When a user attempts to access an asset to which he does not have permission, an error message is written to the Event Console Log. The Event Console Log may include violation errors that look similar to the following message:
CASF_E_465 Access violation by userid to asset ( mode ) assetname from source terminal_device at node source_node for access_type access mode. (context )
Specifies the general message number used for all DENY violations.
Specifies the ID of the user who caused the violation.
Specifies the user’s violation mode: W=Warn, M=Monitor, F=Fail.
Specifies the asset name of the asset involved in the violation. For WNT‑FILE, UNIX‑FILE, and UNIX‑SETID, the asset name is a fully qualified path name.
Specifies the device the user was logged into at the time of the violation.
Specifies the node from which the user logged into the system.
Specifies the access mode, abbreviated as follows: Rd=read, Wr=write, Up=update, Sc=scratch, Fe=fetch, Cr=create, Co=control, Se=search, Ex=execute.
Specifies the context of the violation. For Windows intercepted events, specifies the access type (read, write, and so on). For UNIX/Linux platforms, specifies the system call name. For CAISSF resources checks through components, the context specifies “resource.”
|
Copyright © 2010 CA.
All rights reserved.
|
|