permissions, and owner, and attempts to change subdirectories.
[NO]DELETE Audits attempts to delete a directory.
[NO]CHANGE_PERMISSIONS Audits attempts to change directory permissions.
[NO]TAKE_OWNERSHIP Audits attempts to change directory ownership.

For example, to set auditing of operations on the LANMAN.INI file, enter the following command:


LANDOFOZ\\TINMAN> SET FILE C$\LANMAN\LANMAN.INI- 
_LANDOFOZ\\TINMAN>/AUDIT=(SUCCESS=ALL,FAILURE=ALL) 
%PWRK-S-FILEMOD, "\\TINMAN\C$\LANMAN\LANMAN.INI" modified 
%PWRK-S-FILESMODIFIED, total of 1 file modified 
 
LANDOFOZ\\TINMAN> 

To display the audit settings for a file:

Use the SHOW FILES/AUDIT command. For example:


LANDOFOZ\\TINMAN> SHOW FILES C$\LANMAN\LANMAN.INI/AUDIT 
 
Files in: \\TINMAN\C$\LANMAN 
    LANMAN.INI 
        Audit Events:                   Success         Failure 
           LION                         RWXDPO          RWXDPO 
 
  Owner: Administrator 
 
Total of 1 file 
 
LANDOFOZ\\TINMAN> 

6.2.4 PATHWORKS Log Files

The PATHWORKS Advanced Server records several types of messages in log files in the following locations:

The following table lists the log files kept in the PWRK$LOGS and PWRK$LMLOGS areas.

Table 6-8 Log File Names
Log File Name Message Type
In PWRK$LOGS:
NETBIOS_ nodename .LOG NetBIOS protocol over DECnet
NETBIOS_ERROR.LOG NetBIOS protocol over DECnet error
NETBIOS_OUTPUT.LOG NetBIOS protocol over DECnet output
PWRK$CONFIG_INFO_ nodename.LOG Configuration information
PWRK$CONFIG_ERROR_ nodename.LOG Configuration errors
PWRK$KNBDAEMON_ nodename.LOG NetBIOS protocol over TCP/IP
PWRK$LICENSE_R_ nodename.LOG License registrar
PWRK$LICENSE_REGISTRAR_ nodename.LOG License registrar
PWRK$LICENSE_S_ nodename.LOG License server
PWRK$LICENSE_SERVER_ nodename.LOG License server
PWRK$MASTER_ nodename.LOG Master process (process start and shutdown)
PWRK$MONITOR_ nodename.LOG Monitor process
PWRK$NBDAEMON_ nodename.LOG NetBIOS protocol over NetBEUI
In PWRKS$LMLOGS:
PWRK$ADMIN_ n_ nodename.LOG Remo te task command
PWRK$LMDMN_ nodename.LOG LAN Manager daemon
PWRK$LMMCP_ nodename.LOG Master control process
PWRK$LMSRV_ nodename.LOG File server process
PWRK$LMBROWSER_ nodename.LOG Browser
PWRK$UPGRADE.LOG Upgrade utility

6.2.4.1 Displaying Log Files

You can use any ASCII text editor to look at log files, so long as the log files are not open (that is, in use).

The log files store records of the messages that have occurred during server operation. Not all the messages in the log need your attention. Many messages are caused by communication problems from which the server recovers automatically. If the server fails to recover from a problem, log files can provide you with information about the cause of the problem.

You can examine messages recorded in any log file. Each line in a log file provides information about logged entries, including a date and time stamp. For example, the PWRK$LMSRV_nodename.LOG file provides information about cache exhaustion messages.

6.3 Troubleshooting Server Problems

To troubleshoot server problems, you should be familiar with the following topics:

6.3.1 Troubleshooting Overview

The following sections describe how to determine the cause of a server problem and solve it if possible. Problem resolution includes determining whether or not the problem is caused by the PATHWORKS Advanced Server software. To solve client-based problems, hardware problems, and application-specific problems, see the documentation for the specific products involved.

Troubleshooting a server problem requires the following steps:

  1. Collecting information about the problem
  2. Analyzing the problem to determine its characteristics and to isolate the cause of the problem
  3. Solving the problem

The following sections describe each step in more detail.

6.3.1.1 Step 1: Collecting Information About the Problem

When you first detect a server problem, or when the problem is reported, collect as much information as possible immediately. Record the following information:

If you are investigating a recurring or ongoing problem, you should, if possible, implement an immediate solution that allows the client to continue working. Record server problems and save a dump file, if one was generated, and save associated log files and data files before restarting the server or changing the server configuration. You can use the information gathering command procedure SYS$STARTUP:PWRK$GATHER_INFO.COM to save these files.

