HPE Community
Operating System - OpenVMS
1828215 Members
2033 Online
109975 Solutions
New Discussion

Re: Open/Read/Parse SECURITY.AUDIT$JOURNAL in Windows

 
LawrencePt
New Member

‎09-12-2006 10:45 PM

‎09-12-2006 10:45 PM

Open/Read/Parse SECURITY.AUDIT$JOURNAL in Windows

Hi,

Anybody know how can i read a VMS security log in Windows?

The objective is to parse and integrate this files with SSIS 2005.

Thanks.

Lawrence
0 Kudos
Reply
2 REPLIES 2
Ian Miller.
Honored Contributor

‎09-13-2006 08:36 AM

‎09-13-2006 08:36 AM

Re: Open/Read/Parse SECURITY.AUDIT$JOURNAL in Windows

The format of the records in this file are described in Appendix F, Security Audit Message Format of the HP OpenVMS System Management Utilities Reference Manual.
http://h71000.www7.hp.com/doc/82FINAL/6048/6048pro_084.html#audit_record_format

____________________
Purely Personal Opinion
0 Kudos
Reply
John Gillings
Honored Contributor

‎09-13-2006 09:20 AM

‎09-13-2006 09:20 AM

Re: Open/Read/Parse SECURITY.AUDIT$JOURNAL in Windows

Your first issue is to figure out how the file will be copied and/or converted over to a Windows system.

The native OpenVMS file has variable length records, which windows won't understand. Since the file contains binary data, you can't simply convert it to a stream format, as there are no guarantees that the data does not contain apparent stream record delimiters.

First task is therefore probably to build yourself a module that can understand OpenVMS Variable Length Records. Not terribly difficult, but also non-trivial.

You can then parse the records according to the specifications referenced by Ian, but remember that some of the data needs further interpretation. For example, many of the records will contain identifier values. To make them meaningful, they need to be translated into text through RIGHTSLIST. You also need to format OpenVMS binary time stamps, binary privilege & protection masks and numerous other OpenVMS objects. Audit records also contain binary OpenVMS Condition codes. To translate them, you need the message files in SYS$MESSAGE.

So, although anything is possible, to teach Windows how to understand all these things would require porting of some fairly large chunks of OpenVMS code, and several OpenVMS data files. Almost certainly far more work than you want to do.

Lucky for you there's already a program that knows how to format audit records - it's called ANALYZE/AUDIT. I'd recommend you use it on your OpenVMS system to translate the binary audit journal into text, then copy the text to your windows system.
A crucible of informative mistakes
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.