VMS Help
ANALYZE, /AUDIT, /EVENT_TYPE

 *Conan The Librarian (sorry for the slow response - running on an old VAX)

    Selects the classes of events to be extracted from the security
    log file. If you omit the qualifier or specify the ALL keyword,
    the utility includes all enabled event classes in the report.

    Format

      /EVENT_TYPE=(event-type[,...])

    event type[,...]

    Specifies the classes of events used to select records. You can
    specify any of the following event types:

    [NO]ACCESS         Access to an object, such as a file
    [NO]ALL            All event types
    [NO]AUDIT          Use of the SET AUDIT command
    [NO]AUTHORIZATION  Change to the authorization database (SYSUAF.DAT,
                       RIGHTSLIST.DAT, NETPROXY.DAT, or NET$PROXY.DAT)
    [NO]BREAKIN        Break-in detection
    [NO]CONNECTION     Establishment of a network connection through the
                       System Management utility (SYSMAN), DECwindows,
                       or interprocess communication (IPC) software or
                       DECnet Phase IV (VAX only)
    [NO]CREATE         Creation of an object
    [NO]DEACCESS       Completion of access to an object
    [NO]DELETE         Deletion of an object
    [NO]INSTALL        Modification of the known file list with the
                       Install utility (INSTALL)
    [NO]LOGFAIL        Unsuccessful login attempt
    [NO]LOGIN          Successful login
    [NO]LOGOUT         Successful logout
    [NO]MOUNT          Execution of DCL commands MOUNT or DISMOUNT
    [NO]NCP            Modification of the DECnet network configuration
                       databases
    [NO]NETPROXY       Modification of the network proxy authorization
                       file (NETPROXY.DAT or NET$PROXY.DAT)
    [NO]PRIVILEGE      Privilege auditing
    [NO]PROCESS        Use of one or more of the process control system
                       services: $CREPRC, $DELPRC, $SCHDWK, $CANWAK,
                       $WAKE, $SUSPND, $RESUME, $GRANTID, $REVOKID,
                       $GETJPI, $FORCEX, $SETPRI
    [NO]RIGHTSDB       Modification of the rights database (RIGHTSLIST.DAT)
    [NO]SYSGEN         Modification of system parameters through the
                       System Generation utility (SYSGEN) or AUTOGEN
    [NO]SYSUAF         Modification of the system user authorization
                       file (SYSUAF.DAT)
    [NO]TIME           Change in system or cluster time

    Specifying the negated form of an event class (for example,
    NOLOGFAIL) excludes the specified event class from the audit report.

  1 - Examples

    1.$ ANALYZE/AUDIT/EVENT_TYPE=LOGFAIL -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example extracts all records of unsuccessful
      login attempts, which match the LOGFAIL class, and compiles a
      brief report.

    2.$ ANALYZE/AUDIT/EVENT_TYPE=(NOLOGIN,NOLOGOUT) -
      _$ SYS$MANAGER:SECURITY.AUDIT$JOURNAL

      The command in this example builds a report in brief format of
      all audit records except those in the LOGIN and LOGOUT event
      classes.
  Close     HLB-list     TLB-list     Help  

[legal] [privacy] [GNU] [policy] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.