Domain: | SECURITY-ADMINISTRATION |
Privileges: | SECURITY-ADMINISTRATION |
The security administrator can use the /MODIFY-SAT-SUPPORT-PARAMETERS command to activate or deactivate SAT logging and SAT alarms for specific products.
“Activate” means that “normal” SAT logging is performed for all events relating to the product in question, while taking account of the preselection, filters and alarms set for these events.
“Deactivate” means that neither SAT logging nor a check for triggered alarms are performed for events relating to these products. This applies irrespectively of the preselection settings for these events or ofthe alarms that are defined.
Consequently, if an event is to be logged, the setting made with /MODIFY-SAT-PRESELECTION is only effective if the event does not relate to a product for which SAT support has been deactivated by means of /MODIFY-SAT-SUPPORT-PARAMETERS.
In the same way, an alarm defined with /ADD or /MODIFY-SAT-ALARM-CONDITION is only triggered for a particular event if the event does not relate to a product for which alerting has been deactivated.
Currently, the activation and deactivation of SAT logging is only supported for POSIX.
MODIFY-SAT-SUPPORT-PARAMETERS |
POSIX-EVENTS = *UNCHANGED / *DISABLED / *ENABLED |
POSIX-EVENTS =
Specifies whether SAT logging and SAT alarms are to be activated or deactivated for POSIX (Portable Open System Interface for UNIX).
The events in question are the SAT object events POSIX-FILE-and-Directory, POSIX-PROCESS, POSIX-CHILD-Process and POSIX-SYSTEM-Resources.
POSIX-EVENTS = *UNCHANGED
The setting for the events of the specified product remains unchanged.
POSIX-EVENTS = *DISABLED
SAT logging and alarms are deactivated for the specified product. This means that no SAT logging is performed and no SAT alarms are triggered for events relating to this product.
Deactivation does not modify the preselection and alarm definitions. However, they are no longer effective for the events in question.
POSIX-EVENTS = *ENABLED
SAT logging and alarms are activated for the specified product. This means that SAT logging is performed for the events of these products in accordance with preselection and filter settings and that the alarms can be triggered in accordance with definitions.
The specification POSIX-EVENTS=*ENABLED only enables logging or alarm triggering for the corresponding events. To perform actual logging or issue alarms for these events, you must use the /MODIFY-SAT-PRESELECTION or /ADD-SAT-ALARM-CONDITIONS commands.
Activation does not modify the preselection settings or the alarm definitions. However, they are only effective for the events in question.
Notes
By default, SAT support for POSIX is deactivated and must be explicitly activated in order to log POSIX events.
Any modifications which the security administrator may make to the preselection default settings for POSIX events are independent of the SAT support setting and may be performed and saved at any time.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command executed without errors | |
32 | SAT0000 | Unrecoverable error | |
32 | SAT5000 | Nonrecoverable error | |
64 | SAT1000 | User does not have privilege for this command | |
64 | SAT1050 | Command not permitted if logging function activated | |
130 | SAT1010 | Another command is currently being executed | |
130 | SAT1080 | Change-over in preparation |
Example
The security administrator activates SAT support for POSIX events:
/modify-sat-support-parameters posix-events=*enabled