6.2.4 LOGIN FAILED Record

6. DATA SOURCES › 6.2 VMS ACCOUNTING Record Descriptions › 6.2.4 LOGIN FAILED Record

6.2.4 LOGIN FAILED Record


The LOGIN FAILED record contains data describing a LOGIN
attempt that failed.  It can be very useful for detecting
security violations.

A LOGIN attempt can fail for a number of reasons:  an
incorrect user identification, an incorrect password, an
attempt to use restricted privileges such as access at a
restricted time of the day, an attempt to access prohibited
system resources, or the maximum number of users has already
logged on.  Its record type is 7.

The LOGIN FAILED record consists of two packets:

 o  Identification Packet - Contains identification data such
    as process identification, member and group IDs, user
    name, account, nodename, terminal, jobname, node address,
    remote ID, and other related data.

 o  Resource Packet - Contains system usage data such as
    status, image count, CPU time, page faults, fault I/Os,
    working set peak, page file, direct I/O, buffered I/O,
    and volumes mounted.

Data from this record is written to the DEA_LF file.

Tell Technical Publications how we can improve this information