Audit records that belong to a login or logout event have the following filter format:
LOGIN;UserName;UserId;TerminalName;LoginProgram;AuthorizationResultOrLoginType
Specifies that the rule filters audit records generated by login and logout events.
Defines the name of the accessor.
(UNIX) Defines the native user ID of the accessor.
Defines the terminal at which the event occurred.
Defines the name of the program that attempted to log in or out.
Defines the authorization result.
Values:
A wildcard that represents any type of authorization result.
The login attempt was denied.
The login attempt was permitted.
(UNIX) The accessor logged out.
(UNIX) The serevu daemon revoked the accessor's account.
(UNIX) The serevu daemon enabled the accessor's account.
(UNIX) The serevu daemon or Pluggable Authentication Module audited a user's attempt to log in with an incorrect password.
Note: Windows does not record logout events.
Examples: Filter Login or Logout Events
LOGIN;root;*;*;*;P
LOGIN;root;*;*;SBIN_CRON;P
LOGIN;root;*;_CRONJOB_;*;O
Copyright © 2013 CA Technologies.
All rights reserved.
|
|