https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503369#M96337 Hi,<BR /><BR />I am getting the following information in audit log of one of the vms server VAX111.<BR /><BR />"2-APR-2009 12:58:55.09 LOGFAIL NETWORK VAX111 ILLEGAL 00084EF3"<BR /><BR />What does this ILLEGAL mean? Fri, 25 Sep 2009 09:04:43 GMT Sk Noorul Hassan 2009-09-25T09:04:43Z https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503369#M96337 Hi,<BR /><BR />I am getting the following information in audit log of one of the vms server VAX111.<BR /><BR />"2-APR-2009 12:58:55.09 LOGFAIL NETWORK VAX111 ILLEGAL 00084EF3"<BR /><BR />What does this ILLEGAL mean? Fri, 25 Sep 2009 09:04:43 GMT https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503369#M96337 Sk Noorul Hassan 2009-09-25T09:04:43Z https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503370#M96338 Hi,<BR /><BR />the string 'ILLEGAL' is the local username used for the attempted DECnet network access.<BR /><BR />Check your DECnet object (or session control application) database for this username.<BR /><BR />As far as I remember, this string could be used to protect the TASK object from remote default access.<BR /><BR />Volker. Fri, 25 Sep 2009 10:13:37 GMT https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503370#M96338 Volker Halle 2009-09-25T10:13:37Z https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503371#M96339 <BR />The word ILLEGAL appears in the columns between nodename and ID where typically the username appears. That's what the ANAL/AUDI column headers indicate, That's what the data on my system looks like.<BR /><BR />Do you have any reason to believe that 'ILLEGAL' is not simply a username?<BR /><BR />Now on my 8.3 system, when I cause a LOGFAIL using an invalid (illegal?!) username that name is NOT displayed, but the text <LOGIN> is used.<BR /><BR />It would not surprise me if some earlier OpenVMS version reported the actually username which is not unlikely to be a fat-fingered password.<BR /><BR />What OpenVMS version is being used? Considering the node name... V5.5-2 ?<BR /><BR />Check out:<BR /><A href="http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1372502" target="_blank">http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1372502</A><BR /><BR />Hein.</LOGIN> Fri, 25 Sep 2009 10:22:17 GMT https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503371#M96339 Hein van den Heuvel 2009-09-25T10:22:17Z https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503372#M96340 Thanks. I got it. Fri, 25 Sep 2009 10:28:29 GMT https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503372#M96340 Sk Noorul Hassan 2009-09-25T10:28:29Z https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503373#M96341 Ah! now I remember. Volker is right of course. I was also right, in that is was a username.<BR />I just did not see it on my system because I happened to have the task object enabled.<BR /><BR />See for example : <A href="http://h71000.www7.hp.com/doc/73final/documentation/pdf/decnet_ovms_gd_network.pdf" target="_blank">http://h71000.www7.hp.com/doc/73final/documentation/pdf/decnet_ovms_gd_network.pdf</A><BR /><BR />The username used could be anything, but is by default establish as 'ILLEGAL' with the command<BR /><BR />MCR NCP DEFINE OBJECT TASK NUMBER 0 USER ILLEGAL PASSWORD DISABLED<BR /><BR />It can be verified with MCR NCP SHOW KNOWN OBJECTS<BR /><BR />Hein.<BR /><BR /> Fri, 25 Sep 2009 10:32:41 GMT https://community.hpe.com/t5/operating-system-openvms/vms-audit-log/m-p/4503373#M96341 Hein van den Heuvel 2009-09-25T10:32:41Z