Operating System - OpenVMS
1748028 Members
5295 Online
108757 Solutions
New Discussion юеВ

Writing to SECURITY.AUDIT$JOURNAL from DCL

 
SOLVED
Go to solution
The Brit
Honored Contributor

Writing to SECURITY.AUDIT$JOURNAL from DCL

Is there anyway to do this from DCL??

Dave.
5 REPLIES 5
Steven Schweda
Honored Contributor

Re: Writing to SECURITY.AUDIT$JOURNAL from DCL

I know nothing, but it seems unlikely to me.

In a past life, I used $SNDJBCW( ...
SJC$_WRITE_ACCOUNTING ...) to write
user-specified data to the account[i]ng file,
but that was from a FORTRAN program, and I
don't see F$SNDJBCW() under "HELP Lexicals".

You might be able to trigger an auditable
event to get _something_ logged, but if
there's a way to write arbitrary data there,
it'd be news to me. (Of course, many things
are.)
Ian Miller.
Honored Contributor

Re: Writing to SECURITY.AUDIT$JOURNAL from DCL

you could write directly to the audit mailbox if you can work out the format. I don't think its documented.

A small program to do this would not be hard.
____________________
Purely Personal Opinion
Hoff
Honored Contributor

Re: Writing to SECURITY.AUDIT$JOURNAL from DCL

There's no direct DCL interface I'm aware of, and I'd not tend to recommend synthesizing a packet and tossing it at the mailbox.

There's the brute-force approach of granting or revoking an specific identifier, deliberately tripping a security ACE on a specified object, or sending a mail message somewhere special.

Or write a little code (using the callable API), and invoke it from the DCL.

Some background on the particular task here?
John Gillings
Honored Contributor
Solution

Re: Writing to SECURITY.AUDIT$JOURNAL from DCL

Dave,

See $AUDIT_EVENT for the "right" way to do this.

As Ian suggested, you could write messages directly to the audit mailbox from DCL. See the docs for audit listener mailbox (Guide to OpenVMS System Security), I'm fairly sure the structure of the messages are the same.

If your objective is just to trigger recognisable event(s) in the audit journal, that's fairly easy to do. Just create yourself an empty file with a descriptive name and place an audit ACE on the file. For example:

$ CREATE AUDIT_EVENTS:DAVES_EVENT_1.AUD
$ SET SECURITY/ACL=(AUDIT=SECURITY,ACCESS=READ+SUCCESS+FAILURE) AUDIT_EVENTS:DAVES_EVENT_1.AUD

Now to trigger the even simply TYPE the file. You can then use ANALYZE/AUDIT commands to filter out your events by file name.
A crucible of informative mistakes
The Brit
Honored Contributor

Re: Writing to SECURITY.AUDIT$JOURNAL from DCL

I opted for the "Security ACL" solution, i.e. create a log file with a Audit ACL attached, and then have each user attempt to open and write a record. Also set it up to do the same at logout. Provides the SECURITY.AUDIT$JOURNAL entry, and also a "quick check" log of User & Node Login/Logout times. Thanks for your responses.

Dave