Re: Trying to AUDIT file creation failure

From: Peter Weaver <info-vax@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Jun 2009 08:53:20 -0700 (PDT)

On Jun 5, 3:29 pm, "Syltrem" <syltremz...@xxxxxxxxxxxx> wrote:

"Peter Weaver" <info-...@xxxxxxxxxxxxxxxxxxx> wrote in message
...
Audit will only work if it is a privilege issue. If the disk is full for
example, audit will not trigger.

My initial question was related to the fact that CREATE is not present here:

FILE access:
Failure: read,write,execute,delete,control

And I don't think we can get CREATE in there either.

Thanks

Syltrem

Not that it matters since you already have your answer, but just for
future reference...

You are right that you can not get

FILE access:
Failure: read,write,execute,delete,control,create

because that is not allowed, the HELP even tells you "Create access.
To audit create events for files, use the CREATE keyword." So you have
to specify;

set audit/audit/enable=(create,access=(failure))/class=file

and that gives you;

FILE access:
Failure: read,write,execute,delete,control
Other: create

This will log an event if the device is full. But in my tests it does
not tell you which device is full or even the filename that you are
trying to create. :(

Peter
.

Follow-Ups:
- Re: Trying to AUDIT file creation failure
  - From: Syltrem

References:
- Trying to AUDIT file creation failure
  - From: Syltrem
- Re: Trying to AUDIT file creation failure
  - From: Syltrem
- Re: Trying to AUDIT file creation failure
  - From: JF Mezei
- Re: Trying to AUDIT file creation failure
  - From: Richard B. Gilbert
- Re: Trying to AUDIT file creation failure
  - From: Syltrem
- Re: [Info-vax] Trying to AUDIT file creation failure
  - From: Peter Weaver
- Re: [Info-vax] Trying to AUDIT file creation failure
  - From: Syltrem

Prev by Date: Re: "Deliverable" is a dirty word! - Anyone on VMS today :-(
Next by Date: Re: OT: HOME a movie about our planet
Previous by thread: Re: [Info-vax] Trying to AUDIT file creation failure
Next by thread: Re: Trying to AUDIT file creation failure
Index(es):
- Date
- Thread

Relevant Pages

audit access to one directory only
... I have auditing on for file access for all users at present but I wish to ... concentrate this audit to a particular directory on the system. ...
(comp.unix.aix)
Re: Trying to AUDIT file creation failure
... Audit will only work if it is a privilege issue. ... FILE access: ... Failure: read,write,execute,delete,control,create ... Security alarm and security audit on PHOBOS, ...
(comp.os.vms)
Auditing
... to audit my 2k servers. ... By audit, I mean log file access (to a specified ... experience the entries it creates in the event log are horrendous to make ...
(microsoft.public.windows.server.general)
How to enable audit of files/folders access from .NET code?
... i need to enable the audit of file access from c# code ... i know that this can be done easily from Local Security Policy MMC, ...
(microsoft.public.dotnet.languages.csharp)
RE: 1,800 files missing from system32
... Audit account logon events:: Success, Failure ... Audit directory service access:: Failure ...
(Incidents)