/sys$common/syshlp/helplib.hlb SET, AUDIT, Qualifiers, /SERVER *Conan The Librarian (sorry for the slow response - running on an old VAX) |
/SERVER=keyword[,...] Modifies audit server characteristics. The following table describes keywords for the /SERVER qualifier: Keyword Description CREATE_SYSTEM_LOG This keyword is obsolete. On Alpha, causes the audit server to create a new local system security audit log file. Other audit servers in the cluster are not affected. This keyword may be used by sites operating a multienvironment cluster where it may be necessary to create a new log file on a specific node in the cluster. CREATE_ SYSTEM_LOG is synonymous with NEW_LOG for nonclustered systems. EXIT Initiates an audit server shutdown. This is the only method for removing the audit server process from the system; the audit server cannot be deleted or suspended. FINAL_ Specifies the action the audit server should ACTION=action take when it runs out of memory and cannot buffer messages. (For more information, refer to the discussion of message flow control in the OpenVMS Guide to System Security.) Specify one of the following actions: CRASH - Crash the system if the audit server runs out of memory. IGNORE_NEW - Ignore new event messages until memory is available. New event messages are lost but event messages in memory are saved. PURGE_OLD (default) - Remove old event messages until memory is available for the most current messages. FLUSH Copies all buffered audit and archive records to the security audit log file and security archive file, respectively. INITIATE Enables auditing during system startup. Ordinarily, auditing is started from VMS$LPBEGIN in STARTUP.COM but, if a site redefines the logical name SYS$AUDIT_SERVER_ INHIBIT, the OpenVMS system waits for a SET AUDIT/SERVER=INITIATE command before enabling auditing. NEW_LOG Creates a new clusterwide audit log file. Typically, this is used daily to generate a new version of the audit log file. The following sequence of commands can be used to reset the space monitoring thresholds and then to recreate the auditing log, thereby creating a smaller log file: $ SET AUDIT /JOURNAL=SECURITY /THRESHOLD=WARN=200 $ SET AUDIT /SERVER=NEW_LOG By default, the size of the new auditing log file is based on the size of the previous auditing logs. REDIRECT_SYSTEM_ This keyword is obsolete. LOG On Alpha, causes the audit server on the local node to redirect security event messages to a new audit log file, whose location was defined previously by the /DESTINATION qualifier. Audit server processes (and log files) on other nodes in the cluster are unaffected. RESUME Requests the audit server process to resume normal activity on the system, if adequate disk space is available. Normally, once the resource monitoring action threshold has been reached, the audit server process suspends most system activity and waits 15 minutes before attempting to resume normal system activity. START Starts the audit server process on the system. In order to fully enable the auditing subsystem, the SET AUDIT/SERVER=INITIATE command must be used after the SET AUDIT/SERVER=START command has completed. Compaq recommends using the following command procedure to start the audit server: SYS$SYSTEM:STARTUP AUDIT_SERVER
|