Hello! Excellent question. Examine what VMS uses for accounting and security, it should tell you who's who and what's what regarding that one. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Sat, Nov 30, 2013 at 5:09 PM, Sampsa Laine <sampsa at mac.com> wrote: On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote: Sampsa Laine <sampsa at mac.com> writes: Just saw this on LABVAX: %%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%% Message from user AUDIT$SERVER on LABVAX Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, = system id: 48683 Auditable event: Local interactive login failure Event time: 30-NOV-2013 21:28:47.21 PID: 22E00220 =20 Process name: _NTY215: =20 Username: <login> =20 Process owner: [SYSTEM] Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com Image name: = $77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE Status: %LOGIN-F-CMDINPUT, error reading command input Confused as it doesn't look like a telnet logon, I thought telnet = terminal IDs were TN-something? sampsa <sampsa at mac.com> mobile +44 7961 149465 Multinet installed??? Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL when it's marked REMOTE by UCX/TCP/IP Services? Sampsa