- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: VMS AUDIT LOG
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 02:04 AM
тАО09-25-2009 02:04 AM
I am getting the following information in audit log of one of the vms server VAX111.
"2-APR-2009 12:58:55.09 LOGFAIL NETWORK VAX111 ILLEGAL 00084EF3"
What does this ILLEGAL mean?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 03:13 AM
тАО09-25-2009 03:13 AM
Solutionthe string 'ILLEGAL' is the local username used for the attempted DECnet network access.
Check your DECnet object (or session control application) database for this username.
As far as I remember, this string could be used to protect the TASK object from remote default access.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 03:22 AM
тАО09-25-2009 03:22 AM
Re: VMS AUDIT LOG
The word ILLEGAL appears in the columns between nodename and ID where typically the username appears. That's what the ANAL/AUDI column headers indicate, That's what the data on my system looks like.
Do you have any reason to believe that 'ILLEGAL' is not simply a username?
Now on my 8.3 system, when I cause a LOGFAIL using an invalid (illegal?!) username that name is NOT displayed, but the text
It would not surprise me if some earlier OpenVMS version reported the actually username which is not unlikely to be a fat-fingered password.
What OpenVMS version is being used? Considering the node name... V5.5-2 ?
Check out:
http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1372502
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 03:28 AM
тАО09-25-2009 03:28 AM
Re: VMS AUDIT LOG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 03:32 AM
тАО09-25-2009 03:32 AM
Re: VMS AUDIT LOG
I just did not see it on my system because I happened to have the task object enabled.
See for example : http://h71000.www7.hp.com/doc/73final/documentation/pdf/decnet_ovms_gd_network.pdf
The username used could be anything, but is by default establish as 'ILLEGAL' with the command
MCR NCP DEFINE OBJECT TASK NUMBER 0 USER ILLEGAL PASSWORD DISABLED
It can be verified with MCR NCP SHOW KNOWN OBJECTS
Hein.