Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Introduction
Safeguard Audit Service Manual520480-014
1-2
Safeguard Events That Are Always Audited
Safeguard Events That Are Always Audited
These types of events are always audited, regardless of any Safeguard audit settings:
Attempts to execute the ALTER SAFEGUARD or STOP SAFEGUARD commands
Attempts to execute Safeguard audit service commands (except the INFO AUDIT
SERVICE and the INFO AUDIT POOL commands)
Attempts to execute Safeguard TERMINAL commands (except the INFO
TERMINAL command)
Attempts to execute EVENT-EXIT-PROCESS commands (except the INFO
EVENT-EXIT-PROCESS command)
For a description of these events, see Unconditional Auditing on page 2-25.
Events From NonStop OS Subsystems
In addition to events controlled by the Safeguard subsystem, the audit service can
record security-relevant events controlled by other NonStop privileged subsystems.
These subsystems are referred to as clients. The Safeguard subsystem receives event
information from the clients and writes records to the audit trail on their behalf.
Auditing of NonStop clients can consume considerable system resources and add a
large number of records to your audit files. Consequently, you might want to configure
the Safeguard subsystem to disable client auditing. You can disable client auditing by
setting the AUDIT-CLIENT-GUARDIAN configuration attribute to OFF. For more
information, see Controlling Auditing of NonStop Client Events on page 2-14.
The Audit Trail
The Safeguard audit service allows you to specify the location, number, and size of the
audit files. Each time the audit service determines that an event should be recorded, it
writes a primary audit record to the current audit file. For many events, one or more
secondary audit records are also written to the current audit file.
When the current audit file is full, the Safeguard software automatically switches to the
next audit file in sequence. The Safeguard software writes a message to the system
console each time it switches from one audit file to another.
You have the option of using audit service commands to switch to a new audit file
manually. The audit service also allows you to specify recovery actions in case an audit
pool is full or unavailable.
For more information, see About the Audit Trail on page 3-1.
The audit files are entry-sequenced Enscribe files. The structure of records stored in
an audit file is described with DDL DEFINITION statements in Appendix A, Audit File