LISTSERV - HP3000-L Archives

HP3000-L Archives

January 2014, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 2014, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Invalid Log Ons LOGTOOL no LDEV
From:	"Johnson, Tracy" <[log in to unmask]>
Reply To:	Johnson, Tracy
Date:	Wed, 22 Jan 2014 05:02:33 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (160 lines)

Nah, it isn't a matter of usefulness.  It is more of a matter of answering an auditor's question.


Tracy Johnson
Office (757) 766-4318
[log in to unmask]<mailto:[log in to unmask]>

From: Craig Lalley [mailto:[log in to unmask]]
Sent: Tuesday, January 21, 2014 11:45 PM
To: Johnson, Tracy; [log in to unmask]
Subject: Re: Invalid Log Ons LOGTOOL no LDEV

wouldn't the IP address of the session be more helpful?

-Craig


________________________________
From: "Johnson, Tracy" <[log in to unmask]<mailto:[log in to unmask]>>
To: [log in to unmask]<mailto:[log in to unmask]>
Sent: Tuesday, January 21, 2014 4:23 PM
Subject: Re: Invalid Log Ons LOGTOOL no LDEV

Not necessarily so.

We're trying to determine if it is the same shmuck in a plant of 500 Chinese workers or 500 shmucks.


Tracy Johnson
Office (757) 766-4318
[log in to unmask]<mailto:[log in to unmask]><mailto:[log in to unmask]<mailto:[log in to unmask]>>

From: Craig Lalley [mailto:[log in to unmask]<mailto:[log in to unmask]>]
Sent: Tuesday, January 21, 2014 5:39 PM
To: Johnson, Tracy; [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: Invalid Log Ons LOGTOOL no LDEV

Does the LDEV even matter in a virtual terminal environment?

I understand on a DTC an LDEV could mean a physical terminal and hence location.

But the LDEV can change on a PC from session to session.

-Craig


________________________________
From: "Johnson, Tracy" <[log in to unmask]<mailto:[log in to unmask]><mailto:[log in to unmask]<mailto:[log in to unmask]>>>
To: [log in to unmask]<mailto:[log in to unmask]><mailto:[log in to unmask]<mailto:[log in to unmask]>>
Sent: Tuesday, January 21, 2014 1:15 PM
Subject: Re: Invalid Log Ons LOGTOOL no LDEV

I see, they come in Pairs.  Thanks.

Now for the unsaid hidden agenda.

The whole query began when it was asked if a VEAUDIT LISTLOG LOGON @.@;SEARCH=(ISBADLOGON) report could report the LDEV attempted.  Since it is plainly obvious that the standard VEAUDIT query only reports the first pair, (because it does not correlate with the second pair) it will never report the LDEV.

Such a report would be impossible to program in any case.  Due to the possibility something else could happen in intervening milliseconds, it may be possible with heavy activity there could be intervening log entries between pairs.  So this is the best the report can do.

But this is O.K., the auditors dropped the question and have since gone away.


Tracy Johnson
Office (757) 766-4318
[log in to unmask]<mailto:[log in to unmask]><mailto:[log in to unmask]<mailto:[log in to unmask]>>

> -----Original Message-----
> From: Stan Sieler [mailto:[log in to unmask]<mailto:[log in to unmask]><mailto:[log in to unmask]<mailto:[log in to unmask]>>]
> Sent: Tuesday, January 21, 2014 4:03 PM
> To: Johnson, Tracy
> Cc: [log in to unmask]<mailto:[log in to unmask]><mailto:[log in to unmask]<mailto:[log in to unmask]>>
> Subject: Re: [HP3000-L] Invalid Log Ons LOGTOOL no LDEV
>
> Re:
>
> On Jan 20, 2014, at 7:16 AM, Johnson, Tracy wrote:
>
> > I just noticed if a an "INVALID LOGON" is recorded in the System Logs, it
> doesn't show in LOGTOOL:
> >
>
> For me, I see the "invalid password" message recorded in the system log as a
> "CONSOLE LOG" event.
> Do you have CONSOLE LOG enabled?
> (Logging item 115 ... use our free SYSLOG utility to see/change what's getting
> logged.)
>
> Stan
>
> >
> >
> >
> ==========================================================
> ==========================================================
> ===============
> >
> > FRI, JAN 17, 2014    2:40 PM      LOG2122.PUB.SYS            SYSTEM (PIN
> 2676) CONSOLE LOG
> >
> > (OUTPUT)14:40/2676/INVALID PASSWORD FOR
> "HMPT,READONLY.MMV090,PUBAS" DURING LOG
> >
> > ON ON
> >
> > USER:              MANAGER            GROUP:              PUB
> ACCOUNT:            SYS
> >
> > JSNAME:
> >
> >
> >
> >
> >
> > It seems there is is place for it, after ON ON (looks like there is a blank spot
> for it there) but it doesn't get recorded.
> >
>
> See the following CONSOLE LOG line, with something like:
>
> LDEV #4. (js 65)
>
> Here's the pair of log messages an invalid logon generated for me:
>
>
> ==========================================================
> =====================
> TUE, JAN 21, 2014  12:58 PM      LOG0744.PUB.SYS              SYSTEM (PIN
> 81)
> CONSOLE LOG
> (OUTPUT)12:58/81/INVALID PASSWORD FOR "STAN.SIELER,SOURCE"
> DURING LOGON ON
> USER:              MANAGER            GROUP:              PUB
> ACCOUNT:            SYS                JSNAME:
> ==========================================================
> =====================
> TUE, JAN 21, 2014  12:58 PM      LOG0744.PUB.SYS              SYSTEM (PIN
> 81)
> CONSOLE LOG
> (OUTPUT) LDEV #4. (js 65)
> USER:              MANAGER            GROUP:              PUB
> ACCOUNT:            SYS                JSNAME:
> ==========================================================
> =====================
>
>
> Stan

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *



* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *


* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU