HP OpenVMS Systems

ask the wizard
Content starts here

User Auditing, Keystroke Command Logging?

» close window

The Question is:

Is there any way to track each single DCL command issued by a user and keep a
 complete activity log ?
Something more transparent for the user than a "set host 0/log".

The Answer is :

  Please consider reviewing the OpenVMS Frequently Asked Questions (FAQ),
  for discussions of and answers to many common questions.  Yes, including
  this one.  Search for MONITOR or AUDIT or other such terminology within
  the FAQ, and you will find pointers to Freeware and to available commercial
  packages that can be used to track user activity; to spy on system users.
  The OpenVMS Wizard generally recommends using system security auditing
  and of OpenVMS object protections and not keystroke monitors -- keystroke
  monitors are comparatively easy to defeat, and details are difficult to
  dig out of the voluminous logs that inevitably result, comparatively
  easy to obfuscate -- is that a DCL symbol or a DCL command the user
  just executed? -- and privileged users (as is normally the case) can
  override the logging mechanisms.
  DCL commands are not a class of object that can be protected and can be
  alarmed and/or audited.  Files, global sections, devices, etc., can all
  be protected and alarmed/audited.  Without appropriate system security
  and system alarms and audits configured, (host-based) logging can be
  irrelevent -- keystroke logging is secondary or tertiary to establishing
  and maintaining a proper local OpenVMS system security configuration.
  If you must have privileged users held accountable, use the two-password
  login mechanism and require that two users be present for all operations
  on each privileged username.  (This is the intended use of the secondary
  password mechanism.)
  For information on security configuration recommendations, please see
  the appendix of the OpenVMS system security manual.

answer written or last revised on ( 24-NOV-2003 )

» close window