VMS Help
ANALYZE, /AUDIT, /EVENT_TYPE
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
|
Selects the classes of events to be extracted from the security
log file. If you omit the qualifier or specify the ALL keyword,
the utility includes all enabled event classes in the report.
Format
/EVENT_TYPE=(event-type[,...])
event type[,...]
Specifies the classes of events used to select records. You can
specify any of the following event types:
[NO]ACCESS Access to an object, such as a file
[NO]ALL All event types
[NO]AUDIT Use of the SET AUDIT command
[NO]AUTHORIZATION Change to the authorization database (SYSUAF.DAT,
RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT)
[NO]BREAKIN Break-in detection
[NO]CONNECTION Establishment of a network connection through the
System Management utility (SYSMAN), DECwindows,
or interprocess communication (IPC) software or
DECnet Phase IV (VAX only)
[NO]CREATE Creation of an object
[NO]DEACCESS Completion of access to an object
[NO]DELETE Deletion of an object
[NO]INSTALL Modification of the known file list with the
Install utility (INSTALL)
[NO]LOGFAIL Unsuccessful login attempt
[NO]LOGIN Successful login
[NO]LOGOUT Successful logout
[NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT
[NO]NCP Modification of the DECnet network configuration
databases
[NO]NETPROXY Modification of the network proxy authorization
file (NETPROXY.DAT or NET$PROXY.DAT)
[NO]PRIVILEGE Privilege auditing
[NO]PROCESS Use of one or more of the process control system
services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK,
$WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID,
$GETJPI, $FORCEX, $SETPRI
[NO]RIGHTSDB Modification of the rights database (RIGHTSLIST.DAT)
[NO]SYSGEN Modification of system parameters through the
System Generation utility (SYSGEN) or AUTOGEN
[NO]SYSUAF Modification of the system user authorization
file (SYSUAF.DAT)
[NO]TIME Change in system or cluster time
Specifying the negated form of an event class (for example,
NOLOGFAIL) excludes the specified event class from the audit report.
1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example extracts all records of unsuccessful
login attempts, which match the LOGFAIL class, and compiles a
brief report.
2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
_$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL
The command in this example builds a report in brief format of
all audit records except those in the LOGIN and LOGOUT event
classes.
[legal]
[privacy]
[GNU]
[policy]
[netiquette]
[sponsors]
[FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.