The OpenVMS program which produces accounting reports is called ACCOUNTING. This powerful program permits the manager to select which items from the accounting database are to be reported and how to report them. The accounting database content is controlled by the SET ACCOUNTING command and is usually specified in the SYSTARTUP_VMS.COM file. The manager may collect any combination or all of the following:
Resources used by an image
Resources used by an unsuccessful attempt to log in
Resources used by a print job
Resources used by various process types: batch, detached, interactive, network, and subprocess
The SHOW ACCOUNTING command with no qualifiers displays the current settings. At any time, the ACCOUNTING program may be used to display or print any portion of the database. For instance, the manager may display all failed logins in the last 24 hours each morning to check for hacking attempts. First, ensure that login data is collected:
$ set account/enable=login
Later, the following command can be issued to display details of login failures. The following display has no recognizable user ID; it could be simply a typo or a deliberate break-in attempt. This attempt was made by a user on the LAN (RTA1: is a DECnet device name) from the node named LOON from the SYSTEM account—from one node on the LAN to another. Obviously, I fabricated the attempt for this example:
$ account/type=logfail/full LOGIN FAILURE ------------ Username: <login> UIC: [SYSTEM) Account: <login> Finish time: 2-AUG-2002 11:29:00.57 Process ID: 20602584 Start time: 2-AUG-2002 11:28:30.66 Owner ID: Elapsed time: 0 00:00:29.91 Terminal name: RTA1: Processor time: 0 00:00:00.16 Remote node addr: 64518 Priority: 4 Remote node name: LOON Privilege <31-00>: 0010C000 Remote ID: SYSTEM Privilege <63-32>: 00000000 Remote full name: Queue entry: Final status code: 00D38064 Queue name: Job name: Final status text: %LOGIN-F-CMDINPUT, error reading command input Page faults: 347 Direct IO: 8 Page fault reads: 9 Buffered IO: 41 Peak working set: 390 Volumes mounted: 0 Peak page file: 2333 Images executed: 1
I have shown how ACCOUNTING can be used to secure the system. Chapter 8 discusses another program, AUDIT, which can be used in this way as well. ACCOUNTING can also be used for classic chargeback reports based on resources used (e.g., to determine the number of logins by user or the number of pages each user printed during a time period).