Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Managing the Audit Trail
Safeguard Audit Service Manual520480-014
3-6
Specifying Audit Service Recovery
You can choose one of these recovery actions:
RECYCLE
causes the Safeguard software to select the oldest unreleased audit file in the
current audit pool, purge the data from it, and give it the next available audit file
name. This recovery action applies only in an overflow situation. If a down volume
occurs when RECYCLE is the specified recovery action, the Safeguard software
suspends auditing. RECYCLE is the initial (default) setting for RECOVERY.
SUSPEND AUDIT
causes the Safeguard software to suspend further auditing until the situation is
corrected.
DENY GRANTS
causes the Safeguard software to deny most authorization and authentication
requests for which auditing is required. The only audited actions allowed are the
successful execution of commands by members of the
SECURITY-ADMINISTRATOR or SYSTEM-OPERATOR security groups. If you
select this recovery action, the audit service switches to the audit pool at
$SYSTEM.SAFE and continues writing audit records there for commands
successfully executed by members of the security groups.
If an overflow or down volume causes auditing to be switched to the audit pool at
$SYSTEM.SAFE, manually switch back to another audit pool after the condition is
corrected. To do so, use the SELECT CURRENT AUDIT POOL command as
described in Selecting an Audit Pool on page 3-5.
ALTER AUDIT SERVICE also has optional parameters that allow you to control the
caching of audit records—that is, the method by which records are to be written to an
audit file. By default, the Safeguard software caches audit records in memory to
optimize system performance. If you are more concerned about the absolute integrity
of audit records than optimized performance, specify that the records be written directly
to disk. For more information on these optional parameters, see the Safeguard
Reference Manual.
Examples
Suppose that you want to deny grants in the event of overflow or a down volume. To do
so:
=ALTER AUDIT SERVICE, RECOVERY DENY GRANTS
Use the INFO AUDIT SERVICE command to verify your setting of the recovery
actions:
=INFO AUDIT SERVICE