Are you really after all the security violations? If so, an accounting record is cut for every violation. The log messages (by default) will only print after 3 or more attempts. Similarly, if you are after all logon/logoff/disconnect/reconnect records an accounting record is cut for these also. On your system the user ACCOUNT is usually set up to receive these messages. You can find the layout of these records in the CP docs. and it is relatively trivial to process these records in a REXX or PIPE to produce the reports or log files that you are after.
On 6/24/09 7:20 PM, "Fred Schmidt" <[email protected]> wrote: >> > Neale Ferguson said... > >> > > >> > Tell us what your trying to filter and I bet you¹ll get several > >> > versions of an action routine from the list watchers that you can > >> > plug into PROP and it will create/append to a log on the fly. > > OK, here goes (userid¹s and IP addresses changed to protect the innocent) ... > > &"*00 09:14:23 HCPJRL145I User XYZ at 999.999.999.999 issued a LOGON command > with > > " 09:14:23 .. an invalid password 003 times. The limit is 003. > > |"*00 09:40:34 HCPJRL145I User XYZ at 999.999.999.999 issued a LINK command > with > > " 09:40:34 .. an invalid password 003 times. The limit is 003. > > <" 09:41:21 GRAF L0005 LOGON AS XYZ USERS = 18 FROM 999.999.999.999 > > "" 09:43:44 GRAF L0005 LOGOFF AS XYZ USERS = 17 > > <" 09:56:33 GRAF L0004 RECONNECT XYZ USERS = 18 FROM 999.999.999.999 > > "" 09:58:19 GRAF L0004 DISCONNECT XYZ USERS = 18 > > Regards, > > Fred Schmidt > > NT Government, Australia > >
