- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Delete Intrusion Record
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 09:30 AM
тАО01-13-2009 09:30 AM
TERM_USER INTRUDER 27 13-JAN-2009 11:16:13.45 spduslis51.na.net.dana.com:LISROBSHIP on LISES1
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 09:42 AM
тАО01-13-2009 09:42 AM
Re: Delete Intrusion Record
http://h71000.www7.hp.com/doc/83final/9996/9996pro_55.html
For some cases, you may have to quote the source field portion of the string. The usual commands are:
DELETE /INTRUSION "whatsit"::whatever
or
DELETE /INTRUSION whatsit::whatever
Or you can use the /NODE qualifier.
The other thing that happens here is somebody erroneously creates a DELETE symbol with some qualifiers that (in the usual case) work on the DELETE file command, and that are not valid on the DELETE /INTRUSION command. That can be bypassed using the following:
DELETEX /INTRUSION whatsit::whatever
To bypass any DCL symbol for DELETE, add a character or two at the end of the DELETE command, such as the X shown above. (And don't mask verbs with symbols, as a general suggestion.)
Otherwise, please post up the command(s) and the full text of the error message(s) received with what you've tried here. The command might not work, but the command and the error might help us figure out what is going wrong here...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 09:45 AM
тАО01-13-2009 09:45 AM
Re: Delete Intrusion Record
%SECSRV-E-NOSUCHINTRUDER, no intruder or suspect matches your specification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 09:55 AM
тАО01-13-2009 09:55 AM
Re: Delete Intrusion Record
del/intr "LISROBSHIP"
del/intr LISROBSHIP
del/intr "spduslis51.na.net.dana.com:LISROBSHIP"
del/intr spduslis51.na.net.dana.com:LISROBSHIP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 09:55 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 10:00 AM
тАО01-13-2009 10:00 AM
Re: Delete Intrusion Record
LISA_ES2> show intr
Intrusion Type Count Expiration Source
--------- ---- ----- ---------- ------
TERM_USER SUSPECT 5 13-JAN-2009 12:26:28.70 spduslisl15.na.net.da
na.com:MORRIS on LISES2
LISA_ES2> del/intrusion_record *
%DCL-I-IGNQUAL, qualifiers appearing before this item were ignored
\INTRUSION_RECORD\
LISA_ES2> show intr
%SHOW-F-NOINTRUDERS, no intrusion records match specification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 10:01 AM
тАО01-13-2009 10:01 AM
Re: Delete Intrusion Record
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 10:03 AM
тАО01-13-2009 10:03 AM
Re: Delete Intrusion Record
Here, I'd tend to expect:
DELETE /INTRUSION -
"spduslis51.na.net.dana.com":LISROBSHIP
would work on host LISES1::.
I'd neglected another case that can get involved here: the process parsing settings can also get involved here, particularly with lowercase characters.
What OpenVMS version and what IP stack?
There have been a few cases where weird intrusion records or hidden characters have gotten into the intrusion database over the years. Those get fixed with an OpenVMS ECO or (given this looks like an IP intrusion) via ECO or upgrade of whatever IP stack is in use here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 10:06 AM
тАО01-13-2009 10:06 AM
Re: Delete Intrusion Record
FWIW, there's your error -- look at where your quotes are in your:
del/intr "spduslis51.na.net.dana.com:LISROBSHIP"
Note where the documentation has:
delete /intrusion "whatsit"::whatever
The whole parameter string isn't quoted, just the source portion of the parameter string.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 10:09 AM
тАО01-13-2009 10:09 AM
Re: Delete Intrusion Record
LISA_ES2> del/intrusion_record *
that you received this message:
%DCL-I-IGNQUAL, qualifiers appearing before this item were ignored
\INTRUSION_RECORD\
This means that you have a "del" symbol which could be confusing things.
$ SHOW SYMBOL DEL
Did you try the DELETEX trick that Hoff suggested?