6.3.1.2 Step 2: Analyzing the Problem

When you analyze the server problem, you should also look for the solution to the problem. Therefore, you must isolate the component that needs to be modified, replaced, removed, or enhanced.

PATHWORKS Advanced Server software provides information in log files and tools to help you determine the cause of a server problem. These tools keep records of activities and errors. You can use them to isolate problem areas and to help solve problems. You may be able to solve the problem using the PATHWORKS Advanced Server commands and utilities.

6.3.1.3 Step 3: Solving the Problem

The cause of a server problem may be within your ability to correct. At best, you may determine a configuration or definition change that will correct the problem. Or, you may be able to modify a server parameter or disable a service until the problem is solved more satisfactorily.

The procedure for solving a server problem depends on your ability to capture information about the problem and the state of the server at the time of the problem. If a problem is reported to be intermittent and is difficult to reproduce at will, the procedure for analysis and solution will take longer and be more difficult. Thus, it is particularly important to collect detailed information as soon as the problem is reported.

The following sections show how to use the PATHWORKS Advanced Server tools in the problem-solving process. Using these tools, you can modify the server to report on network activity and events, providing more detailed investigation of problems that you have already determined to be caused by the server or its network resources.

If you cannot determine the cause of a server problem, or if you cannot solve the problem, report the problem to your Compaq service contact and keep the PATHWORKS data structure PWRK$LMROOT and the log files for future analysis.

To help you report the information required for analyzing a server problem, the PATHWORKS for OpenVMS software includes a procedure you can run to gather server information.

To gather information about server status:

Enter the following commands:


$ SET DEFAULT SYS$STARTUP 
$ @PWRK$GATHER_INFO.COM 

The resulting file (PATHWORKS_AS_INFO.BCK) is a BACKUP saveset containing copies of the PATHWORKS log files and dump files.

If the problem you are investigating causes a system-wide failure, create a dump file for the system. The system dump file captures system information. Be sure to verify that your system dump file size is sufficient to capture a full system dump.

6.3.2 The Problem Analysis Process

Problem analysis is a process of elimination. Given little information to start, you must begin at the general level and use the information-gathering tools described in this chapter to determine the area from which the problem originates. If you have sufficient information at the beginning to isolate the problem area or if the problem is ongoing or if you can reproduce the problem, you can proceed directly to the section in this chapter that addresses the type of problem you are investigating.

The problem-solving procedure differs depending on the type of problem reported. The following sections describe several types of problems, in analytical order, from the generic characteristics of server problems to the more specific.

Problem types are characterized by behavior or source as follows:

6.3.2.1 Intermittent Problems

Intermittent problems are those that are not easily reproducible. They may not prevent server operation, like ongoing problems, and they may be difficult to analyze and solve. For these types of problems, your analysis depends heavily on the log files and messages reported before and during the time the problem occurred. To help locate such problems, you can use network traces, both on the condition where the problem can be reproduced, and when the problem is intermittent.

For intermittent problems, use the following procedure:

Table 6-9 Procedure for Solving Intermittent Problems
Step 1: Collect Information Step 2: Analyze the Problem Step 3: Solve the Problem
Record the time and date when the problem occurred, the nature of the symptoms, the computer name of the client, if any. Related information can include applications that have connections to the server, server shares, and resources consumed by the client. Check for alerts around the time the problem occurred. Attempt to reproduce the problem on the same client and on other clients in the domain. You can enable and modify the Alerter service to provide more specific, immediate error notification. If the problem circumstances can be reproduced, use the Alerter service to watch the messages during the occurrence of the problem.
   
If the problem is unique to a specific group or one client, see Analyze the Problem in the next column of this table.

If the problem is continuous, or if you can reproduce the problem at will, continue to Section 6.3.2.2, Domain and Computer Problems.

Use the SHOW EVENTS command to see the event messages that were recorded for the time the problem occurred. Enable additional event/audit tracking to get more detailed information. See Section 6.2.3, Event Logging in this guide for more information.

Check PATHWORKS log files for additional messages. (See Section 6.2.4, PATHWORKS Log Files.)

Review events and log files to isolate the cause of the problem and address it accordingly.

Intermittent problems that do not prevent use of the server may be due to faulty hardware. Check the connections to the client, the client configuration, and the network hardware.

6.3.2.2 Domain and Computer Problems

The domain-wide functions of the server depend on its role in the domain and on the other servers in the domain. The PATHWORKS command line interface lets you display information about the domain and modify server activity in the domain.

