Previous Topic: audit.cfg File—Login and Logout Events Filter SyntaxNext Topic: audit.cfg File—Trace Messages On a User Events Filter Syntax


audit.cfg File—Security Database Administration Events Filter Syntax

Audit records that belong to a security database administration event have the following filter format:

ADMIN;ClassName;ObjectName;UserName;EffectiveUserName;TerminalName;Command;CommandResult
ADMIN

Specifies that the rule filters audit records generated by events performed by an administrator.

ClassName

Defines the class on which the administrator executes the command.

ObjectName

Defines the object that the administrator's command updated.

UserName

Defines the name of the user who executed the command.

EffectiveUserName

(UNIX) Defines the name of the effective user to which the rule applies.

(Windows) Defines the name of the native user to which the rule applies.

TerminalName

Defines the terminal at which the event occurred.

Command

Defines the selang command that the administrator executed.

CommandResult

Defines the authorization or command result.

Values: S (command succeeded), F (command failed), D (command denied), *

Example: Filter Security Database Administration Events

This example filters all audit records generated by successful FILE management commands by admin01:

ADMIN;FILE'*;admin01;*;*;*;S