AUDIT_SERVER is a detached system process created during system startup that performs security auditing on an OpenVMS system. The following tasks are performed by the audit server:
- Create a clusterwide security audit log file (SECURITY.AUDIT$JOURNAL) in SYS$COMMON:[SYS$MGR]
- Control the logging of security events to the log file and the delivery of alarms to any operator terminals enabled to receive security class messages
- Enable auditing of a site-defined set of security events
- Monitor disk and memory resources
- Maintain a database of security-auditing characteristics
The audit server sends informational and error messages to the operator communication manager (OPCOM). OPCOM broadcasts these messages to operator terminals and writes the messages to the operator log file.
Security auditing settings are stored in the audit server database and can be modified with SET AUDIT and viewed with SHOW AUDIT. Depending on these settings, audit messages can be written to the security audit log file or sent to a security-enabled operator terminal (i.e. security alarms).
The audit server process is started automatically; cluster object support requires the audit server. To shut down security auditing on the system, use the following commands on each node in the cluster:
$ SET AUDIT/ALARM/AUDIT/DISABLE=ALL/CLASS=* $ SET AUDIT/SERVER=EXIT
To restart security auditing and OPCOM on the system, enter:
$ @SYS$SYSTEM:STARTUP OPCOM $ @SYS$SYSTEM:STARTUP AUDIT_SERVER
$ SET PROCESS/PRIVILEGES=(OPER,BYPASS) $ MCR SYSMAN SYSMAN> STARTUP SET DATABASE STARTUP$STARTUP_VMS SYSMAN> STARTUP DISABLE FILE VMS$CONFIG-050_OPCOM.COM/NODE=* SYSMAN> STARTUP DISABLE FILE VMS$CONFIG-050_AUDIT_SERVER.COM /NODE=* SYSMAN> EXIT
$ SET PROCESS/PRIVILEGES=(OPER,BYPASS) $ MCR SYSMAN SYSMAN> STARTUP SET DATABASE STARTUP$STARTUP_VMS SYSMAN> STARTUP ENABLE FILE VMS$CONFIG-050_OPCOM.COM/NODE=* SYSMAN> STARTUP ENABLE FILE VMS$CONFIG-050_AUDIT_SERVER.COM - _SYSMAN> /NODE=* SYSMAN> EXIT