/sys$common/syshlp/HELPLIB.HLB  —  SET  AUDIT  Qualifiers  /ENABLE
       /ENABLE=(keyword[,...])

    Enables alarms or audits for the specified events. To enable all
    system events and file access events, specify the keyword ALL.
    You must specify at least one keyword. You must also specify
    either the /ALARM or /AUDIT qualifier, or both, when you use the
    /ENABLE qualifier.

    The keywords that you can specify with either the /ENABLE or the
    /DISABLE qualifier are as follows:

    Keyword           Description

    ACCESS=(condition Specifies access events for all objects in
                      a class. (To audit a single object, use an
    [:access[,...]]   auditing ACE and enable the access control list
    [,...])           (ACL) category.)

                      HP recommends that when you enable auditing
                      conditionally, you enable it for all possible
                      forms of access because the system can check
                      access rights at several points during an
                      operation. (For example, a FAILURE might occur
                      on a read or write access check.)

                      See the HP OpenVMS Guide to System Security for
                      information about the various types of access
                      permitted on each class. (For example, the
                      Access keyword, CREATE, is not defined for FILE
                      objects.)

                      Condition      Description
                      Keyword

                      ALL            All object access

                      BYPASS         Successful object access due to
                                     the use of the BYPASS privilege

                      FAILURE        Unsuccessful object access

                      GRPPRV         Successful object access due to
                                     the use of the group privilege
                                     (GRPPRV)

                      READALL        Successful object access due to
                                     the use of the READALL privilege

                      SUCCESS        Successful object access

                      SYSPRV         Successful object access due to
                                     the use of the system privilege
                                     (SYSPRV)

                      Access         Description
                      Keyword

                      ALL            All types of access

                      ASSOCIATE      Associate access

                      CONTROL        Control access to examine or
                                     change security characteristics

                      CREATE         Create access. To audit create
                                     events for files, use the CREATE
                                     keyword.

                      DELETE         Delete access

                      EXECUTE        Execute access

                      LOCK           Lock access

                      LOGICAL        Logical I/O access

                      MANAGE         Manage access

                      PHYSICAL       Physical I/O access

                      READ           Read access

                      SUBMIT         Submit access

                      WRITE          Write access

    ACL               Specifies an event requested by an audit or
                      alarm ACE in the access control list (ACL) of
                      an object. To audit all objects of a class, use
                      the ACCESS keyword.

    ALL               Specifies all system events and file access
                      events. It does not enable access events for
                      object classes other than FILE.

    AUDIT=keyword     Specifies events within the auditing subsystem.
                      Only one keyword is currently defined.
                      Keyword        Description

                      ILLFORMED      Specifies illformed events from
                                     internal calls (identified by
                                     NSA$M_INTERNAL) to $AUDIT_
                                     EVENT, $CHECK_PRIVILEGE,
                                     $CHKPRO, or $CHECK_ACCESS system
                                     services. An illformed event
                                     is caused by an incomplete or
                                     syntactically incorrect argument
                                     being supplied to one of these
                                     system services by a piece of
                                     privileged code.

    AUTHORIZATION     Specifies the modification of any portion of
                      the system user authorization file (SYSUAF),
                      network proxy authorization file (NETPROXY),
                      or the rights list (RIGHTLIST) (including
                      password changes made through the AUTHORIZE,
                      SET PASSWORD, or LOGINOUT commands or the
                      $SETUAI system service).

    BREAKIN=(keyword  Specifies the occurrence of one or more classes
    [,...])           of break-in attempts, as specified by one or
                      more of the following keywords:

                         ALL
                         DETACHED
                         DIALUP
                         LOCAL
                         NETWORK
                         REMOTE

    CONNECTION        Specifies a logical link connection or
                      termination through DECnet-Plus, DECnet Phase
                      IV, DECwindows, $IPC, or SYSMAN.

    CREATE            Specifies the creation of an object. Requires
                      the /CLASS qualifier if it is not a file.

    DEACCESS          Specifies deaccess from an object. Requires the
                      /CLASS qualifier if it is not a file.

    DELETE            Specifies the deletion of an object. Requires
                      the /CLASS=DEVICE qualifier.

    FILE_ACCESS=      This keyword is obsolete and is superseded
    (keyword[,...])   by the ACCESS keyword, which is valid on all
                      OpenVMS Version 6.1 or higher systems. On
                      Alpha, this keyword specifies the occurrence
                      of file and global section access events
                      (regardless of the value given in the object's
                      access control list [ACL], if any).

    IDENTIFIER        Specifies that the use of identifiers as
                      privileges should be audited. For further
                      information, see the HP OpenVMS Guide to System
                      Security.

    INSTALL           Specifies modifications made to the known file
                      list through the INSTALL utility.

    LOGFAILURE=       Specifies the occurrence of one or more
    (keyword[,...])   classes of login failures, as specified by
                      the following keywords:

                      ALL            All possible types of login
                                     failures

                      BATCH          Batch process login failure

                      DETACHED       Detached process login failure

                      DIALUP         Dialup interactive login failure

                      LOCAL          Local interactive login failure

                      NETWORK        Network server task login
                                     failure

                      REMOTE         Interactive login failure
                                     from another network node, for
                                     example, with a SET HOST command

                      SERVER         Server or TCB-based login
                                     failure.

                      SUBPROCESS     Subprocess login failure

    LOGIN=            Specifies the occurrence of one or more
    (keyword[,...])   classes of login attempts, as specified by the
                      following keywords. See the LOGFAILURE keyword
                      for further description.

                         ALL            BATCH
                         DETACHED       DIALUP
                         LOCAL          NETWORK
                         REMOTE         SERVER
                         SUBPROCESS

    LOGOUT=           Specifies the occurrence of one or more classes
    (keyword[,...])   of logouts, as specified by the following
                      keywords. See the LOGFAILURE keyword for
                      further description.

                         ALL            BATCH
                         DETACHED       DIALUP
                         LOCAL          NETWORK
                         REMOTE         SERVER
                         SUBPROCESS

    MOUNT             Specifies a mount or dismount operation.

    NCP               Specifies access to the network configuration
                      database, using the network control program
                      (NCP).

    PRIVILEGE=        Specifies successful or unsuccessful use
    (keyword[,...])   of privilege, as specified by the following
                      keywords:

                         FAILURE [:privilege(,...)] - Unsuccessful
                         use of privilege

                         SUCCESS [:privilege(,...)] - Successful use
                         of privilege

                      For a listing of privileges, see the
                      online help for the DCL command SET
                      PROCESS/PRIVILEGES.

    PROCESS=          Specifies the use of one or more of the process
    (keyword[,...])   control system services, as specified by the
                      following keywords:

                      ALL            Use of any of the process
                                     control system services

                      CREPRC         All use of $CREPRC

                      DELPRC         All use of $DELPRC

                      SCHDWK         Privileged use of $SCHDWK

                      CANWAK         Privileged use of $CANWAK

                      WAKE           Privileged use of $WAKE

                      SUSPND         Privileged use of $SUSPND

                      RESUME         Privileged use of $RESUME

                      GRANTID        Privileged use of $GRANTID

                      REVOKID        Privileged use of $REVOKID

                      GETJPI         Privileged use of $GETJPI

                      FORCEX         Privileged use of $FORCEX

                      SETPRI         Privileged use of $SETPRI

                      Privileged use of a process control system
                      service means the caller used GROUP or WORLD
                      privilege to affect the target process.

    SYSGEN            Specifies the modification of a system
                      parameter with the OpenVMS System Generation
                      utility.

    TIME              Specifies the modification of system time.
Close Help