- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Advanced Server V7.3A audit log files
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2006 12:55 AM
тАО06-23-2006 12:55 AM
Advanced Server V7.3A audit log files
Since our PC user community is transferring form Windows NT to Windows XP and in the course of this transfer having their domains and usernames changed (we systems managers have to keep ourselves busy), the access to some Advanced server shares fails.
Now I have changed the permission for the user but he still cannot gain access. I have given myself full control and can access the share.
In order to do trouble shooting, I have enabled auditing (set audit policy /success=access /failure=access), done some successful and not successful access, but
show events /type=security /server=... gives "Security event log has no records".
Am I looking in the right place for the audit logs? Have I enabled the right audit trail?
With kind regards,
Leo de Lange
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2006 01:17 AM
тАО06-23-2006 01:17 AM
Re: Advanced Server V7.3A audit log files
> domains and usernames changed
Are the WNT and WXP in different domains ? What about AS, another domain ? Have you a trust relationship set-up between these domains ? (ADMIN SHOW TRUST)
What AS 7.3 ECO kit are you running ? ($ PROD SHO PROD)
Do you get any events at all ? e.g. AMIN SHOW EVENT/SINCE=start_of_pathworks
Kind Regards
John.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2006 01:18 AM
тАО06-23-2006 01:18 AM
Re: Advanced Server V7.3A audit log files
did you also set a spec. file or directory for auditing (set file /audit)?
What version are you using (actual is V7.3A-Eco4)?
Are some shares working or are only spec. shares/users encounter problems?
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2006 01:27 AM
тАО06-23-2006 01:27 AM
Re: Advanced Server V7.3A audit log files
Thanks for all the quick replies and I will try to give you some answers, marked with LL:
Are the WNT and WXP in different domains ? What about AS, another domain ? Have you a trust relationship set-up between these domains ?
LL: WNT and WXP are in different domains. However, I changed the permission to the new domain and username.
What version are you using (actual is V7.3A-Eco4)?
LL: We are running this version.
Are some shares working or are only spec. shares/users encounter problems?
LL: I have given myself (with my WXP username) permission for this specific share and can access it. So the user is entountering problems.
Do you get any events at all ?
LL: Yes, I do see some events, the last from june 6th. (system events that is)
With kind regards,
Leo de Lange
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2006 12:20 AM
тАО06-24-2006 12:20 AM
Re: Advanced Server V7.3A audit log files
You need to also enable audit monitoring on the directories and files in question by using;
ADMIN SET FILE \dir\foo.bar AUDIT=(SUCCESS=ALL, FAILURE=ALL)
For more information, see section 2.2.2 & 6.1.3.6 in the AS admin guide, link below;
http://h71000.www7.hp.com/doc/73final/6556/6556pro.pdf
Kind Regards
John.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2006 12:20 AM
тАО06-24-2006 12:20 AM
Re: Advanced Server V7.3A audit log files
This one always gets folks - you need to _enable_ auditing as well. If you do $ ADMIN SHOW AUDIT POLICY the 2nd line output will indicate if auditing is enabled or disabled.
You simply forgot the /ENABLE qualifier when you did the ADMIN SET AUDIT POLICY ... command; so now just do:
$ ADMIN SET AUDIT POLICY/ENABLE
Regards,
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2006 07:36 PM
тАО06-25-2006 07:36 PM
Re: Advanced Server V7.3A audit log files
I did have to give the command
set file "sharename" "username" /audit=...
to enable auditing, but have come no further. To give you the current status, I have included some commands and their output:
\\DHCLX3\\DHAX25> show file CKMKA122 /audit
Files in: \\DHAX25\CKMKA122
.
Audit Events: Success Failure
MOD\u00b816 RWXDPO RWXDPO
MOD\u00l0p8 RWXDPO RWXDPO
Total of 1 file
\\DHCLX3\\DHAX25> show audit policy
Audit Policy for domain "\\DHCLX3":
Auditing is currently Enabled.
Audit Event states:
Audit Event Success Failure
------------------ -------- --------
ACCESS Enabled Enabled
ACCOUNT_MANAGEMENT Disabled Disabled
LOGONOFF Disabled Disabled
POLICY_CHANGE Disabled Disabled
PROCESS Disabled Disabled
SYSTEM Disabled Disabled
USER_RIGHTS Disabled Disabled
\\DHCLX3\\DHAX25> show events /type=security
%PWRK-I-EVTNOREC, Security Event Log on server "DHAX25" has no records
\\DHCLX3\\DHAX25> show events /type=security /server=dhax22
%PWRK-I-EVTNOREC, Security Event Log on server "DHAX22" has no records
---------------------
dhclx3 is our cluster alias, dhax22 & dhax25 the nodes. ckmka122 the sharename, mod\u00l0p8 is my account.
I have accessed the share, before giving the show events commands.
With kind regards,
Leo de Lange
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2006 10:27 PM
тАО06-25-2006 10:27 PM
Re: Advanced Server V7.3A audit log files
does your Advanced server configured as PDC? If not, try to find security log on PDC in this domain.
Petr
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2006 10:52 PM
тАО06-25-2006 10:52 PM
Re: Advanced Server V7.3A audit log files
set file path\file everyone /AUDIT=(SUC=ALL,FAIL=ALL)
accessed and updated the 'file' from my PC (PC on another domaim, with a trust relationship)
show event/full/since=nn:nn/type=sec
I can see in the security event log for the AS domain the event for the file I updated from my PC, it shows the trusted domain, my username, file updated etc.
Can you change/view the audit setting from the file | properties | security | advanced | audit pain from windows file explorer ? do they look right ?
Are you accessing the right event log.. Have you tied the 'eventvwr' from windows ? Right Click on Event viewer (local) and click on 'connect to another computer' - enter the PDC of the pathworks as domain.
J.
PS. My PDC is a Windows box.