- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Modifying security audit journal location
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2006 07:41 PM
тАО06-28-2006 07:41 PM
When I am in minimum startup, I try to do the following command:
$ SET AUDIT/JOURNAL=SECURITY/DESTINATION=SYS$MANAGER:SECURITY.AUDIT$JOURNAL
But I am getting the following error:
%SET-F-NOCTRLMBX, audit server control mailbox assignment failed
-SYSTEM-F-IVDEVNAM, invalid device name
I try to start the audit server, but also see the error concerning the unavailable device:
$ set audit/server=start
%SET-I-NEWAUDSRV, identification of new audit server process is 0000082E
$
%%%%%%%%%%% OPCOM 29-JUN-2006 11:38:45.98 %%%%%%%%%%%
Message from user AUDIT$SERVER on FOOBAR
%AUDSRV-W-SYSJNLNAC, cannot access system audit journal SECURITY
%%%%%%%%%%% OPCOM 29-JUN-2006 11:38:45.98 %%%%%%%%%%%
Message from user AUDIT$SERVER on FOOBAR
%SYSTEM-F-IVBUFLEN, invalid buffer length
%%%%%%%%%%% OPCOM 29-JUN-2006 11:38:45.98 %%%%%%%%%%%
Message from user AUDIT$SERVER on FOOBAR
%AUDSRV-E-FATINITERR, fatal error during startup processing; automatic server re
start suppressed
Is there a workaround that I can do while in minimum startup so that I can move my audit journal to my system disk? So that once I startup normally, it will be able to create a new audit journal file and will be able to boot successfully.
Thanks in advance for your help.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2006 08:17 PM
тАО06-28-2006 08:17 PM
Solution$set audit/server=initiate
after
$set audit/server=start
Note that SYS$MANAGER:VMS$AUDIT_SERVER.DAT contains the settings for the audit server so if you deleted file parhaps the AUDIT SERVER would default to having the audit log on the system disk.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2006 08:31 PM
тАО06-28-2006 08:31 PM
Re: Modifying security audit journal location
I am now away from the server, so I will only be able to try this tomorrow. If this does not work, I'll also try to delete the .DAT file you mentioned.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2006 09:06 PM
тАО06-28-2006 09:06 PM
Re: Modifying security audit journal location
$ @SYS$SYSTEM:STARTUP AUDIT_SERVER
Which executes the two commands mentioned (with a wait in between).
Regards
John.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2006 09:35 PM
тАО06-28-2006 09:35 PM
Re: Modifying security audit journal location
- stop AUDIT_SERVER (SET AUDIT/SEVRER=EXIT)
- delete the VMS$AUDIT_SERVER.DAT
- restart AUDIT_SERVER (@STARUP AUDIT_SERVER)
- check it via SHOW AUDIT/ALL
- then redirect the journal via the command you mentioned
Note: the VMS$AUDIT_SERVER.DAT may be relocated with logical VMS$AUDIT_SERVER.
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2006 03:22 AM
тАО06-29-2006 03:22 AM
Re: Modifying security audit journal location
while the advices given on DELETing VMS$AUDIT_SERVER (or its default in SYS$MANAGER), it might be wiser to just RENAME it. That also removes it logically, but it will still be available for later reference.
Just my EUR 0.02
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2006 06:32 PM
тАО06-29-2006 06:32 PM