Difference between revisions of "AUDIT SERVER"

From VSI OpenVMS Wiki
Jump to: navigation, search
Line 38: Line 38:
  
 
To start a new audit journal log file, do
 
To start a new audit journal log file, do
  set audit/server=new
+
  SET AUDIT/SERVER=NEW
  
 
This will close the current file and open a new one.
 
This will close the current file and open a new one.
  
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 09:55, 23 August 2023

AUDIT_SERVER is a detached system process created during system startup that performs security auditing on an OpenVMS system. The following tasks are performed by the audit server:

  • Create a clusterwide security audit log file (SECURITY.AUDIT$JOURNAL) in SYS$COMMON:[SYS$MGR]
  • Control the logging of security events to the log file and the delivery of alarms to any operator terminals enabled to receive security class messages
  • Enable auditing of a site-defined set of security events
  • Monitor disk and memory resources
  • Maintain a database of security-auditing characteristics

The audit server sends informational and error messages to the operator communication manager (OPCOM). OPCOM broadcasts these messages to operator terminals and writes the messages to the operator log file.

Security auditing settings are stored in the audit server database and can be modified with SET AUDIT and viewed with SHOW AUDIT. Depending on these settings, audit messages can be written to the security audit log file or sent to a security-enabled operator terminal (i.e. security alarms).

The audit server process is started automatically; cluster object support requires the audit server. To shut down security auditing on the system, use the following commands on each node in the cluster:

$ SET AUDIT/ALARM/AUDIT/DISABLE=ALL/CLASS=*
$ SET AUDIT/SERVER=EXIT

To restart security auditing and OPCOM on the system, enter:

$ @SYS$SYSTEM:STARTUP OPCOM
$ @SYS$SYSTEM:STARTUP AUDIT_SERVER

To avoid starting the audit server during startup, remove it from the startup database (requires OPER and BYPASS:

$ SET PROCESS/PRIVILEGES=(OPER,BYPASS)
$ MCR SYSMAN
SYSMAN> STARTUP SET DATABASE STARTUP$STARTUP_VMS
SYSMAN> STARTUP DISABLE FILE VMS$CONFIG-050_OPCOM.COM/NODE=*
SYSMAN> STARTUP DISABLE FILE VMS$CONFIG-050_AUDIT_SERVER.COM /NODE=*
SYSMAN> EXIT

To add the audit server to the startup sequence, add it to the startup database (requires OPER and BYPASS:

$ SET PROCESS/PRIVILEGES=(OPER,BYPASS)
$ MCR SYSMAN
SYSMAN> STARTUP SET DATABASE STARTUP$STARTUP_VMS
SYSMAN> STARTUP ENABLE FILE VMS$CONFIG-050_OPCOM.COM/NODE=*
SYSMAN> STARTUP ENABLE FILE VMS$CONFIG-050_AUDIT_SERVER.COM /NODE=*
SYSMAN> EXIT

To start a new audit journal log file, do

SET AUDIT/SERVER=NEW

This will close the current file and open a new one.