Safeguard Audit Service Manual (G06.24+, H06.03+)
Specifying Auditing
Safeguard Audit Service Manual—520480-014
2-2
Special Audit Attributes for User Actions
Special Audit Attributes for User Actions
Two new AUDIT-USER-ACTION attributes in a user authentication record control
auditing for most types of actions performed by the user. For more information, see
Auditing Events Performed by a Specific User on page 2-11.
Shorthand for Audit Attributes
In many instances, you can use shortened forms of the attributes to specify
combinations of auditing conditions. For more information, see Shorthand for Audit
Attributes on page 2-12.
Auditing User Authentication Attempts
To specify auditing for authentication attempts (such as logons) by a specific user, use
the AUDIT-AUTHENTICATE attributes in the user authentication record. The
Safeguard subsystem records the specified authentication attempts in the current audit
file.
specifies the conditions under which successful authentication attempts are recorded
in the current audit file. The conditions also apply to auditing of automatic logoffs of the
user. For more information, see Auditing Automatic Logoffs on page 2-4.
specifies the conditions under which unsuccessful authentication attempts are
recorded in the current audit file.
The audit-spec variable for AUDIT-AUTHENTICATE-PASS and
AUDIT-AUTHENTICATE-FAIL can be any one of these four values:
ALL
All authentication attempts (both local and remote) by the specified user are
recorded in the current audit file.
LOCAL
Only local authentication attempts are recorded in the audit file. The Safeguard
subsystem considers either of these situations to be local logon attempts:
•
A local user runs a local command interpreter and attempts to log on.
AUDIT-AUTHENTICATE-PASS audit-spec
AUDIT-AUTHENTICATE-FAIL audit-spec
Note. In previous product versions of Safeguard, the AUDIT-AUTHENTICATE attributes were
called the AUDIT-ACCESS attributes. SAFECOM accepts both the old and new names for the
attributes.