You can enable additional classes of events by listing one
or more of the keywords of the /ENABLE qualifier to the DCL command
SET AUDIT listed in
Kinds of Security Events OpenVMS Can Report.
Table 1 Kinds of Security Events OpenVMS Can Report
Event Class |
Description |
Access
|
Specifies access events
for all objects in a class. You can audit selected types of access, both
privileged and nonprivileged, to all protected objects of a particular
class.
|
ACL
|
Events requested by a security
Audit or Alarm ACE in the access control list (ACL) of an object.
|
Authorization
|
Modification of any portion
of SYSUAF.DAT, NETPROXY.DAT, NET$PROXY.DAT, or RIGHTSLIST.DAT.
|
Breakin
|
Break-in attempts.
|
Connection
|
Logical link connections
or terminations through SYSMAN, DECnet for OpenVMS Phase IV, DECwindows
products, or an interprocess communication (IPC) call.
|
Create
|
Creation of a protected
object.
|
Deaccess
|
Deaccess from a protected
object.
|
Delete
|
Deletion of a protected
object.
|
Identifier
|
Use of identifiers as privileges.
|
Install
|
Modifications made to the
known file list through the Install utility.
|
Logfailure
|
Failed login attempts.
|
Login
|
Successful login attempts.
|
Logout
|
Logouts.
|
Mount
|
Volume mounts and dismounts.
|
NCP
|
Modification to the network
configuration database, using the network control program (NCP).
|
Privilege
|
Successful or unsuccessful
use of privilege.
|
Process
|
Use of one or more of the
process control system services.
|
SYSGEN
|
Modification of a system
parameter with the System Generation utility (SYSGEN) or AUTOGEN.
|
Time
|
Modification of system time.
|