Question : OpenVMS logs to be sent using syslog

I have a number of versions of openVMS, 5.5.2 - vax, 8.3 - Alpha, and 8.3.1 -Integrity, and have been asked to send the key authentication log information via syslog to a SIEM. Is there an official way of doing this that would be acceptable to the business? Is there also a documented way to do this? I have found a few things via google but there's no one 'validated' way.

Thanks

Related Solutions: OpenVMS Syslog

Answer : OpenVMS logs to be sent using syslog

Well, 5.5-2 is probably going to be a challenge since there have been significant changes and improvements in event logging since that version was release in the early 1990's - almost 20 years ago. There are newer versions if you can upgrade - 7.2 was the last version for VAX. If you have to stay with 5.5-2 a bit more research will be necessary to see what you need to do here. I suspect you can do something similar to the mailbox operation discussed below. You just might not get the ability to see as much information or details.

Let's look at the 8.3.x systems. Here you can create an get the audit server security logs sent to a listener mailbox and then have a program/command procedure read the mail box and dispatch the messages that come as you desire/need. See the HP OpenVMS Guide to System Security/Security for the System Administrator/Security Auditing/Methods of Capturing Event Messages.

You can probably take care of most of your needs then with it being entirely based on software.

Some of your requirements might be a bit difficult unless you have certain procedures built into your process.

Use of shared/group accounts - well, if you do not let them have them you do not need to report, but the ability of a user to share their information may be beyond your control. You might need to add code to prevent multiple log in by a user for instance but that only prevents simultaneous use, not serial use.

Successful login versus login to privileged account - am not sure there exists any differentiation to this at present. You might need to interface to the authentication database to figure out if a given account has privileges.

The audit server process has the following functionality:

* Logins, logouts, or login failures

* Changes to the authorization database

* Access to a protected object, such as a file, device,or global section

* Changes in privileges or the security attributesof protected objects

You will have to modify the default audit levels as well. There are details of this earlier in the above referenced manual.

Bill.

Random Solutions

How many types of pages r there in SQL Server?

two things with CSS menu

Upgrade Sqlite in RHEL5.4

Integrating projects

Digital signature control not visible

Which is better G711 alaw, or GSm codecs

Stolen Laptop Remote Desktop

Motherboard driver CD for HCL - P5GD2-TVM/GB/SI

OpenOffice 3.2 GPO Install Problem

OCS 2007 R2 and Cisco call manager