Previous Topic: audit.cfg File—Network Connection Events Filter SyntaxNext Topic: audit.cfg File—Security Database Administration Events Filter Syntax


audit.cfg File—Login and Logout Events Filter Syntax

Audit records that belong to a login or logout event have the following filter format:

LOGIN;UserName;UserId;TerminalName;LoginProgram;AuthorizationResultOrLoginType
LOGIN

Specifies that the rule filters audit records generated by login and logout events.

UserName

Defines the name of the accessor.

UserId

(UNIX) Defines the native user ID of the accessor.

TerminalName

Defines the terminal at which the event occurred.

LoginProgram

Defines the name of the program that attempted to log in or out.

AuthorizationResultorLoginType

Defines the authorization result.

Values:

*

A wildcard that represents any type of authorization result.

D

The login attempt was denied.

P

The login attempt was permitted.

O

(UNIX) The accessor logged out.

I

(UNIX) The serevu daemon revoked the accessor's account.

E

(UNIX) The serevu daemon enabled the accessor's account.

A

(UNIX) The serevu daemon or Pluggable Authentication Module audited a user's attempt to log in with an incorrect password.

Note: Windows does not record logout events.

Examples: Filter Login or Logout Events