Valid on UNIX
The kblaudit.cfg file filters audit records on a host by defining records that sent to the audit file. Each line represents a rule for filtering out audit information. The filter rules you configure apply to the kbl.audit file.
By default, the kblaudit.cfg file is located in the following directory:
/opt/CA/AccessControl/etc
The kblaudit.cfg file contains two sections, [EXCLUDE] and [INCLUDE] to help you filter keyboard logger audit records. Each section contains entries that represent a filter rule.
Example: The kblaudit.cfg filter sections
The following snippet of the kblaudit.cfg file is an examples of how you edit the kblaudit.cfg [EXCLUDE] and [INCLUDE] sections:
[EXCLUDE] TRACE;*;*;test_user; test_user; test_user;*;*seos.ini* [INCLUDE] TRACE;*;*; test_user; test_user; test_user;*;*AccessControl*
In this example, you excluded from the kbl.audit file audit records from seos.ini that the user test_user performed and to include records that the user test_user performed in Access Control.
Use the kblaudit.cfg file to filter out records in the following audit event types, each type by a different syntax:
Note: A * in any column in each type of syntax stands for "any value".
Copyright © 2013 CA Technologies.
All rights reserved.
|
|