Operating System - OpenVMS
1827908 Members
2120 Online
109971 Solutions
New Discussion

Format of VMS security log

 
SOLVED
Go to solution
Sk Noorul  Hassan
Regular Advisor

Format of VMS security log

What format are VMS security log ? Can they be exported easily for a security event monitoring tool( may be using Unicenter tool). Is the VMS security log similar to UNIX SYSLOG.
7 REPLIES 7
Heinz W Genhart
Honored Contributor
Solution

Re: Format of VMS security log

Hi Hassan

depending on the audit settings (Show Audit, Set Audit) there are more or less events written to a binary File (SYS$MANAGER:SECURITY.AUDIT$JOURNAL)

To analyze the recorded events in security.audit$journal you can use the analyze /audit utility.

e.g.
ANAL/AUDIT/since=a_date/event=whatyouliketoreport sys$manager:security.audit$journal

The security.audit$journal is a binary file and absolutely not similar a unix syslog

Hope thet helps

Regards

Heinz
Ian Miller.
Honored Contributor

Re: Format of VMS security log

There is a facility to have a process receive audit events has they happen. This could be used to write a program that captures security audit events and send them to another system.
I don't know if anyone has done this already.
____________________
Purely Personal Opinion
Robert Gezelter
Honored Contributor

Re: Format of VMS security log

Ian,

For the record, I have done an implementation of a Audit Event monitor for an ISV.

- Bob Gezelter, http://www.rlgsc.com
Gil Chinn
Frequent Visitor

Re: Format of VMS security log

It can be convoluted as there are several types of packets within the same record.

Check out Appendix F, Security Audit Message Format of the HP OpenVMS System Management Utilities Reference Manual.
http://h71000.www7.hp.com/doc/82FINAL/6048/6048pro_084.html#audit_record_format

cheers,g
John Abbott_2
Esteemed Contributor

Re: Format of VMS security log

> I don't know if anyone has done this already.

Auditor+ from http://www.securitycentre.com can be used to capture events real time, it even allows you to retaliate. If the audit_server pid dies, it'll even restart it.

You can write your retaliate procedure in several languages, including DCL. Quite neat.

Just thought I'd mention it as it was easdy to set-up.

I guess you could also $ set audit/list=mbx and have a pid/program set-up to read off the events realtime.

J.
Don't do what Donny Dont does
LawrencePt
New Member

Re: Format of VMS security log

Hi,

Anybody no how can i read a VMS security log in Windows?

The objective is to parse and integrate this files with SSIS 2005.

Thanks.

Lawrence
Ian Miller.
Honored Contributor

Re: Format of VMS security log

Lawrence, the convention here is that you start a question of your own and it make your question easier to find.

There is a port of syslog for VMS or as the file format is documented a program could be developed for windows.
____________________
Purely Personal Opinion