VMS Help  —  SHOW  AUDIT
    Displays the security auditing characteristics in effect on the
    system.

    Requires the SECURITY privilege.

    Format

      SHOW AUDIT

1  –  Qualifiers

1.1    /ALL

    Displays all available auditing information including the
    following:

    o  Location of the system security audit log file

    o  Security events enabled for auditing

    o  Location of the security archive file

    o  Audit server characteristics, such as the action taken if the
       audit server runs out of memory.

1.2    /ALARM

    Displays the categories of events that are currently enabled;
    these events will generate messages on any operator's terminal
    accepting security class messages.

1.3    /ARCHIVE

    Displays the name and location of the security archive file (if
    archiving is enabled).

1.4    /AUDIT

    Displays the categories of events that are currently enabled to
    write messages to the system security audit log file.

1.5    /EXACT

    Use with the /PAGE=SAVE and /SEARCH qualifiers to specify a
    search string that must match the search string exactly and must
    be enclosed with quotation marks (" ").

    If you specify the /EXACT qualifier without the /SEARCH
    qualifier, exact search mode is enabled when you set the search
    string with the Find (E1) key.

1.6    /HIGHLIGHT

       /HIGHLIGHT[=keyword]

    Use with the /PAGE=SAVE and /SEARCH qualifiers to specify the
    type of highlighting you want when a search string is found. When
    a string is found, the entire line is highlighted. You can use
    the following keywords: BOLD, BLINK, REVERSE, and UNDERLINE. BOLD
    is the default highlighting.

1.7    /JOURNAL

    Displays characteristics of the system audit journal.

1.8    /OUTPUT

       /OUTPUT[=filespec]

    Controls where the output of the command is sent. If you do not
    enter the /OUTPUT qualifier or if you enter it without a file
    specification, the output is sent to the default output stream
    or device for the current process, which is identified by the
    logical name SYS$OUTPUT.

    If you enter the /OUTPUT qualifier with a partial file
    specification (for example, only a directory name), SET AUDIT
    assigns the file name SHOW with the default file type of .LIS.
    The file specification cannot include the asterisk (*)  and the
    percent sign (%)  wildcard characters.

1.9    /PAGE

       /PAGE[=keyword]
       /NOPAGE (default)

    Controls the display of information on the screen.

    You can use the following keywords with the /PAGE qualifier:

    CLEAR_SCREEN   Clears the screen before each page is displayed.

    SCROLL         Displays information one line at a time.

    SAVE[=n]       Enables screen navigation of information, where n
                   is the number of pages to store.

    The /PAGE=SAVE qualifier allows you to navigate through screens
    of information. The /PAGE=SAVE qualifier stores up to 5 screens
    of up to 255 columns of information. When you use the /PAGE=SAVE
    qualifier, you can use the following keys to navigate through the
    information:

    Key Sequence              Description

    Up arrow key, Ctrl/B      Scroll up one line.
    Down arrow key            Scroll down one line.
    Left arrow key            Scroll left one column.
    Right arrow key           Scroll right one column.
    Find (E1)                 Specify a string to find when the
                              information is displayed.
    Insert Here (E2)          Scroll right one half screen.
    Remove (E3)               Scroll left one half screen.
    Select (E4)               Toggle 80/132 column mode.
    Prev Screen (E5)          Get the previous page of information.
    Next Screen (E6),         Get the next page of information.
    Return, Enter, Space
    F10, Ctrl/Z               Exit. (Some utilities define these
                              differently.)
    Help (F15)                Display utility help text.
    Do (F16)                  Toggle the display to oldest/newest
                              page.
    Ctrl/W                    Refresh the display.

    The /PAGE qualifier is not compatible with the /OUTPUT qualifier.

1.10    /SEARCH

       /SEARCH="string"

    Use with the /PAGE=SAVE qualifier to specify a string that you
    want to find in the information being displayed. Quotation marks
    are required for the /SEARCH qualifier, if you include spaces in
    the text string.

    You can also dynamically change the search string by pressing the
    Find key (E1) while the information is being displayed. Quotation
    marks are not required for a dynamic search.

1.11    /SERVER

    Displays audit server characteristics.

1.12    /WRAP

       /WRAP
       /NOWRAP (default)

    Use with the /PAGE=SAVE qualifier to limit the number of columns
    to the width of the screen and to wrap lines that extend beyond
    the width of the screen to the next line.

    The /NOWRAP qualifier extends lines beyond the width of the
    screen and can be seen when you use the scrolling (left and
    right) features provided by the /PAGE=SAVE qualifier.

2  –  Example

  $ SHOW AUDIT/ALL
  List of audit journals:
   Journal name:           SECURITY
   Journal owner:          (system audit journal)
   Destination:            SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL
   Monitoring:             enabled
     Warning thresholds,   Block count:    100   Duration:    2 00:00:00.0
     Action thresholds,    Block count:     25   Duration:    0 00:30:00.0

  Security auditing server characteristics:
   Database version:       4.4
   Backlog (total):        100, 200, 300
   Backlog (process):      5, 2
   Server processing intervals:
     Archive flush:        0 00:01:00:00
     Journal flush:        0 00:05:00:00
     Resource scan:        0 00:05:00:00
   Final resource action:  purge oldest audit events

  Security archiving information:
   Archiving events:       none
   Archive destination:

  System security alarms currently enabled for:
   ACL
   Authorization
   INSTALL
   Time
   Audit:      illformed
   Breakin:    dialup,local,remote,network,detached
   Login:      batch,dialup,local,remote,network,subprocess,detached
   Logfailure: batch,dialup,local,remote,network,subprocess,detached,server

  System security audits currently enabled for:
   ACL
   Mount
   Authorization
   INSTALL
   Time
   Audit:      illformed
   Breakin:    dialup,local,remote,network,detached
   Login:      batch,dialup,local,remote,network,subprocess,detached,server
   Logfailure: batch,dialup,local,remote,network,subprocess,detached,server
   Logout:     batch,dialup,local,remote,network,subprocess,detached,server
   FILE access:
     Failure:  read,write,execute,delete,control

      The SHOW AUDIT command in this example displays the auditing
      settings after a system installation. See the SET AUDIT/ENABLE
      command for descriptions of the individual audit items.
Close Help