HP OpenVMS Systems

ask the wizard
Content starts here

Selective security auditing?

» close window

The Question is:

Recently we applied a patch to our POP server in order to update the "last
 non-interactive login time" field (UAI$_LASTLOGIN_N) in UAF everytime a user
 remotely downloads his e-mail.
It is done using sys$setuai function and works well, but this operation is
 reported (obviously) by the audit system as a SYSUAF_MODIFY event.
Is it possible to allow a process (i.e. the POP server) to perform this
 operation without being audited? Strictly speaking, even loginout.exe modifies
 sysuaf, but it isn't audited.
    Riccardo Brigo

The Answer is :

  There is no mechanism to exclude a particular source of an event marked
  for auditing, though you can use the auditing tools to filter out those
  events that you do not wish to track when using the tools to create an
  auditing data file that is a subset of the active auditing file.

answer written or last revised on ( 21-MAR-2001 )

» close window