Previous Topic: The kblaudit.cfg—Filter Keyboard Logger Audit Records

Next Topic: kblaudit.cfg —Trace Messages On User Events Filter Syntax

Reference GuideConfiguration FilesThe kblaudit.cfg—Filter Keyboard Logger Audit RecordsKblaudit.cfg—Login Events Filter Syntax

Kblaudit.cfg—Login Events Filter Syntax

Valid on UNIX

Audit records that belong to a login event have the following filter format:

LOGIN;UserName;UserId;TerminalName;LoginProgram
Login

Specifies that the rule filters user trace records.

UserName

Defines the name of the accessor.

UserId

Defines the native user ID of the accessor.

TerminalName

Defines the remote host name at which the event occurred.

LoginProgram

Defines the name of the program that attempted to log in or out.

Limits: cmdlog