Audit records that belong to a security database administration event have the following filter format:
ADMIN;ClassName;ObjectName;UserName;EffectiveUserName;TerminalName;Command;CommandResult
Specifies that the rule filters audit records generated by events performed by an administrator.
Defines the class on which the administrator executes the command.
Defines the object that the administrator's command updated.
Defines the name of the user who executed the command.
(UNIX) Defines the name of the effective user to which the rule applies.
(Windows) Defines the name of the native user to which the rule applies.
Defines the terminal at which the event occurred.
Defines the selang command that the administrator executed.
Defines the authorization or command result.
Values: S (command succeeded), F (command failed), D (command denied), *
Example: Filter Security Database Administration Events
This example filters all audit records generated by successful FILE management commands by admin01:
ADMIN;FILE'*;admin01;*;*;*;S
Copyright © 2013 CA Technologies.
All rights reserved.
|
|