Selects the classes of events to be extracted from the security
log file. If you omit the qualifier or specify the ALL keyword,
the utility includes all enabled event classes in the report.
Format
/EVENT_TYPE=(event-type[,...])
event type[,...]
Specifies the classes of events used to select records. You can
specify any of the following event types:
[NO]ACCESS Access to an object, such as a file
[NO]ALL All event types
[NO]AUDIT Use of the SET AUDIT command
[NO]AUTHORIZATION Change to the authorization database
(SYSUAF.DAT, RIGHTSLIST.DAT, NETPROXY.DAT,
or NET$PROXY.DAT)
[NO]BREAKIN Break-in detection
[NO]CONNECTION Establishment of a network connection through
the System Management utility (SYSMAN),
DECwindows, or interprocess communication
(IPC) software
[NO]CREATE Creation of an object
[NO]DEACCESS Completion of access to an object
[NO]DELETE Deletion of an object
[NO]INSTALL Modification of the known file list with the
Install utility (INSTALL)
[NO]LOGFAIL Unsuccessful login attempt
[NO]LOGIN Successful login
[NO]LOGOUT Successful logout
[NO]MOUNT Execution of DCL commands MOUNT or DISMOUNT
[NO]NCP Modification of the DECnet network
configuration databases
[NO]NETPROXY Modification of the network proxy
authorization file (NETPROXY.DAT or
NET$PROXY.DAT)
[NO]PRIVILEGE Privilege auditing
[NO]PROCESS Use of one or more of the process control
system services: $CREPRC, $DELPRC, $SCHDWK,
$CANWAK, $WAKE, $SUSPND, $RESUME, $GRANTID,
$REVOKID, $GETJPI, $FORCEX, $SETPRI
[NO]RIGHTSDB Modification of the rights database
(RIGHTSLIST.DAT)
[NO]SYSGEN Modification of system parameters through the
System Generation utility (SYSGEN) or AUTOGEN
[NO]SYSUAF Modification of the system user authorization
file (SYSUAF.DAT)
[NO]TIME Change in system or cluster time
Specifying the negated form of an event class (for example,
NOLOGFAIL) excludes the specified event class from the audit
report.
Additional Information:
explode
extract