/sys$common/syshlp/HELPLIB.HLB  —  DELETE  /INTRUSION_RECORD
    Removes an entry from the break-in database.

    Requires CMKRNL (change mode to kernel) and SECURITY privileges.

    Format

      DELETE/INTRUSION_RECORD  source

1  –  Parameter 

 source

    Specifies the name of the device or the remote system where the
    user is attempting to log in. The source name can be presented
    in the syntax of another operating system domain, for example,
    one that is case sensitive or conflicts with DCL syntax rules.
    In such cases, you must enclose the source parameter in quotation
    marks.

2  –  Qualifiers

2.1    /NODE 

       /NODE=(node-name[,...])

    Deletes the node information relating to the specified nodes. If
    the specified nodes are the only nodes in the node information
    list, the intrusion record is also deleted.

3  –  Examples 

    1.$ DELETE/INTRUSION_RECORD TTC2:

      In this example, the DELETE/INTRUSION_RECORD command removes
      all intrusion records generated by break-in attempts on TTC2.
      No user name is specified because none of the login failures
      occurred for valid users.

    2.$ DELETE/INTRUSION_RECORD "AV34C2/LC-2-10":FORGETFUL

      In this example, the source of the break-in is a local terminal
      that is connected to a terminal server. To delete the record
      from the break-in database, you must enclose the terminal
      port name within quotation marks so that the operating system
      interprets the slash as a foreign character and not as a
      qualifier.

    3.$ DELETE/INTRUSION_RECORD NODE1::HAMMER

      This command removes all intrusion entries generated from node
      NODE1 for user HAMMER.

    4.$ DELETE/INTRUSION_RECORD/NODE=(CAPPY,INDI)
      $ SHOW INTRUSION
      NETWORK      SUSPECT       2  26-JUL-2001 08:51:25.66  BARNEY::HAMMER
          Node: TSAVO      Count:   2

      This command removes intrusion entries for the nodes CAPPY and
      INDI.

    5.$ DELETE/INTRUSION_RECORD/NODE=FOOBAR
      $ SHOW INTRUSION
      NETWORK      SUSPECT       2  26-JUL-2001 08:51:25.66  BARNEY::HAMMER
          Node: TSAVO      Count:   2

      This command removes intrusion entries for the node FOOBAR.

    6.$ DELETE/INTRUSION_RECORD/NODE=TSAVO
      $ SHOW INTRUSION
      %SHOW-F-NOINTRUDERS, no intrusion records match specification

      This command attempts to remove intrusion entries for node
      TSAVO, however there were no intrusion records for this node.
Close Help