Previous Topic: audit.cfg File—Resource Access Events Filter SyntaxNext Topic: audit.cfg File—Login and Logout Events Filter Syntax


audit.cfg File—Network Connection Events Filter Syntax

Audit records that belong to a network connection event have the following filter format:

{HOST|TCP};ObjectName;HostName;ProgramPath;Access;AuthorizationResult
HOST

Specifies that the rule filters records generated by objects in HOST class, that is, incoming TCP connections.

TCP

Specifies that the rule filters records generated by objects in TCP class, that is, connect with service events.

ObjectName

Defines the name of the object that was accessed. ObjectName can be a service name or port number.

HostName

Defines the name of the host. HostName must be an object in the HOST class.

ProgramPath

Defines the login program type.

(Windows) For outgoing connections, this parameter defines the program path of the process trying to establish the connection.

Note: This parameter has no meaning for incoming connection events. Use * for this parameter to filter audit records generated by incoming connection events.

Access

Defines the type of attempted connection.

Values:

AuthorizationResult

Defines the authorization result.

Values: P (permitted), D (denied), *

Examples: Filter Network Connection Events