Manualshelf

Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Specifying Auditing
Safeguard Audit Service Manual 520480-031
2 - 35
Unconditional Auditing
AUDIT-TACL-LOGOFF
controls generation of audits for the TACL LOGOFF or TACL EXIT operations.
When set to TRUE, audits for the TACL LOGOFF or TACL EXIT operations are
generated based on the value of the AUDIT-AUTHENTICATE-PASS and AUDIT-
AUTHENTICATE-FAIL attributes.
When set to FALSE, audits for the TACL LOGOFF or TACL EXIT operations are
generated based on the value of the AUDIT-CLIENT-GUARDIAN, AUDIT-
PROCESS-ACCESS-PASS, and AUDIT-PROCESS-ACCESS-FAIL attributes.
The default is FALSE.
To change any of these values, issue the ALTER SAFEGUARD command from
SAFECOM. For example, to audit successful and unsuccessful local authentication
attempts:
=ALTER SAFEGUARD, AUDIT-AUTHENTICATE LOCAL
Audit shorthand is used in this command.
Unconditional Auditing
Events that are always audited regardless of individual or systemwide Safeguard
settings are discussed next.
ALTER SAFEGUARD and STOP SAFEGUARD Commands
All attempts to change the Safeguard configuration with the ALTER SAFEGUARD
command, whether successful or not, are automatically audited. For each attempt, one
primary audit record and two secondary audit records are written to the current audit
file. One secondary record contains an image of the Safeguard configuration record
before the attempt. The other secondary record contains an image of the Safeguard
configuration record showing the attempted change.
All attempts to issue the STOP SAFEGUARD command, whether successful or not, are
automatically audited. A primary audit record is generated for each attempt.
Audit Service Commands
Except for the execution of INFO commands, all attempts to execute audit service
commands are automatically audited. For each attempt, a primary audit record is
written to the current audit file. For each ADD AUDIT POOL or DELETE AUDIT POOL
command, one secondary audit record is also written. The secondary record contains
the image of the audit pool record associated with the attempt.
For each attempted ALTER AUDIT POOL command, two secondary audit records are
written to the current file. One cont
ains the image of the audit pool record before the
Note. This attribute is supported only on systems running J06.08 and later J-series RVUs,
H06.19 and later H-series RVUs, and G06.32 and later G-series RVUs.