Looking for a tool to read the security audit file efficiently

Everything related to the OpenVMS security model, system access, system and data protection, and security auditing.
Post Reply

Topic author
jeremybegg
Contributor
Posts: 17
Joined: Mon Jun 08, 2020 3:39 am
Reputation: 0
Status: Offline

Looking for a tool to read the security audit file efficiently

Post by jeremybegg » Sun Mar 26, 2023 5:11 am

Hi,

I have been asked to assist a site with some security auditing. They have enabled file access auditing on command procedures and executable images in certain directories, and we can see the results using ANAL/AUDIT/FULL.

However, the number of entries being generated is huge and so I would like to use a command line tool which enables better control over the fields displayed when reading the audit file.

Does anyone know of such a tool? If not, I can probably write one - if the record layout is documented somewhere.

Thanks,
Jeremy Begg

User avatar

volkerhalle
Master
Posts: 196
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: Looking for a tool to read the security audit file efficiently

Post by volkerhalle » Sun Mar 26, 2023 8:40 am

Jeremy,

I can at least answer the question regarding the documentation:

Appendix F. Security Audit Message Format in the System Management Utilities Reference Manual, Volume I: A-L

https://docs.vmssoftware.com/vsi-openvm ... ORD_FORMAT

Volker.

User avatar

arne_v
Master
Posts: 308
Joined: Fri Apr 17, 2020 7:31 pm
Reputation: 0
Location: Rhode Island, USA
Status: Offline
Contact:

Re: Looking for a tool to read the security audit file efficiently

Post by arne_v » Sun Apr 16, 2023 10:27 am

Yes - basically it is just read the docs and write a program to read the file.

I did some work just for fun:

https://www.vajhoej.dk/arne/articles/vmstd7.html
Arne
arne@vajhoej.dk
VMS user since 1986


Topic author
jeremybegg
Contributor
Posts: 17
Joined: Mon Jun 08, 2020 3:39 am
Reputation: 0
Status: Offline

Re: Looking for a tool to read the security audit file efficiently

Post by jeremybegg » Wed May 17, 2023 6:06 am

Hi Volker, thanks for the pointer to the manual.

I spent a few hours putting together a Pascal program to dump out and summarise the OBJ_ACCESS records of interest. I'm tempted to make it more general-purpose but tuits are in short supply, especially round ones!

User avatar

martinv
Master
Posts: 102
Joined: Fri Jun 14, 2019 11:05 pm
Reputation: 0
Location: Goslar, Germany
Status: Offline
Contact:

Re: Looking for a tool to read the security audit file efficiently

Post by martinv » Wed May 17, 2023 6:44 am

I once implemented an audit server listener and decoder program, though it probably is not complete in decoding everything. Find it on de.OpenVMS.org if interested.
Working hard for something we don't care about is called stress;
working hard for something we love is called passion.
(Simon Sinek)

Post Reply