Re: set audit/listener

thanks Jim.

I think DCL will be to slow in case of huge flow of audit. I will
have to write a program ;)
for the language, C examples are fine, but I prefer to write Pascal

Pierre.

On Apr 11, 2:25 am, Jim Duff <spam.t...@xxxxxxxxx> wrote:
Pierre wrote:
hi,

as far as I understand the help, I may redirect audit events to a
device, say a mailbox.

With SET AUDIT/LISTENER, you are not redirecting, merely asking the
audit server to send you a copy of audit messages.

just not to reinvent the wheel, does anyone have an example of a
program which "listen" such events thru a mailbox ?

I don't have one off hand (I do, but I can't post it here), but it's a
very simple bit of code.

- Set up a permanent mailbox with a call to SYS$CREMBX().
- Arm an AST to fire when a message is delivered to the mailbox that
reads the message, does something with it, and re-arms the AST.
- Issue your SET AUDIT/LISTENER command.

To interpret the information in the audit message, you need to see the
"Systems Management Utilities Reference Manual" here:

<http://h71000.www7.hp.com/doc/83final/6048/6048pro_090.html#
audit_record_format>

You don't mention what language you'd like an example written in.

Here's an example of creating (and deleting) a permanent mailbox in C:

<http://www.eight-cubed.com/examples/framework.php?file=sys_delmbx.c>

To arm a read attention AST for the mailbox, see the mailbox chapter in
the "I/O User's Reference Manual" here (I'm using the old version of the
manual because PDF sucks):

<http://h71000.www7.hp.com/doc/732FINAL/aa-pv6sf-tk/00/00/36-con.html#
mailboxessetattentionastfunction>

An example of reading from a mailbox using SYS$QIO() can be seen here:

<http://www.eight-cubed.com/examples/framework.php?file=sys_sndopr.c>

Now, in DCL :-)

Session 1> create/mailbox/perm audit_mbx
Session 1> open/read audit_mbx audit_mbx
Session 1> read audit_mbx record

Session 2> set audit/listen=audit_mbx
Session 2> ! Cause an audit event which will cause the read in session 1
Session 2> ! to complete.

Session 1> close audit_mbx

Session 2> set audit/nolisten=audit_mbx

Session 1> delete/mailbox audit_mbx

HTH,
Jim.
--www.eight-cubed.com

.

Relevant Pages

  • Re: set audit/listener
    ... as far as I understand the help, I may redirect audit events to a ... device, say a mailbox. ... audit server to send you a copy of audit messages. ... Session 1> read audit_mbx record ...
    (comp.os.vms)
  • CommuniGatePro 4.0.6 [EXPLOIT]
    ... Session ID used in CGP WebMail to track sessions is ... Attacker can send HTML message with img src ... hijack current user session - read mailbox, ...
    (Bugtraq)
  • Re: MAPI Seesion expired
    ... mailboxes that causing it to exceed the 32 open session limit. ... It's possible third party apps performs tasks on mailbox ... requiring to open a MAPI session but does not terminate the session. ... "Unable to open defalut open folders, The microsoft Exchange server is not ...
    (microsoft.public.exchange.admin)
  • Re: Test the Out of Office Assistant?
    ... By dynamic login are you referring to an account with sufficient mailbox ... I understood that the session object referred to my session... ...
    (microsoft.public.outlook.program_forms)
  • Re: Test the Out of Office Assistant?
    ... > By dynamic login are you referring to an account with sufficient mailbox ... Would I need to create a profile ... > I understood that the session object referred to my session... ... Test the Out of Office Assistant? ...
    (microsoft.public.outlook.program_forms)