HPE Community
Operating System - OpenVMS
1753536 Members
7235 Online
108795 Solutions
New Discussion юеВ

Modifying security audit journal location

 
SOLVED
Go to solution
roose
Regular Advisor

тАО06-28-2006 07:41 PM

тАО06-28-2006 07:41 PM

Modifying security audit journal location

Hi, I am trying to setup a test server using a clone of a production system disk. However, I am unable to startup this node as I have not restored the original disk containing the production system's audit journal (security.audit$journal) file.

When I am in minimum startup, I try to do the following command:

$ SET AUDIT/JOURNAL=SECURITY/DESTINATION=SYS$MANAGER:SECURITY.AUDIT$JOURNAL

But I am getting the following error:

%SET-F-NOCTRLMBX, audit server control mailbox assignment failed
-SYSTEM-F-IVDEVNAM, invalid device name

I try to start the audit server, but also see the error concerning the unavailable device:

$ set audit/server=start
%SET-I-NEWAUDSRV, identification of new audit server process is 0000082E
$
%%%%%%%%%%% OPCOM 29-JUN-2006 11:38:45.98 %%%%%%%%%%%
Message from user AUDIT$SERVER on FOOBAR
%AUDSRV-W-SYSJNLNAC, cannot access system audit journal SECURITY

%%%%%%%%%%% OPCOM 29-JUN-2006 11:38:45.98 %%%%%%%%%%%
Message from user AUDIT$SERVER on FOOBAR
%SYSTEM-F-IVBUFLEN, invalid buffer length

%%%%%%%%%%% OPCOM 29-JUN-2006 11:38:45.98 %%%%%%%%%%%
Message from user AUDIT$SERVER on FOOBAR
%AUDSRV-E-FATINITERR, fatal error during startup processing; automatic server re
start suppressed

Is there a workaround that I can do while in minimum startup so that I can move my audit journal to my system disk? So that once I startup normally, it will be able to create a new audit journal file and will be able to boot successfully.

Thanks in advance for your help.
0 Kudos
6 REPLIES 6
Ian Miller.
Honored Contributor

тАО06-28-2006 08:17 PM

тАО06-28-2006 08:17 PM

Solution

Re: Modifying security audit journal location

You may need to to
$set audit/server=initiate
after
$set audit/server=start


Note that SYS$MANAGER:VMS$AUDIT_SERVER.DAT contains the settings for the audit server so if you deleted file parhaps the AUDIT SERVER would default to having the audit log on the system disk.
____________________
Purely Personal Opinion
0 Kudos
roose
Regular Advisor

тАО06-28-2006 08:31 PM

тАО06-28-2006 08:31 PM

Re: Modifying security audit journal location

Ian, will it still be okay to do the set audit/server=init when my set audit/server=start failed?

I am now away from the server, so I will only be able to try this tomorrow. If this does not work, I'll also try to delete the .DAT file you mentioned.

Thanks.
0 Kudos
John Abbott_2
Esteemed Contributor

тАО06-28-2006 09:06 PM

тАО06-28-2006 09:06 PM

Re: Modifying security audit journal location

I'm sure it's documented somewhere, but you can also do a more memorable

$ @SYS$SYSTEM:STARTUP AUDIT_SERVER

Which executes the two commands mentioned (with a wait in between).

Regards
John.
Don't do what Donny Dont does
0 Kudos
Karl Rohwedder
Honored Contributor

тАО06-28-2006 09:35 PM

тАО06-28-2006 09:35 PM

Re: Modifying security audit journal location

To have a clear starting point, may be you should:
- stop AUDIT_SERVER (SET AUDIT/SEVRER=EXIT)
- delete the VMS$AUDIT_SERVER.DAT
- restart AUDIT_SERVER (@STARUP AUDIT_SERVER)
- check it via SHOW AUDIT/ALL
- then redirect the journal via the command you mentioned

Note: the VMS$AUDIT_SERVER.DAT may be relocated with logical VMS$AUDIT_SERVER.

regards Kalle
0 Kudos
Jan van den Ende
Honored Contributor

тАО06-29-2006 03:22 AM

тАО06-29-2006 03:22 AM

Re: Modifying security audit journal location

Roose,

while the advices given on DELETing VMS$AUDIT_SERVER (or its default in SYS$MANAGER), it might be wiser to just RENAME it. That also removes it logically, but it will still be available for later reference.

Just my EUR 0.02

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
roose
Regular Advisor

тАО06-29-2006 06:32 PM

тАО06-29-2006 06:32 PM

Re: Modifying security audit journal location

Hi all, thanks for your help. What I did was renamed the .DAT file, restart the system on minimum startup first, started audit server and then move the journal file's destination. Worked like a charm! :)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.