VMS Help SHOW, AUDIT *Conan The Librarian (sorry for the slow response - running on an old VAX) |
Displays the security auditing characteristics in effect on the system. Requires the SECURITY privilege. Format SHOW AUDIT
1 - Qualifiers |
1.1 - /ALL
Displays all available auditing information including the following: o Location of the system security audit log file o Security events enabled for auditing o Location of the security archive file o Audit server characteristics, such as the action taken if the audit server runs out of memory.
1.2 - /ALARM
Displays the categories of events that are currently enabled; these events will generate messages on any operator's terminal accepting security class messages.
1.3 - /ARCHIVE
Displays the name and location of the security archive file (if archiving is enabled).
1.4 - /AUDIT
Displays the categories of events that are currently enabled to write messages to the system security audit log file.
1.5 - /EXACT
Use with the /PAGE=SAVE and /SEARCH qualifiers to specify a search string that must match the search string exactly and must be enclosed with quotation marks (" "). If you specify the /EXACT qualifier without the /SEARCH qualifier, exact search mode is enabled when you set the search string with the Find (E1) key.
1.6 - /HIGHLIGHT
/HIGHLIGHT[=keyword] Use with the /PAGE=SAVE and /SEARCH qualifiers to specify the type of highlighting you want when a search string is found. When a string is found, the entire line is highlighted. You can use the following keywords: BOLD, BLINK, REVERSE, and UNDERLINE. BOLD is the default highlighting.
1.7 - /JOURNAL
Displays characteristics of the system audit journal.
1.8 - /OUTPUT
/OUTPUT[=filespec] Controls where the output of the command is sent. If you do not enter the /OUTPUT qualifier or if you enter it without a file specification, the output is sent to the default output stream or device for the current process, which is identified by the logical name SYS$OUTPUT. If you enter the /OUTPUT qualifier with a partial file specification (for example, only a directory name), SET AUDIT assigns the file name SHOW with the default file type of .LIS. The file specification cannot include the asterisk (*) and the percent sign (%) wildcard characters.
1.9 - /PAGE
/PAGE[=keyword] /NOPAGE (default) Controls the display of information on the screen. You can use the following keywords with the /PAGE qualifier: CLEAR_SCREEN Clears the screen before each page is displayed. SCROLL Displays information one line at a time. SAVE[=n] Enables screen navigation of information, where n is the number of pages to store. The /PAGE=SAVE qualifier allows you to navigate through screens of information. The /PAGE=SAVE qualifier stores up to 5 screens of up to 255 columns of information. When you use the /PAGE=SAVE qualifier, you can use the following keys to navigate through the information: Key Sequence Description Up arrow key, Ctrl/B Scroll up one line. Down arrow key Scroll down one line. Left arrow key Scroll left one column. Right arrow key Scroll right one column. Find (E1) Specify a string to find when the information is displayed. Insert Here (E2) Scroll right one half screen. Remove (E3) Scroll left one half screen. Select (E4) Toggle 80/132 column mode. Prev Screen (E5) Get the previous page of information. Next Screen (E6), Get the next page of information. Return, Enter, Space F10, Ctrl/Z Exit. (Some utilities define these differently.) Help (F15) Display utility help text. Do (F16) Toggle the display to oldest/newest page. Ctrl/W Refresh the display. The /PAGE qualifier is not compatible with the /OUTPUT qualifier.
1.10 - /SEARCH
/SEARCH="string" Use with the /PAGE=SAVE qualifier to specify a string that you want to find in the information being displayed. Quotation marks are required for the /SEARCH qualifier, if you include spaces in the text string. You can also dynamically change the search string by pressing the Find key (E1) while the information is being displayed. Quotation marks are not required for a dynamic search.
1.11 - /SERVER
Displays audit server characteristics.
1.12 - /WRAP
/WRAP /NOWRAP (default) Use with the /PAGE=SAVE qualifier to limit the number of columns to the width of the screen and to wrap lines that extend beyond the width of the screen to the next line. The /NOWRAP qualifier extends lines beyond the width of the screen and can be seen when you use the scrolling (left and right) features provided by the /PAGE=SAVE qualifier.
2 - Example |
$ SHOW AUDIT/ALL List of audit journals: Journal name: SECURITY Journal owner: (system audit journal) Destination: SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL Monitoring: enabled Warning thresholds, Block count: 100 Duration: 2 00:00:00.0 Action thresholds, Block count: 25 Duration: 0 00:30:00.0 Security auditing server characteristics: Database version: 4.4 Backlog (total): 100, 200, 300 Backlog (process): 5, 2 Server processing intervals: Archive flush: 0 00:01:00:00 Journal flush: 0 00:05:00:00 Resource scan: 0 00:05:00:00 Final resource action: purge oldest audit events Security archiving information: Archiving events: none Archive destination: System security alarms currently enabled for: ACL Authorization INSTALL Time Audit: illformed Breakin: dialup,local,remote,network,detached Login: batch,dialup,local,remote,network,subprocess,detached Logfailure: batch,dialup,local,remote,network,subprocess,detached,server System security audits currently enabled for: ACL Mount Authorization INSTALL Time Audit: illformed Breakin: dialup,local,remote,network,detached Login: batch,dialup,local,remote,network,subprocess,detached,server Logfailure: batch,dialup,local,remote,network,subprocess,detached,server Logout: batch,dialup,local,remote,network,subprocess,detached,server FILE access: Failure: read,write,execute,delete,control The SHOW AUDIT command in this example displays the auditing settings after a system installation. See the SET AUDIT/ENABLE command for descriptions of the individual audit items.
|