- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Ignore some Audit log
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2004 06:32 AM
тАО10-15-2004 06:32 AM
Security alarm (SECURITY) and security audit (SECURITY) on ALPHA1,
system
id: 1
Auditable event: Network login
Event time: 27-SEP-2004 06:01:35.02
PID: 2142AC6C
Process name: TCPIP$FTPC03E74
Username: TPZKXT
Process owner: [TPOPS]
Image name: DSA0:[SYS0.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Remote node id: 3237938662 (1.486)
Remote node fullname: 192.255.5.230
Remote username: FTP_C0FF05E6
I would like to un-log this kind of security because it create a lot of message in the log file. Is there any way to skip this security log?
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2004 07:46 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2004 08:27 PM
тАО10-15-2004 08:27 PM
Re: Ignore some Audit log
The only thing that comes me in mind now is to disable network alarms and audits. This will disable all network alarms and audits (telnet,rsh,rcp and so on)! So you must look if this is a security issue for you!
You disable the alarms with the command:
$ SET AUDIT/DISABLE=LOGIN=NETWORK/ALARM
and audit with
$ SET AUDIT/DISABLE=LOGIN=NETWORK/AUDIT
But once more: Check if this is not a security issue for yours system.
Bojan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2004 09:29 PM
тАО10-15-2004 09:29 PM
Re: Ignore some Audit log
to take Bojans answer one step further: you can also disable ONLY succesful logins, (and I guess and sure hope THAT will be the bulk!), and so still get the failures reported.
If you are (have to be) REALLY security aware, well, the failures can do little damage.
But, since the amount of successful login messages is your problem, I assume you are not tracking the validity of those anyway.
My guess: disabling Successfull Login Alarms will take away > 90% of your network login messages, and that IS a big win for starting!.
Success,
Cheers.
Have one on me.
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2004 10:23 PM
тАО10-16-2004 10:23 PM
Re: Ignore some Audit log
SET AUDIT/AUDIT/ENA=LOGFAILURE=NET
will enable login failure audit of network jobs.
Note also accounting will have records for the network jobs created by the ftp transfers.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-17-2004 05:35 PM
тАО10-17-2004 05:35 PM
Re: Ignore some Audit log
from your profile:
I have assigned points to 23 of 67 responses to my questions.
... maybe deserves some attention?
If you forgot what questions, just select your own name, that gets you to your profile, from which you can choose "questions with unassigned points"
... and if you consider a thread satidfied, then you can Close it.
Cheers
Have one on me
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-17-2004 06:26 PM
тАО10-17-2004 06:26 PM
Re: Ignore some Audit log
As others before me have mentioned i am not sure if this is wisest thing to do, but the following command could be used to disable
SET AUDIT/AUDIT/ENA=LOGFAILURE=NET
details as follows
SET
AUDIT
/AUDIT
Makes the command apply to audits,
which are messages recorded in
the system security audit log file.
(As suggested by Ian)
If you want to disable the NETWORK class all together, follow the suggestions posted before Ian
regards
Mobeen