[HECnet] VMS question - clearing the SECURITY.AUDIT$JOURNAL security log
Sampsa Laine
sampsa at mac.com
Mon Jan 11 10:31:06 PST 2010
Another thing: Anyone know how to make the standard SSHD (TCP/IP services 5.4, I think) report login failures into the security journal? At the moment the Telnet and DECNET login stuff is logged, but now SSH. Any ideas?
Sampsa
On 11 Jan 2010, at 16:05, gerry77 at mail.com wrote:
On Mon, 11 Jan 2010 13:18:42 +0000, you wrote:
Gents,
I'm in the process of installing ArcSight on my network, and basically
it works by running an ANALYZE/AUDIT/FULL command on SECURITY.AUDIT
$JOURNAL and then importing the output file on a separate Unix for log
processing.
I'm trying to find a way of clearing the current audit log (since I'm
extracting the events out of it, i don't want duplicates, /SINCE risks
missing events that happen within the delta). What is the proper way
of clearing the security audit log?
What about SET AUDIT/SERVER=NEW_LOG to create a new version of the journal
before processing (i.e.: create new log then analyze the old one)? :-)
HTH,
G.
More information about the Hecnet-list
mailing list