Valid on UNIX
Audit records that belong to a trace message on a user event have the following filter format:
TRACE;TracedClassName;TracedObjectName;RealUserName;ACUserName;AuthorizationResult;TraceMessageMask;KBLSessionID
Specifies that the rule filters user trace records.
Defines the name of the object class the user tried to access.
Options: KBL raw, KBL output, KBL input, KBL execargs
Defines the name of the object that the user tried to access.
Defines the name of the logged in user that generated the trace records.
Defines the name of the effective user that generated the trace record.
Defines the authorization result.
Values: P (permitted), D (denied), *
Defines the trace message that was generated.
Displays the keyboard logger sessions ID
Copyright © 2013 CA Technologies.
All rights reserved.
|
|