Safeguard Audit Service Manual (G06.24+, H06.03+)
Specifying Auditing
Safeguard Audit Service Manual—520480-014
2-6
Rulings From the Event-Exit-Process
AUDIT-ACCESS-FAIL is specified, the failed access attempt is recorded in the
current audit file.
Rulings From the Event-Exit-Process
If the Event-Exit-Process is enabled and it rejects an attempt to access an object, the
attempt is not audited. If the Event-Exit-Process returns YES or NORECORD, the
event is processed by the Safeguard subsystem, and the attempt is audited if
specified.
Auditing Attempts to Add Protection Records
To specify auditing for attempts to add protection records of a given type, use the
AUDIT-ACCESS attributes in the appropriate OBJECTTYPE authorization record. The
Safeguard subsystem records the specified protection attempts in the current audit file.
specifies the conditions under which successful attempts to add a protection record of
a given type are recorded in the current audit file.
specifies the conditions under which unsuccessful attempts to add a protection record
of a given type are recorded in the current audit file.
The audit-spec variable for AUDIT-ACCESS-PASS and AUDIT-ACCESS-FAIL can
be any one of these four values:
ALL
All attempts to add a protection record of a given type are recorded in the current
audit file.
LOCAL
Only local attempts to add a protection record of a given type are recorded in the
current audit file.
REMOTE
Only remote attempts to add a protection record of a given type are recorded in the
current audit file. (A remote attempt is one made by a process started by a network
Note. Safeguard configuration might affect whether protection records are consulted. If a
protection record is not consulted, auditing specified in the protection record does not occur.
For more information, see the ALTER SAFEGUARD command in the Safeguard Reference
Manual.
AUDIT-ACCESS-PASS audit-spec
AUDIT-ACCESS-FAIL audit-spec