Accounting | Getting Started with OpenVMS System Management (HP Technologies)

The OpenVMS program which produces accounting reports is called ACCOUNTING. This powerful program permits the manager to select which items from the accounting database are to be reported and how to report them. The accounting database content is controlled by the SET ACCOUNTING command and is usually specified in the SYSTARTUP_VMS.COM file. The manager may collect any combination or all of the following:

Resources used by an image
Resources used by an unsuccessful attempt to log in
Resources used by a print job
Resources used by various process types: batch, detached, interactive, network, and subprocess

The SHOW ACCOUNTING command with no qualifiers displays the current settings. At any time, the ACCOUNTING program may be used to display or print any portion of the database. For instance, the manager may display all failed logins in the last 24 hours each morning to check for hacking attempts. First, ensure that login data is collected:

     $ set account/enable=login

Later, the following command can be issued to display details of login failures. The following display has no recognizable user ID; it could be simply a typo or a deliberate break-in attempt. This attempt was made by a user on the LAN (RTA1: is a DECnet device name) from the node named LOON from the SYSTEM account—from one node on the LAN to another. Obviously, I fabricated the attempt for this example:

     $ account/type=logfail/full     LOGIN FAILURE     ------------     Username:          <login>           UIC:               [SYSTEM)     Account:           <login>           Finish time:        2-AUG-2002 11:29:00.57     Process ID:        20602584          Start time:         2-AUG-2002 11:28:30.66     Owner ID:                            Elapsed time:                0 00:00:29.91     Terminal name:     RTA1:             Processor time:              0 00:00:00.16     Remote node addr:  64518             Priority:          4     Remote node name:  LOON              Privilege <31-00>: 0010C000     Remote ID:         SYSTEM            Privilege <63-32>: 00000000     Remote full name:     Queue entry:                         Final status code: 00D38064     Queue name:     Job name:     Final status text: %LOGIN-F-CMDINPUT, error reading command input     Page faults:              347        Direct IO:                  8     Page fault reads:           9        Buffered IO:               41     Peak working set:         390        Volumes mounted:            0     Peak page file:          2333        Images executed:            1

I have shown how ACCOUNTING can be used to secure the system. Chapter 8 discusses another program, AUDIT, which can be used in this way as well. ACCOUNTING can also be used for classic chargeback reports based on resources used (e.g., to determine the number of logins by user or the number of pages each user printed during a time period).