Displays the contents of the intrusion database.
Requires SECURITY privilege.
Format
SHOW INTRUSION
1 – Qualifiers
1.1 /NODE
/NODE[=(node-name[,...])]
The /NODE qualifier displays each intrusion record with the
supporting node information.
If you specify individual nodes, the supporting node information
is displayed only for the nodes listed.
1.2 /OUTPUT
/OUTPUT[=filespec]
Directs the output from the SHOW INTRUSION command to the file
specified with the qualifier. By default, output from the command
is displayed to SYS$OUTPUT.
1.3 /TYPE
/TYPE=keyword
Selects the type of information from the intrusion database that
is displayed. The valid keywords are as follows:
ALL All entries. By default, all entries are displayed.
SUSPECT Entries for login failures that have occurred but have
not yet passed the threshold necessary to be identified
as intruders.
INTRUDER Entries for which the login failure rate was high
enough to warrant evasive action.
2 – Examples
1.$ SHOW INTRUSION/OUTPUT=INTRUDER.LIS
The SHOW INTRUSION command in this example writes all the
entries currently in the intrusion database to the file
INTRUDER.LIS.
2.$ SHOW INTRUSION/TYPE=INTRUDER
Intrusion Type Count Expiration Source
TERMINAL INTRUDER 9 10:29:39.16 AV34C2/LC-1-15:
NETWORK INTRUDER 7 10:47:53.12 NODE22::RONNING
In this example, the SHOW INTRUSION command displays all
intruder entries currently in the intrusion database.
3.$ SHOW INTRUSION/NODE
NETWORK SUSPECT 5 26-JUL-2001 08:51:25.66 POPEYE::WONG
Node: TSAVO Count: 2
Node: FROGGY Count: 2
Node: KITTY Count: 1
This command displays each intrusion record for all nodes.
4.$ SHOW INTRUSION/NODE=(FROGGY,KITTY)
NETWORK SUSPECT 5 26-JUL-2001 08:51:25.66 POPEYE::HAMMER
Node: FROGGY Count: 2
Node: KITTY Count: 2
This command displays intrusion record information for nodes
FROGGY and KITTY.
5.$ SHOW INTRUSION/NODE=EVMSA
$
This command shows that there are no intrusion records for node
EVMSA.