Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

131

132

133

134

135

136

137

138

139

140

Configuration

Safeguard Administrator’s Manual—523317-029

9-26

Configuring Client Auditing

To change any of these values, issue the ALTER SAFEGUARD command from

SAFECOM. For example, to audit all successful attempts to manage an authorization

record for any system object:

=ALTER SAFEGUARD, AUDIT-OBJECT-MANAGE-PASS ALL

Configuring Client Auditing

You can configure the Safeguard software so that it does not accept audit records from

privileged clients. If your site has no interest in client audit records, you can use this

feature to reduce the quantity of audit records written to the Safeguard audit files.

These Safeguard attributes control client auditing:

AUDIT-CLIENT-GUARDIAN

ON specifies that the Safeguard software will accept guardian related audit records

from privileged client subsystems and write those records in the Safeguard audit

files. OFF specifies that the Safeguard software will not accept client guardian

related audit records. The initial value is ON.

AUDIT-CLIENT-OSS

ON specifies that the Safeguard software will accept OSS related audit records

from privileged client subsystems and write those records in the Safeguard audit

files. OFF specifies that the Safeguard software will not accept client OSS related

audit records. The initial value is ON.

AUDIT-OSS-FILTER

indicates if user level attributes, AUDIT-USER-ACTION-PASS and AUDIT-USER-

ACTION-FAIL, enable or disable OSS auditing. The AUDIT-OSS-FILTER attribute

takes effect only if the Safeguard global configuration attribute AUDIT-CLIENT-

OSS is enabled. The initial value is OFF.

AUDIT-TACL-LOGOFF

controls generation of audits for the TACL LOGOFF or TACL EXIT operations.

When set to TRUE, audits for the TACL LOGOFF or TACL EXIT operations are

Caution. Configuring the Safeguard software to audit all system objects might cause system

performance problems. Be sure you have adequate system resources to handle extensive

auditing.

Note. The AUDIT-CLIENT-GUARDIAN and AUDIT-CLIENT-OSS attributes are supported

only on systems running G06.29 and later G-series RVUs and H06.08 and later H-series

RVUs.

Note. The AUDIT-OSS-FILTER attribute is supported only on systems running J06.04 and

later J-series RVUs and H06.15 and later H-series RVUs.