John,
In my reply of Aug 22, 2007 19:32:09 GMT, I stated:
------------
There are "undocumented" tools like set watch file/class=all that will show all XQP related operations, but depending on what the command procedures are doing, you may get so much output that finding what you are looking for as hard as other approaches.
------------
I tried doing this, and to my surprise, it does not display any file activity related to DCL opening command procedures via the "@"
Here's the command file I used on Alpha VMS 7.3-2
Contents of set_watch_file.com
-------------
$ ver='f$verify(1)'
$ abc = " sys$login:show_time.com"
$ set noon
$ old_priv=f$setprv("cmkrnl")
$ abc[0,8] = 64
$ set watch file/class=(all)
$ abc
$ set watch file/class=none
$ junk=f$setprv(old_priv)
$ exit 1+0*f$verify(ver)
-------------
Contents of sys$login:show_time.com
-------------
$ show time
-------------
The only activity that is shown is the access to SETWATCH after the line $ set watch file/class=none
I then modified it to do a DCL open/write of a file, and that is not seen by set watch file either. I assume it is filtering DCL access to files (PPF? or SUPERVISOR mode?) At any rate, sorry for the suggestion that doesn't work.
I've included a log file showing my testing. Normally, you would probably want to use something like /class=(major,directory) instead of /clss=all unless you are really interested in the details provided by /class=all
By the way, AUDITING does show the file accesses, but getting the data is cumbersome, and there is no easy way to correlate where in the DCL procedure the file access is occuring, only time when it happened.
Jon
it depends
