Library /sys$common/syshlp/helplib.hlb  —  SET  AUDIT  Examples
    1.$ SET AUDIT/AUDIT/ENABLE= -
      _$ (CREATE,ACCESS=(SYSPRV,BYPASS),DEACCESS)/CLASS=FILE
      $ SHOW AUDIT/AUDIT
      System security audits currently enabled for:

         .
         .
         .
        FILE access:
          Failure:     read,write,execute,delete,control
          SYSPRV:      read,write,execute,delete,control
          BYPASS:      read,write,execute,delete,control
          Other:       create,deaccess

      The SET AUDIT command in this example enables auditing of file
      creation and file deaccess; it also enables auditing for any
      file access done by using either SYSPRV or BYPASS privilege.

    2.$ SET AUDIT/JOURNAL=SECURITY/DESTINATION=AUDIT$:[AUDIT]TURIN
      $ SET AUDIT/SERVER=NEW
      $ SHOW AUDIT/JOURNAL
      List of audit journals:
        Journal name:           SECURITY
        Journal owner:          (system audit journal)
        Destination:            AUDIT$:[AUDIT]TURIN.AUDIT$JOURNAL

      The SET AUDIT command in this example demonstrates how to
      switch to a new journal.

    3.$ SET AUDIT/SERVER=FINAL=CRASH
      $ SHOW AUDIT/SERVER
      Security auditing server characteristics:
        Database version:       4.4
        Backlog (total):        100, 200, 300
        Backlog (process):      5, 2
        Server processing intervals:
          Archive flush:        0 00:01:00.00
          Journal flush:        0 00:05:00.00
          Resource scan:        0 00:05:00.00
        Final resource action:  crash system

      The SET AUDIT command in this example changes the audit
      server's final action setting so the system crashes when the
      audit server runs out of memory.

    4.$ SET AUDIT/ARCHIVE/DESTINATION=SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE
      $ SHOW AUDIT/ARCHIVE
      Security archiving information:

      Archiving events:    system audits
      Archive destination: SYS$SPECIFIC:[SYSMGR]TURIN-ARCHIVE.AUDIT$JOURNAL

      The SET AUDIT command in this example enables a node-specific
      archive file.

    5.$ SET AUDIT/JOURNAL/RESOURCE=ENABLE
      $ SHOW AUDIT/JOURNAL
      List of audit journals:
        Journal name:          SECURITY
        Journal owner:         (system audit journal)
        Destination:           SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL
        Monitoring:            enabled
          Warning thresholds,  Block count:   100   Duration:  2 00:00:00.0
          Action thresholds,   Block count:    25   Duration:  0 00:30:00.0

      The SET AUDIT command in this example enables disk monitoring
      and switches the mode so the disk space is monitored in terms
      of time rather than free blocks.
Close Help