The Challenge
Do you have mission critical OpenVMS systems running on VAX/Alpha/Itanium that need to be carefully monitored (24/7) for break-ins / inappropriate file and directory access / illicit installs / out of hours access / system time changes / etc?
The Solution
The Sysgem VMS Monitor package (SVMS) is an extensible OpenVMS monitoring system that runs on a central (Windows) server monitoring multiple remote OpenVMS systems; creating central summary displays; and generating alarms when customer specified events occur.
24/7 alerting takes multiple forms depending on customer preferences. Automatic actions resulting from a raised alarm include:
E-mail/SMS messages sent to nominated recipients depending on the time of day and/or day of the week.
Customer specific scripts run on a central server or on the remote OpenVMS system experiencing the exception condition.
Reports logged in a central private database or in a central Windows Event Log.
Central Windows Displays showing alarm status messages.
Key Features and Benefits
The monitoring features of SVMS include:
Account Probe: monitor users with high login failures.
Login After Hours: monitor logins outside normal working hours except for operations staff.
Authorize: monitor updates made using sys$system:authorize.exe, ignore updates done by systems staff.
Special Files: monitor use of special files, report abuse.
Breakin: detect breakin alarms.
Device Errors: detect devices with high error rates.
File Access Failures: detect accounts with high file access failures.
Install: monitor use of the install utility.
Modem: monitor use of a modem.
Privileged Accounts: monitor logins and login failures for privileged and default accounts (SYSTEM, FIELD, DEFAULT, GUEST).
Audit: monitor changes to the system’s AUDIT settings.
Time: monitor changes to the system time.
Sysgen: monitor use of SYSGEN.
Directory: monitor access to files in sensitive directories.
Filters
Under strict security access, customize the solution so as to filter out permitted actions by authorized users, thereby reducing the information flow to the critical items only.
Alarms
Raise an alarm and take the appropriate consequential action when an exception condition occurs.
Unattended Operation
First educate the system on what to monitor and what action to take when specific events occur by using interactive (real-time) displays from a logged-in user session. Save the results of this session, and then submit the session to Sysgem’s “Unattended Mode Operation” for continued 24/7 monitoring and alerting.
