XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

231

232

233

234

235

236

237

238

239

240

XYGATE

User Authentication

™

(XUA) 1.85 Reference Manual

Appendix A: The UACONF File

XYPRO Technology Corporation 209 Proprietary and Confidential

SYSLOG_CRITICAL_PREFIX "<130> <critical text>"

The optional SYSLOG_CRITICAL_PREFIX sub-keyword is used to specify text that

will be prepended at the front of any audit message being written to the IP address

whose audit attribute is critical.

<130> The standard message tag indicating a critical message (angle

brackets are required).

<critical text> Enter a text string that you want to place at the beginning of the

message (angle brackets are not required).

Note: Both the <130> and the message string must be enclosed by double-quotation

marks.

Note: Use an exclamation point ( ! ) to start a comment at the beginning of a line. The

comment will continue for the remainder of the line.

CRITICAL

Critical is an audit attribute that is set on for authentication denials when the

EMS_CRITICAL_IF_DENIED ON entry exists. When the CRITICAL sub-keyword is

included after the AUDIT keyword, authentications whose audit attribute is marked

critical are the only included audits.

Example 1 below will send only the failed logon attempts to issue XUA commands to

IP address 208.202.151.70.

Example 1: How to audit only failed logon attempts to a syslog

AUDIT $ZTC0 IP 208.202.151.70 Syslog_Prefix "<134> \Node1" Critical

SYSLOG_CRITICAL_PREFIX "<130> \NODE1 XUA Logon Failure"

EMS_CRITICAL_IF_DENIED ON

Note: The AUDIT sub-keyword CRITICAL means that messages must be marked

critical in order to be sent to EMS, and the keyword

EMS_CRITICAL_IF_DENIED must be set to ON for XYGATEUA to mark

denials as critical.

Example:

<130> \NODE1 XUA Logon Failure 2013-05-01 07:29:40.874876 232080QA.TEST

070002GRP70.DEV 1.374500YSN-OVERRIDE-CONF

$NONE

$NONE $NONE.NONE.NONE $NONE

$NONE.NONE.NONE 00000103INVALID-USERNAME UAGROUP SN-

OVERRIDE-CONF ACCESS FAIL Outcome INVALID-USERNAME

In the above Example, user QA.TEST was denied to logon as GRP70.DEV. Hence,

the message got prefixed with the text <130> \NODE1 XUA Logon Failure.

Note: The exclamation point ( ! ) can be used to start a comment at the beginning of a

line. The comment will continue for the remainder of the line.