[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP OpenVMS DCL Dictionary


Previous Contents Index


SHOW AUDIT

Displays the security auditing characteristics in effect on the system.

Requires the SECURITY privilege.


Format

SHOW AUDIT


Parameters

None.

Description

The SHOW AUDIT command displays the current state of security auditing for the system. The display can include the state of the audit journal, the characteristics of the audit server, and the events for which auditing is enabled. If no auditing has been enabled, the display reports that security alarms and audits are currently disabled.

SHOW AUDIT and SET AUDIT provide the principal management interface to the security auditing system.


Qualifiers

/ALL

Displays all available auditing information including the following:
  • Location of the system security audit log file
  • Security events enabled for auditing
  • Location of the security archive file
  • Audit server characteristics, such as the action taken if the audit server runs out of memory.

/ALARM

Displays the categories of events that are currently enabled; these events will generate messages on any operator's terminal accepting security class messages.

/ARCHIVE

Displays the name and location of the security archive file (if archiving is enabled).

/AUDIT

Displays the categories of events that are currently enabled to write messages to the system security audit log file.

/EXACT

Use with the /PAGE=SAVE and /SEARCH qualifiers to specify a search string that must match the search string exactly and must be enclosed with quotation marks (" ").

If you specify the /EXACT qualifier without the /SEARCH qualifier, exact search mode is enabled when you set the search string with the Find (E1) key.

/HIGHLIGHT[=keyword]

Use with the /PAGE=SAVE and /SEARCH qualifiers to specify the type of highlighting you want when a search string is found. When a string is found, the entire line is highlighted. You can use the following keywords: BOLD, BLINK, REVERSE, and UNDERLINE. BOLD is the default highlighting.

/JOURNAL

Displays characteristics of the system audit journal.

/OUTPUT[=filespec]

Controls where the output of the command is sent. If you do not enter the /OUTPUT qualifier or if you enter it without a file specification, the output is sent to the default output stream or device for the current process, which is identified by the logical name SYS$OUTPUT.

If you enter the /OUTPUT qualifier with a partial file specification (for example, only a directory name), SET AUDIT assigns the file name SHOW with the default file type of .LIS. The file specification cannot include the asterisk (*) and the percent sign (%) wildcard characters.

/PAGE[=keyword]

/NOPAGE (default)

Controls the display of information on the screen.

You can use the following keywords with the /PAGE qualifier:

CLEAR_SCREEN Clears the screen before each page is displayed.
SCROLL Displays information one line at a time.
SAVE[= n] Enables screen navigation of information, where n is the number of pages to store.

The /PAGE=SAVE qualifier allows you to navigate through screens of information. The /PAGE=SAVE qualifier stores up to 5 screens of up to 255 columns of information. When you use the /PAGE=SAVE qualifier, you can use the following keys to navigate through the information:

Key Sequence Description
Up arrow key, Ctrl/B Scroll up one line.
Down arrow key Scroll down one line.
Left arrow key Scroll left one column.
Right arrow key Scroll right one column.
Find (E1) Specify a string to find when the information is displayed.
Insert Here (E2) Scroll right one half screen.
Remove (E3) Scroll left one half screen.
Select (E4) Toggle 80/132 column mode.
Prev Screen (E5) Get the previous page of information.
Next Screen (E6), Return, Enter, Space Get the next page of information.
F10, Ctrl/Z Exit. (Some utilities define these differently.)
Help (F15) Display utility help text.
Do (F16) Toggle the display to oldest/newest page.
Ctrl/W Refresh the display.

The /PAGE qualifier is not compatible with the /OUTPUT qualifier.

/SEARCH="string"

Use with the /PAGE=SAVE qualifier to specify a string that you want to find in the information being displayed. Quotation marks are required for the /SEARCH qualifier, if you include spaces in the text string.

You can also dynamically change the search string by pressing the Find key (E1) while the information is being displayed. Quotation marks are not required for a dynamic search.

/SERVER

Displays audit server characteristics.

/WRAP

/NOWRAP (default)

Use with the /PAGE=SAVE qualifier to limit the number of columns to the width of the screen and to wrap lines that extend beyond the width of the screen to the next line.

The /NOWRAP qualifier extends lines beyond the width of the screen and can be seen when you use the scrolling (left and right) features provided by the /PAGE=SAVE qualifier.


Example


$ SHOW AUDIT/ALL
List of audit journals:
 Journal name:           SECURITY
 Journal owner:          (system audit journal)
 Destination:            SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL
 Monitoring:             enabled
   Warning thresholds,   Block count:    100   Duration:    2 00:00:00.0
   Action thresholds,    Block count:     25   Duration:    0 00:30:00.0
                 
Security auditing server characteristics:
 Database version:       4.4
 Backlog (total):        100, 200, 300
 Backlog (process):      5, 2
 Server processing intervals:
   Archive flush:        0 00:01:00:00
   Journal flush:        0 00:05:00:00
   Resource scan:        0 00:05:00:00
 Final resource action:  purge oldest audit events
Security archiving information:
 Archiving events:       none
 Archive destination:
System security alarms currently enabled for:
 ACL
 Authorization
 INSTALL
 Time
 Audit:      illformed
 Breakin:    dialup,local,remote,network,detached
 Login:      batch,dialup,local,remote,network,subprocess,detached
 Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
System security audits currently enabled for:
 ACL
 Mount
 Authorization
 INSTALL
 Time
 Audit:      illformed
 Breakin:    dialup,local,remote,network,detached
 Login:      batch,dialup,local,remote,network,subprocess,detached,server
 Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
 Logout:     batch,dialup,local,remote,network,subprocess,detached,server
 FILE access:
   Failure:  read,write,execute,delete,control
      

The SHOW AUDIT command in this example displays the auditing settings after a system installation. See the SET AUDIT/ENABLE command for descriptions of the individual audit items.


Previous Next Contents Index