Technical data
Security Considerations
12.9 Auditing Security-Relevant Events
Table 12–1 Kinds of Security Events OpenVMS Can Report
Event Class Description
Access Specifies access events for all objects in a class. You can audit
selected types of access, both privileged and nonprivileged, to
all protected objects of a particular class.
ACL Events requested by a security Audit or Alarm ACE in the
access control list (ACL) of an object.
Authorization Modification of any portion of SYSUAF.DAT, NETPROXY.DAT,
NET$PROXY.DAT, or RIGHTSLIST.DAT.
Breakin Break-in attempts.
Connection Logical link connections or terminations through SYSMAN,
DECnet for OpenVMS Phase IV, DECwindows products, or an
interprocess communication (IPC) call.
Create Creation of a protected object.
Deaccess Deaccess from a protected object.
Delete Deletion of a protected object.
Identifier Use of identifiers as privileges.
Install Modifications made to the known file list through the Install
utility.
Logfailure Failed login attempts.
Login Successful login attempts.
Logout Logouts.
Mount Volume mounts and dismounts.
NCP Modification to the network configuration database, using the
network control program (NCP).
Privilege Successful or unsuccessful use of privilege.
Process Use of one or more of the process control system services.
SYSGEN Modification of a system parameter with the System
Generation utility (SYSGEN) or AUTOGEN.
Time Modification of system time.
Refer to the OpenVMS DCL Dictionary for more information about the SET
AUDIT command.
12.10 Analyzing Audit Log Files
The Audit Analysis utility (ANALYZE/AUDIT) enables system managers and
site security administrators to selectively extract and display information from
security audit log files. Using ANALYZE/AUDIT qualifiers, you can choose from
among a variety of report formats and select the event criteria to be included in
the report. Refer to the OpenVMS Guide to System Security for a description of
how to use the utility.
12–14 Security Considerations