 |
HP OpenVMS DCL Dictionary
SHOW AUDIT
Displays the security auditing characteristics in effect on the system.
Requires the SECURITY privilege.
Format
SHOW AUDIT
Parameters
None.
Description
The SHOW AUDIT command displays the current state of security auditing
for the system. The display can include the state of the audit journal,
the characteristics of the audit server, and the events for which
auditing is enabled. If no auditing has been enabled, the display
reports that security alarms and audits are currently disabled.
SHOW AUDIT and SET AUDIT provide the principal management interface to
the security auditing system.
Qualifiers
/ALL
Displays all available auditing information including the following:
- Location of the system security audit log file
- Security events enabled for auditing
- Location of the security archive file
- Audit server characteristics, such as the action taken if the
audit server runs out of memory.
/ALARM
Displays the categories of events that are currently enabled; these
events will generate messages on any operator's terminal accepting
security class messages.
/ARCHIVE
Displays the name and location of the security archive file (if
archiving is enabled).
/AUDIT
Displays the categories of events that are currently enabled to write
messages to the system security audit log file.
/EXACT
Use with the /PAGE=SAVE and /SEARCH qualifiers to specify a search
string that must match the search string exactly and must be enclosed
with quotation marks (" ").
If you specify the /EXACT qualifier without the /SEARCH qualifier,
exact search mode is enabled when you set the search string with the
Find (E1) key.
/HIGHLIGHT[=keyword]
Use with the /PAGE=SAVE and /SEARCH qualifiers to specify the type of
highlighting you want when a search string is found. When a string is
found, the entire line is highlighted. You can use the following
keywords: BOLD, BLINK, REVERSE, and UNDERLINE. BOLD is the default
highlighting.
/JOURNAL
Displays characteristics of the system audit journal.
/OUTPUT[=filespec]
Controls where the output of the command is sent. If you do not enter
the /OUTPUT qualifier or if you enter it without a file specification,
the output is sent to the default output stream or device for the
current process, which is identified by the logical name SYS$OUTPUT.
If you enter the /OUTPUT qualifier with a partial file specification
(for example, only a directory name), SET AUDIT assigns the file name
SHOW with the default file type of .LIS. The file specification cannot
include the asterisk (*) and the percent sign (%) wildcard characters.
/PAGE[=keyword]
/NOPAGE (default)
Controls the display of information on the screen.
You can use the following keywords with the /PAGE qualifier:
|
CLEAR_SCREEN
|
Clears the screen before each page is displayed.
|
|
SCROLL
|
Displays information one line at a time.
|
|
SAVE[=
n]
|
Enables screen navigation of information, where
n is the number of pages to store.
|
The /PAGE=SAVE qualifier allows you to navigate through screens of
information. The /PAGE=SAVE qualifier stores up to 5 screens of up to
255 columns of information. When you use the /PAGE=SAVE qualifier, you
can use the following keys to navigate through the information:
| Key Sequence |
Description |
|
Up arrow key, Ctrl/B
|
Scroll up one line.
|
|
Down arrow key
|
Scroll down one line.
|
|
Left arrow key
|
Scroll left one column.
|
|
Right arrow key
|
Scroll right one column.
|
|
Find (E1)
|
Specify a string to find when the information is displayed.
|
|
Insert Here (E2)
|
Scroll right one half screen.
|
|
Remove (E3)
|
Scroll left one half screen.
|
|
Select (E4)
|
Toggle 80/132 column mode.
|
|
Prev Screen (E5)
|
Get the previous page of information.
|
|
Next Screen (E6), Return, Enter, Space
|
Get the next page of information.
|
|
F10, Ctrl/Z
|
Exit. (Some utilities define these differently.)
|
|
Help (F15)
|
Display utility help text.
|
|
Do (F16)
|
Toggle the display to oldest/newest page.
|
|
Ctrl/W
|
Refresh the display.
|
The /PAGE qualifier is not compatible with the /OUTPUT qualifier.
/SEARCH="string"
Use with the /PAGE=SAVE qualifier to specify a string that you want to
find in the information being displayed. Quotation marks are required
for the /SEARCH qualifier, if you include spaces in the text string.
You can also dynamically change the search string by pressing the Find
key (E1) while the information is being displayed. Quotation marks are
not required for a dynamic search.
/SERVER
Displays audit server characteristics.
/WRAP
/NOWRAP (default)
Use with the /PAGE=SAVE qualifier to limit the number of columns to the
width of the screen and to wrap lines that extend beyond the width of
the screen to the next line.
The /NOWRAP qualifier extends lines beyond the width of the screen and
can be seen when you use the scrolling (left and right) features
provided by the /PAGE=SAVE qualifier.
Example
|
$ SHOW AUDIT/ALL
List of audit journals:
Journal name: SECURITY
Journal owner: (system audit journal)
Destination: SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL
Monitoring: enabled
Warning thresholds, Block count: 100 Duration: 2 00:00:00.0
Action thresholds, Block count: 25 Duration: 0 00:30:00.0
Security auditing server characteristics:
Database version: 4.4
Backlog (total): 100, 200, 300
Backlog (process): 5, 2
Server processing intervals:
Archive flush: 0 00:01:00:00
Journal flush: 0 00:05:00:00
Resource scan: 0 00:05:00:00
Final resource action: purge oldest audit events
Security archiving information:
Archiving events: none
Archive destination:
System security alarms currently enabled for:
ACL
Authorization
INSTALL
Time
Audit: illformed
Breakin: dialup,local,remote,network,detached
Login: batch,dialup,local,remote,network,subprocess,detached
Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
System security audits currently enabled for:
ACL
Mount
Authorization
INSTALL
Time
Audit: illformed
Breakin: dialup,local,remote,network,detached
Login: batch,dialup,local,remote,network,subprocess,detached,server
Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
Logout: batch,dialup,local,remote,network,subprocess,detached,server
FILE access:
Failure: read,write,execute,delete,control
|
The SHOW AUDIT command in this example displays the auditing settings
after a system installation. See the SET AUDIT/ENABLE command for
descriptions of the individual audit items.
|
