Manualshelf

Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Introduction
Safeguard Audit Service Manual 520480-031
1 - 2
Safeguard Events That Are Always Audited
Safeguard Events That Are Always Audited
The following events are always audited, regardless of any Safeguard audit settings:
Running the ALTER SAFEGUARD or STOP SAFEGUARD commands
Running the Safeguard audit service commands (except the INFO AUDIT
SERVICE and the INFO AUDIT POOL commands)
Running the Safeguard TERMINAL commands (except the INFO TERMINAL
command)
Running the EVENT-EXIT-PROCESS commands (except the INFO EVENT-
EXIT-PROCESS command)
For a description of these events, see Unconditional Auditing on page 2-35.
Events From NonStop OS Subsystems
In addition to the events controlled by the Safeguard subsystem, the audit service can
record security-relevant events controlled by other NonStop privileged subsystems.
These subsystems are referred to as Clients. The Safeguard subsystem receives
event information from the clients and writes records to the audit trail on their behalf.
Auditing of NonStop clients can consume considerable system resources and add a
large number of records to your audit files. Consequently, you might want to configure
the Safeguard subsystem to disable client auditing. You can disable client auditing by
setting the AUDIT-CLIENT-GUARDIAN configuration attribute to OFF. For more
information, see Controlling Auditing of NonStop Client Events on page 2-15.
The Audit Trail
The Safeguard audit service allows you to specify the location, number, and size of the
audit files. Each time the audit service determines that an event must be recorded, it
writes a primary audit record to the current audit file. For many events, one or more
secondary audit records are also written to the current audit file.
When the current audit file is full, the Safeguard sof
tware automatically switches to the
next audit file in sequence. The Safeguard software writes a message to the system
console each time it switches from one audit file to another.
You can manually switch to a new audit file using the audit service commands. The
audit service also allows you to specify recovery actions in case an audit pool is full or
unavailable.
For more information, see About the Audit Trail on page 3-1.
The audit files are entry-sequenced Enscribe files. The structure of records stored in
an audit file is described with DDL DEFINITION st
atements in Appendix A, Audit File