/SERVER=keyword[,...]
Modifies audit server characteristics. The following table
describes keywords for the /SERVER qualifier:
Keyword Description
CREATE_SYSTEM_LOG This keyword is obsolete. Use SET
AUDIT/SERVER=NEW_LOG
On Alpha, causes the audit server to create
a new local system security audit log file.
Other audit servers in the cluster are not
affected. This keyword may be used by sites
operating a multienvironment cluster where
it may be necessary to create a new log file
on a specific node in the cluster. CREATE_
SYSTEM_LOG is synonymous with NEW_LOG for
nonclustered systems.
EXIT Initiates an audit server shutdown. This is
the only method for removing the audit server
process from the system; the audit server
cannot be deleted or suspended.
FINAL_ Specifies the action the audit server should
ACTION=action take when it runs out of memory and cannot
buffer messages. (For more information, see
the discussion of message flow control in the
HP OpenVMS Guide to System Security.) Specify
one of the following actions:
CRASH - Crash the system if the audit
server runs out of memory.
IGNORE_NEW - Ignore new event messages
until memory is available. New event
messages are lost but event messages in
memory are saved.
PURGE_OLD (default) - Remove old event
messages until memory is available for the
most current messages.
FLUSH Copies all buffered audit and archive records
to the security audit log file and security
archive file, respectively.
INITIATE Enables auditing during system startup.
Ordinarily, auditing is started from
VMS$LPBEGIN in STARTUP.COM but, if a site
redefines the logical name SYS$AUDIT_SERVER_
INHIBIT, the OpenVMS system waits for a SET
AUDIT/SERVER=INITIATE command before enabling
auditing.
NEW_LOG Creates a new clusterwide audit log file.
Typically, this is used daily to generate a
new version of the audit log file.
The following sequence of commands can be used
to reset the space monitoring thresholds and
then to recreate the auditing log, thereby
creating a smaller log file:
$ SET AUDIT /JOURNAL=SECURITY
/THRESHOLD=WARN=200
$ SET AUDIT /SERVER=NEW_LOG
By default, the size of the new auditing log
file is based on the size of the previous
auditing logs.
REDIRECT_SYSTEM_ This keyword is obsolete. Use SET
LOG AUDIT/SERVER=NEW_LOG.
On Alpha, causes the audit server on the local
node to redirect security event messages to a
new audit log file, whose location was defined
previously by the /DESTINATION qualifier.
Audit server processes (and log files) on
other nodes in the cluster are unaffected.
RESUME Requests the audit server process to resume
normal activity on the system, if adequate
disk space is available. Normally, once the
resource monitoring action threshold has been
reached, the audit server process suspends
most system activity and waits 15 minutes
before attempting to resume normal system
activity.
START Starts the audit server process on the
system. In order to fully enable the auditing
subsystem, the SET AUDIT/SERVER=INITIATE
command must be used after the SET
AUDIT/SERVER=START command has completed.
HP recommends using the following command
procedure to start the audit server:
SYS$SYSTEM:STARTUP AUDIT_SERVER