[Info-vax] Logging image activations
P. Sture
paul.nospam at sture.ch
Sat Oct 31 19:22:25 EDT 2009
In article <NGQFm.12425$U5.180157 at newsb.telia.net>,
Jan-Erik Söderholm <jan-erik.soderholm at telia.com> wrote:
> FrankS wrote:
> > On Oct 27, 6:26 pm, Jan-Erik Söderholm <jan-erik.soderh... at telia.com>
> > wrote:
> >> Hm, maybe some ACL on the files to enable auditing of
> >> "execute" access ? That would be easy to add to the files
> >> anyway, I'm not sure about how easy it is to get reports.
> >> Maybe some mangling of the ANA/AUD output would do...
> >>
> >
> > That option would at least allow you to be more selective about which
> > executables get logged, instead of all image activations. The
> > assumption is that you know in advance the executables of interest.
>
> Yes, the images of interest are all in 4-5 applications
> specific directories. And they are also all on a application
> specific device. Most/all images that I'm not interested in
> are on the system device.
>
> I'll probably experiment with both the SET ACC/ENAB=IMAGE method
> and some ACLs to enable access auditing and see what's easiest.
>
I generally recommend that SET ACCOUNTING/ENABLE=IMAGE is reserved for
diagnostic purposes only.
For example, DCL SET commands invoke SET.EXE and these get logged in the
accounting file, so as you can imagine image accounting fills the disk
up pretty quickly. A DCL procedure doing repetitive processing can
easily run up tens of thousands of image accounting records.
Unless you have your accounting files on a different disk from the audit
files, you are risking grinding your system to a halt.
--
Paul Sture
More information about the Info-vax
mailing list