 |
» |
|
|
|
Table of Contents - Using System Logging
- The LOG configurator
- Entering the LOG Configurator
- Using the LOG Configurator Help Facility
- Showing Current LOG Values
- Logging System Events
- Logging User Events
- Clearing Log Configuration Changes
- Holding and Saving Configuration Changes
- Entering an MPE Command from the LOG Configurator
- Exiting the LOG Configurator
- Printing a Log File
- Printing a subset of a log file
- Accessing Log Files from Programs
- Creating and naming log files
- Log file commands
- File security
- Log file structure
- Console messages for log files
- File error handling
- LOGTOOL
- Using the LOGTOOL Utility
- COMMAND SUMMARY
- Logging Formats
- Format 1## system log record header
- Format 1## system log audit trailer
- Format 2## system log record header
- Log Record Types
- System Log Record Formats
- Log failure record, type 100
- System up record, type 101
- Job initiation record, type 102
- Job termination record, type 103
- Process termination record, type 104
- NM File close record, type 105
- NM File close record, type 205
- Shutdown record, type 106
- Power failure record, type 107
- I/O error record, type 111
- Physical mount/dismount record, type 112
- Logical mount/dismount record, type 113
- Tape labels record, type 114
- Console log record, type 115
- Program file event record, type 116
- NMS spoolfile done log record, type 120 (input)
- NMS spoolfile done log record, type 120 (output)
- Processor launch information log record, type 131
- Password changes log record, type 134
- System logging configuration record, type 135
- Restore log record, type 136
- Restore log record, type 236
- Printer access failure log record, type 137
- ACD changes log record, type 138
- Type 238
- Job stream initiation log record, type 139
- User logging record, type 140
- Process creation log record, type 141
- Internal Data Structure, type 242
- Change group record, type 143
- File open record, type 144*
- File open record, type 244
- Configurable Command Logging
- Maintenance Request Record Format, type 146
- Diagnostic information records, type 150
- Diagnostic system information record, type 150
- High-priority machine check, type 151
- Low-priority machine check, type 152
- CM file close record, type 160
This chapter describes methods for creating audit trails, by which system usage can be determined. Well defined audit trails tell you: Who is and who has been using the system. Which files were accessed. Which commands and system facilities were used.
MPE/iX provides you with three separate logging facilities: system logging, memory logging, and user logging. Each operates separately and has no effect on the others. The purpose of each is as follows: System Logging: Records the use of system resources by accounts, groups, and users on a job or session basis. Logs errors and other events detected by various system modules. Memory Logging: Records errors that occurred in memory. This function is useful primarily to system administrators. User Logging: Allows users and subsystems to record additions and modifications to databases and other files used in applications programs.
System file information is also recorded in the system log file and that is why the System Managers need to know about system logging and LOGTOOL to audit system security. With the system logging facility, you can keep track of the following: Security configuration changes.* ACD creation and modification. System logging configuration. Physical volume mounts/dismounts. Logical volume mounts/dismounts
Items marked with an asterisk (*) are provided in the HP Security Monitor/iX. Two additional security facilities are included in the HP Security Monitor but do not create log records. The two facilities are: Auditability by named user. Assurance of auditability.
System logging is discussed in detail in the rest of this chapter. User logging is covered in the User Logging Programmer's Guide (32650-90027).
|