The Question is:
I want to ignore certain types of login failures from an ANAL/AUDIT report
by using ANAL/AUDIT/EVENT=LOGFAIL/SELECT=STATUS=CODE option,
(which I assume I can put a "-" to exclude codes)
but this requires the numeric value of the code.
How do I find the numeric value of an error message?
Is there a decode utility for message files?
The code I'm trying to ignore is:
%LOGIN-F-CMDINPUT, error reading command input
which is generated when a user doesn't type in their username/pwd within
the allowed time limit (eg - the phone rung).
I don't consider this to be an actual breakin attempt.
Thanks in advance,
Dept Education & Training NSW
The Answer is :
There are simple DCL tools which iteratively list the contents
of specific (or of all) OpenVMS message files in SYS$MESSAGE:.
There are also the OpenVMS source listings.
There are also the BLISS (and other language-specific) symbol
libraries, when these are installed.
$ search sys$share:*.req cmdinput
literal LGI$_CMDINPUT = 13860964;
$ x = f$message(13860964)
$ sho sym x
X = "%LOGIN-F-CMDINPUT, error reading command input"
$ x = f$fao("!XL",13860964)
$ show symbol x
X = "00D38064"
You could also look at the binary contents of the record, or
(easier) you could catch the status value from the ACCOUNTNG.DAT
record associated with the failure:
Queue entry: Final status code: 10D38064
Final status text: %LOGIN-F-CMDINPUT, error reading command input
The status is thus (hexadecimal) 10D38064. The 1 in the flags
portion of the condition status value (bit 28; STS$V_INHIB_MSG;
the difference between the 10D38064 and 00D38064 values) indicates
that the message has already been signaled.