For domain and computer problems, use the following procedure:

Table 6-10 Procedure for Solving Domain and Computer Problems
Step 1: Collect Information Step 2: Analyze the Problem Step 3: Solve the Problem
Determine whether users of other computers in the domain receive error messages when attempting to connect to a server, or whether server administrators receive error messages using ADMINISTER commands. If so, the problem may be due to a server's relationship to the other servers in the domain. Use the SHOW COMPUTERS command to determine the status of other computers in the domain. Use the REMOVE COMPUTER command to take the computer off the domain.

Use the SET COMPUTER/ACCOUNT_SYNCH command to synchronize the user accounts database across the domain.

Use the SET COMPUTER/ROLE command to change the server role of a server in the domain. (See Section 2.2.3, Changing a Server's Role in a Domain.)

 
Domain problems may require changes on multiple servers in the domain. Use the SHOW ADMINISTER command to display the server and domain name of the server currently being administered. Use the SET ADMINISTRATION command to set the server and domain name of the server to be managed. (See Section 2.2.2, Administering Another Domain in this guide, for more information.)
 
When setting up trusts between domains, determine whether you receive the error message "Could not find domain controller for this domain." Check that each domain has a running domain controller.

Check that both domains are running the same transport protocol (TCP/IP, DECnet, or NetBEUI).

Start at least one server in each domain.

Use the Configuration Manager to enable the same transport on both domains. (See Chapter 7, Managing Your Configuration.)

6.3.2.3 Server Operation Problems

If the server fails to complete routine operations, the log files and error messages from the software usually indicate the nature and source of the problem.

If problems occur during server startup, shutdown, or failover, use the following procedure:

Table 6-11 Procedure for Solving Server Operation Problems
Step 1: Collect Information Step 2: Analyze the Problem Step 3: Solve the Problem
Check the error messages seen during failing procedures and operations. Use PATHWORKS Advanced Server log files to display messages about problems during software startup and operation. Use the Configuration Manager to modify server parameters that affect the way the server runs (see Chapter 7, Managing Your Configuration), or modify LANMAN.INI parameters (see Appendix A, The LANMAN.INI File in this guide).
 
Check service startup failures, which are logged in the System Event log files. Use the SHOW EVENTS command to display System events. Use the START SERVICES and STOP SERVICES commands to manage services.

6.3.2.4 Problems with Services

PATHWORKS Advanced Server software includes several optional services. For example, Auditing is a service useful for analyzing server problems. However, the services must be enabled.

If services are not enabled to run, use the following procedure:

Table 6-12 Procedure for Solving Service Problems
Step 1: Collect Information Step 2: Analyze the Problem Step 3: Solve the Problem
Check whether the services are running. Use the SHOW SERVICES command to display the services and their status (enabled or disabled). Use the following commands to control the operation of the services:

START SERVICE
STOP SERVICE
PAUSE SERVICE
CONTINUE SERVICE

(See Section 2.4.3, Managing Services for more information.)

6.3.2.5 Client Connection Problems

Clients may be individually or collectively reporting a failure to connect to the server or selected shares, or reporting slow response time in connecting to the server or the share.

If the problem affects a client, a group, or all clients attempting to access the server, use the following procedure:

Table 6-13 Procedure for Solving Client Connection Problems
Step 1: Collect Information Step 2: Analyze the Problem Step 3: Solve the Problem
If a client cannot end a session or there are too many sessions, you can control the user sessions. Use the SHOW SESSIONS command to display current PATHWORKS Advanced Server client sessions. Use the CLOSE SESSION command to close unneeded sessions.
 
If more than one client reports a problem when connection to the server is lost or with slow response time, the problem may be caused by too many connections to the same server. Use the SHOW
CONNECTIONS command to display the connections that clients have established to PATHWORKS Advanced Server shares.
Use the CLOSE CONNECTION command to end one or more connections.
 
If some clients report problems connecting to a share, the problem may be caused by too many connections. Use the SHOW SHARES command to display information about the connection limit on the share. Use the MODIFY SHARE command to change the connection limit on the share.
 
If clients report failure to access a specific file, the problem may be caused by incorrect permission settings on the file. Use the SHOW FILE command to display files that are open, clients who have the files open, and the permissions granted to the clients. Use the
SET FILE/PERMISSIONS command to let you set the file permissions correctly.
 
Determine whether a client trying to log on over a WAN gets the "logon but not validated" message. These clients use NetBIOS to send logon requests and these requests do not go over the router. Use LMHOST or a WINS server so that logon requests can be routed to the primary domain controller for authentication.


Previous Next Contents Index