Displays the security auditing characteristics in effect on the
system.
Requires the SECURITY privilege.
Format
SHOW AUDIT
1 – Qualifiers
1.1 /ALL
Displays all available auditing information including the
following:
o Location of the system security audit log file
o Security events enabled for auditing
o Location of the security archive file
o Audit server characteristics, such as the action taken if the
audit server runs out of memory.
1.2 /ALARM
Displays the categories of events that are currently enabled;
these events will generate messages on any operator's terminal
accepting security class messages.
1.3 /ARCHIVE
Displays the name and location of the security archive file (if
archiving is enabled).
1.4 /AUDIT
Displays the categories of events that are currently enabled to
write messages to the system security audit log file.
1.5 /EXACT
Use with the /PAGE=SAVE and /SEARCH qualifiers to specify a
search string that must match the search string exactly and must
be enclosed with quotation marks (" ").
If you specify the /EXACT qualifier without the /SEARCH
qualifier, exact search mode is enabled when you set the search
string with the Find (E1) key.
1.6 /HIGHLIGHT
/HIGHLIGHT[=keyword]
Use with the /PAGE=SAVE and /SEARCH qualifiers to specify the
type of highlighting you want when a search string is found. When
a string is found, the entire line is highlighted. You can use
the following keywords: BOLD, BLINK, REVERSE, and UNDERLINE. BOLD
is the default highlighting.
1.7 /JOURNAL
Displays characteristics of the system audit journal.
1.8 /OUTPUT
/OUTPUT[=filespec]
Controls where the output of the command is sent. If you do not
enter the /OUTPUT qualifier or if you enter it without a file
specification, the output is sent to the default output stream
or device for the current process, which is identified by the
logical name SYS$OUTPUT.
If you enter the /OUTPUT qualifier with a partial file
specification (for example, only a directory name), SET AUDIT
assigns the file name SHOW with the default file type of .LIS.
The file specification cannot include the asterisk (*) and the
percent sign (%) wildcard characters.
1.9 /PAGE
/PAGE[=keyword]
/NOPAGE (default)
Controls the display of information on the screen.
You can use the following keywords with the /PAGE qualifier:
CLEAR_SCREEN Clears the screen before each page is displayed.
SCROLL Displays information one line at a time.
SAVE[=n] Enables screen navigation of information, where n
is the number of pages to store.
The /PAGE=SAVE qualifier allows you to navigate through screens
of information. The /PAGE=SAVE qualifier stores up to 5 screens
of up to 255 columns of information. When you use the /PAGE=SAVE
qualifier, you can use the following keys to navigate through the
information:
Key Sequence Description
Up arrow key, Ctrl/B Scroll up one line.
Down arrow key Scroll down one line.
Left arrow key Scroll left one column.
Right arrow key Scroll right one column.
Find (E1) Specify a string to find when the
information is displayed.
Insert Here (E2) Scroll right one half screen.
Remove (E3) Scroll left one half screen.
Select (E4) Toggle 80/132 column mode.
Prev Screen (E5) Get the previous page of information.
Next Screen (E6), Get the next page of information.
Return, Enter, Space
F10, Ctrl/Z Exit. (Some utilities define these
differently.)
Help (F15) Display utility help text.
Do (F16) Toggle the display to oldest/newest
page.
Ctrl/W Refresh the display.
The /PAGE qualifier is not compatible with the /OUTPUT qualifier.
1.10 /SEARCH
/SEARCH="string"
Use with the /PAGE=SAVE qualifier to specify a string that you
want to find in the information being displayed. Quotation marks
are required for the /SEARCH qualifier, if you include spaces in
the text string.
You can also dynamically change the search string by pressing the
Find key (E1) while the information is being displayed. Quotation
marks are not required for a dynamic search.
1.11 /SERVER
Displays audit server characteristics.
1.12 /WRAP
/WRAP
/NOWRAP (default)
Use with the /PAGE=SAVE qualifier to limit the number of columns
to the width of the screen and to wrap lines that extend beyond
the width of the screen to the next line.
The /NOWRAP qualifier extends lines beyond the width of the
screen and can be seen when you use the scrolling (left and
right) features provided by the /PAGE=SAVE qualifier.
2 – Example
$ SHOW AUDIT/ALL
List of audit journals:
Journal name: SECURITY
Journal owner: (system audit journal)
Destination: SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL
Monitoring: enabled
Warning thresholds, Block count: 100 Duration: 2 00:00:00.0
Action thresholds, Block count: 25 Duration: 0 00:30:00.0
Security auditing server characteristics:
Database version: 4.4
Backlog (total): 100, 200, 300
Backlog (process): 5, 2
Server processing intervals:
Archive flush: 0 00:01:00:00
Journal flush: 0 00:05:00:00
Resource scan: 0 00:05:00:00
Final resource action: purge oldest audit events
Security archiving information:
Archiving events: none
Archive destination:
System security alarms currently enabled for:
ACL
Authorization
INSTALL
Time
Audit: illformed
Breakin: dialup,local,remote,network,detached
Login: batch,dialup,local,remote,network,subprocess,detached
Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
System security audits currently enabled for:
ACL
Mount
Authorization
INSTALL
Time
Audit: illformed
Breakin: dialup,local,remote,network,detached
Login: batch,dialup,local,remote,network,subprocess,detached,server
Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
Logout: batch,dialup,local,remote,network,subprocess,detached,server
FILE access:
Failure: read,write,execute,delete,control
The SHOW AUDIT command in this example displays the auditing
settings after a system installation. See the SET AUDIT/ENABLE
command for descriptions of the individual audit items.