[HECnet] VMS question - clearing the SECURITY.AUDIT$JOURNAL security log
Sampsa Laine
sampsa at mac.com
Mon Jan 11 05:18:42 PST 2010
Gents,
I'm in the process of installing ArcSight on my network, and basically it works by running an ANALYZE/AUDIT/FULL command on SECURITY.AUDIT$JOURNAL and then importing the output file on a separate Unix for log processing.
I'm trying to find a way of clearing the current audit log (since I'm extracting the events out of it, i don't want duplicates, /SINCE risks missing events that happen within the delta). What is the proper way of clearing the security audit log?
Sampsa
More information about the Hecnet-list
mailing list