Safeguard Audit Service Manual (G06.24+, H06.03+)
Producing SAFEART Reports
Safeguard Audit Service Manual—520480-014
6-17
Command File Examples
Denied Object Events
-- This file establishes criteria to produce a report of
-- denied operations on device, process, or disk objects.
--
AUDIT FILE
RESET START TIME; RESET END TIME
RESET PAGE SIZE
RESET WHERE
SET DESTINATION FILE "\euro.$ops.audit.objects"
SET TITLE ("Denied Object Events")
SET WHERE objecttype=device AND outcome=denied
SET WHERE objecttype=subdevice AND outcome=denied
SET WHERE objecttype=process AND outcome=denied
SET WHERE objecttype=subprocess AND outcome=denied
SET WHERE objecttype=diskfile AND outcome=denied
SET WHERE objecttype=subvolume AND outcome=denied
SET WHERE objecttype=volume AND outcome=denied
Events Associated With Key Users
-- This file establishes criteria to report on
-- events pertaining to several important users.
--
AUDIT FILE
RESET START TIME; RESET END TIME
RESET PAGE SIZE
RESET WHERE
SET TITLE ("Actions of Key Users")
SET DESTINATION FILE "\euro.$ops.audit.keyusers"
--
-- Select events where specified user is the subject:
--
SET WHERE subjectusernumber=185,60, 185,22, 185,77, 100,55
SET WHERE subjectusernumber=100,60, 100,48, 100,75, 100,97
SET WHERE subjectusernumber=88,4, 66,123, 45,9, 45,10
--
-- Select events where specified user ID is the object:
--
SET WHERE guarduserusernumber=185,60, 185,22, 185,77, 100,55
SET WHERE guarduserusernumber=100,60, 100,48, 100,75, 100,97
SET WHERE guarduserusernumber=88,4, 66,123, 45,9, 45,10
Events Associated With Key Operators
-- This file establishes criteria to report on events
-- pertaining to several important system operators.
--
AUDIT FILE
RESET START TIME; RESET END TIME
RESET PAGE SIZE
RESET WHERE
SET TITLE ("Actions of Key Operators")
SET DESTINATION FILE "\euro.$ops.audit.keyopers"