HPE Community
Operating System - OpenVMS
1828394 Members
2611 Online
109977 Solutions
New Discussion

Format of VMS security log

 
SOLVED
Go to solution
Sk Noorul Hassan
Regular Advisor

‎05-14-2006 09:16 PM

‎05-14-2006 09:16 PM

Format of VMS security log

What format are VMS security log ? Can they be exported easily for a security event monitoring tool( may be using Unicenter tool). Is the VMS security log similar to UNIX SYSLOG.
0 Kudos
Reply
7 REPLIES 7
Heinz W Genhart
Honored Contributor

‎05-14-2006 09:31 PM

‎05-14-2006 09:31 PM

Solution

Re: Format of VMS security log

Hi Hassan

depending on the audit settings (Show Audit, Set Audit) there are more or less events written to a binary File (SYS$MANAGER:SECURITY.AUDIT$JOURNAL)

To analyze the recorded events in security.audit$journal you can use the analyze /audit utility.

e.g.
ANAL/AUDIT/since=a_date/event=whatyouliketoreport sys$manager:security.audit$journal

The security.audit$journal is a binary file and absolutely not similar a unix syslog

Hope thet helps

Regards

Heinz
Reply
Ian Miller.
Honored Contributor

‎05-14-2006 10:01 PM

‎05-14-2006 10:01 PM

Re: Format of VMS security log

There is a facility to have a process receive audit events has they happen. This could be used to write a program that captures security audit events and send them to another system.
I don't know if anyone has done this already.
____________________
Purely Personal Opinion
0 Kudos
Reply
Robert Gezelter
Honored Contributor

‎05-15-2006 06:04 AM

‎05-15-2006 06:04 AM

Re: Format of VMS security log

Ian,

For the record, I have done an implementation of a Audit Event monitor for an ISV.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Reply
Gil Chinn
Frequent Visitor

‎06-04-2006 04:02 PM

‎06-04-2006 04:02 PM

Re: Format of VMS security log

It can be convoluted as there are several types of packets within the same record.

Check out Appendix F, Security Audit Message Format of the HP OpenVMS System Management Utilities Reference Manual.
http://h71000.www7.hp.com/doc/82FINAL/6048/6048pro_084.html#audit_record_format

cheers,g
0 Kudos
Reply
John Abbott_2
Esteemed Contributor

‎06-04-2006 06:53 PM

‎06-04-2006 06:53 PM

Re: Format of VMS security log

> I don't know if anyone has done this already.

Auditor+ from http://www.securitycentre.com can be used to capture events real time, it even allows you to retaliate. If the audit_server pid dies, it'll even restart it.

You can write your retaliate procedure in several languages, including DCL. Quite neat.

Just thought I'd mention it as it was easdy to set-up.

I guess you could also $ set audit/list=mbx and have a pid/program set-up to read off the events realtime.

J.
Don't do what Donny Dont does
0 Kudos
Reply
LawrencePt
New Member

‎09-12-2006 04:43 AM

‎09-12-2006 04:43 AM

Re: Format of VMS security log

Hi,

Anybody no how can i read a VMS security log in Windows?

The objective is to parse and integrate this files with SSIS 2005.

Thanks.

Lawrence
0 Kudos
Reply
Ian Miller.
Honored Contributor

‎09-12-2006 07:43 AM

‎09-12-2006 07:43 AM

Re: Format of VMS security log

Lawrence, the convention here is that you start a question of your own and it make your question easier to find.

There is a port of syslog for VMS or as the file format is documented a program could be developed for windows.
____________________
Purely Personal Opinion
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.