Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Specifying Auditing
Safeguard Audit Service Manual520480-014
2-25
Unconditional Auditing
AUDIT-AUTHENTICATE-PASS
specifies conditions for auditing successful user and alias authentication attempts
on the system. This setting supplements the audit settings in individual user and
alias records. The conditions can be ALL, NONE, LOCAL or REMOTE. The default
is NONE.
The conditions specified for this attribute also apply to the systemwide auditing of
automatic logoffs described in Auditing User Authentication Attempts on page 2-2.
AUDIT-AUTHENTICATE-FAIL
specifies conditions for auditing unsuccessful user and alias authentication
attempts on the system. This setting supplements the audit settings in individual
user and alias records. The conditions can be ALL, NONE, LOCAL or REMOTE.
The default is NONE.
If set to ALL, authentication attempts with invalid user IDs and user names are also
audited.
AUDIT-SUBJECT-MANAGE-PASS
specifies conditions for auditing successful attempts to create or manage any user,
alias, or group record on the system. This setting supplements any individual audit
settings in user and alias records. The conditions can be ALL, NONE, LOCAL, or
REMOTE. The default is NONE.
AUDIT-SUBJECT-MANAGE-FAIL
specifies conditions for auditing unsuccessful attempts to create or manage any
user, alias, or group record on the system. This setting supplements any individual
audit settings in user and alias records. The conditions can be ALL, NONE,
LOCAL, or REMOTE. The default is NONE.
To change any of these values, issue the ALTER SAFEGUARD command from
SAFECOM. For example, to audit successful and unsuccessful local authentication
attempts:
=ALTER SAFEGUARD, AUDIT-AUTHENTICATE LOCAL
Audit shorthand is used in this command.
Unconditional Auditing
Events that are always audited regardless of individual or systemwide Safeguard
settings are discussed next.
Note. If REMOTE is specified for the AUDIT-AUTHENTICATE attributes, no authentication
attempts are recorded in the audit file. Authentication attempts can be audited only on the
system where they occur.