SENTRY User’s Guide | Section 3 - 17 |
3.6 ACCESS VIOLATIONS REPORT
The SENTRY Access Violations Report is an audit report of violations logged by SENTRY for Database Commands and for User Defined Items. Each attempt to use a restricted command by an unauthorized user is reported here.
SENTRY.VIOLATION.REPORT | SENTRY Access Violations | 12:16:56 | ||||
Key# | Date | Time | tty | Login Id | Pathname | Violation Item |
===== | ======= | ==== | ============= | ======== | ============ | ============== |
V27 | 08/04/95 | 01:55PM | /dev/pty/ttyp2 | peggy | /usr/sentry.dev | Command |
|
|
|
|
|
| Executed - |
|
|
|
|
|
| DELETE VOC RTP3 |
One record listed.
Figure 41 - This is a sample report of the SENTRY Violations Log. Each attempt to use a restricted command by an unauthorized user is reported.
Each attempt to use a restricted command is logged in SENTRY's violation log and may also be displayed at the system console if desired. The report of security violations show the date and time of occurrence, the port, the user ID, the specific account where the violation occurred and the full command which was attempted. Applications using SENTRY's User Defined Items may also create violation records which will contain the user item being protected and a user specified comment, in addition to the standard information. The System Administrator should print and review the Violations Report frequently in order to monitor user actions. SENTRY allows the violation log to be purged selectively or in whole after the report has been printed.
The following paragraphs describe the fields on this report.
Key# - This is the record ID generated by SENTRY as a key to that specific violation entry.
Date/Time - This is the date and time on which the violation occurred.
tty - This field is the device to which the user was connected when the violation occurred.
Login ID - This is the User ID in effect when the violation occurred.
