I guess the only sensible means is COMO. That way you capture the result of the TCL actions as well as the actions themselves. But even that is pretty pointless: anyone with a manual and TCL access can write a simple program or even PROC (shudder) to amend data and then remove it so you can't see what was done.
And at what point does that cease to be part of 'the application' ? A lot of 'applications' I know of can be pretty fluid - if a systems admin person needs to fix a record from an error condition, is that now an 'unauthorized change'? Where does a system restore come in - since that could affect the condition of any data added since the backup was taken - is that also an 'unauthorized change' in the act? Bottom line - I think you're on to a loser with this one. Brian "glad the UK doesn't have the SOX act" Leach. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Hester Sent: 17 September 2004 00:10 To: [EMAIL PROTECTED] Subject: Re: [U2] [UV] SOX - TCL command logging / auditing Buss, Troy (Logitek Systems) wrote: > Does anyone know if there is a built in facility within universe for > logging TCL commands by account or even globally? Something similar > perhaps as the 'errlog' feature. > > Of concern by an internal SOX (sarbanes-oxley) audit was that its > possible for data to be changed outside of the application. > Specifically, "direct access to data could remain undetected resulting > in unauthorized changes to financial data, affecting data integrity". I ended up writing a wrapper for the ED command to keep track of manual data changes outside of apps. I just write whatever record's being edited to a type 19 temp file, run the original ED, write the resulting record, then compare the result to the original via the unix diff command. I end up with log records like this: >ED AUDIT.MOD CA_82001211+RDA_13372_49928 17 lines long. ----: P 0001: 1,3c1,3 0002: < 858856 0003: < 806669 0004: < 52187 0005: --- 0006: > 749638 0007: > 705153 0008: > 44485 0009: 9c9 0010: < 7196 0011: --- 0012: > 7255 0013: 28c28 0014: < 250 0015: --- 0016: > 252 0017: where the ID is file_record+userid_date_time. Of course if someone familiar with UV is up to no good, they can just run the original ED program to make their changes - or write a program to do it. This is more of an audit trail to determine what went wrong in the case of an honest mistake than a safeguard against intentional fraud. -John -- John Hester System & Network Administrator Momentum Group Inc. (949) 833-8886 x623 http://memosamples.com ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/ ________________________________________________________________________ This email was checked by MessageLabs SkyScan before entering Microgen. ________________________________________________________________________ This email was checked on leaving Microgen for viruses, similar malicious code and inappropriate content by MessageLabs SkyScan. DISCLAIMER This email and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information. In the event of any technical difficulty with this email, please contact the sender or [EMAIL PROTECTED] Microgen Information Management Solutions http://www.microgen.co.uk ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
