From:	SMTP%"dwing@uh01.colorado.edu"  6-JUL-1993 15:31:19.86
To:	EVERHART
CC:	
Subj:	Re: Question on File Access Logging

X-Newsgroups: comp.os.vms
From: dwing@uh01.colorado.edu (Dan Wing)
Subject: Re: Question on File Access Logging
Message-ID: <0096F17A.5719A140@buckie>
Sender: news@colorado.edu (The Daily Planet)
Nntp-Posting-Host: buckie.hsc.colorado.edu
Reply-To: dwing@uh01.colorado.edu
Organization: University of Colorado Hospital Authority, Denver
Date: Tue, 6 Jul 1993 17:39:35 GMT
Lines: 23
To: Info-VAX@KL.SRI.COM
X-Gateway-Source-Info: USENET

In article <1993Jul5.172529.121@southpower.co.nz>, fowler@southpower.co.nz 
writes:

>Is there any way of silently logging access to certain files.  I have played
>around with alarm ACL's and have set up ACL auditing via the "set audit" command
>but I would like to put the information to a file of my choice and I don't want
>the information displayed on the operator console.  Is this possible??

Use the AUDIT_JOURNAL=SECURITY (instead of ALARM_JOURNAL=SECURITY) ACE, which
will (if I recall correctly) generate an audit event, but will not generate
an alarm on security terminals.

I don't believe this is documented.  VMS V6.0 includes changes to these sorts 
of ACE's, and gives you more control over what will generate an alarm, an
audit, or both -- see the VMS V6.0 release notes.

A better solution would be to revoke SECURITY privilege from those user(s)
that you don't want to see security-related events.  This can be impossible
as SECURITY is required to shutdown the system (as of V5.2, I believe), but
is possible if you setup a separate username for system shutdowns.

-Dan Wing, Systems Administrator, University Hospital, Denver
 dwing@uh01.colorado.edu or wing_d@ucolmcc.bitnet