Previous Topic: Kblaudit.cfg—Login Events Filter SyntaxNext Topic: The seos.ini Initialization File

Reference GuideConfiguration FilesThe kblaudit.cfg—Filter Keyboard Logger Audit Recordskblaudit.cfg —Trace Messages On User Events Filter Syntax

kblaudit.cfg —Trace Messages On User Events Filter Syntax

Valid on UNIX

Audit records that belong to a trace message on a user event have the following filter format:

TRACE;TracedClassName;TracedObjectName;RealUserName;ACUserName;AuthorizationResult;TraceMessageMask;KBLSessionID
TRACE

Specifies that the rule filters user trace records.

TracedClassName

Defines the name of the object class the user tried to access.

Options: KBL raw, KBL output, KBL input, KBL execargs

TracedObjectName

Defines the name of the object that the user tried to access.

RealUserName

Defines the name of the logged in user that generated the trace records.

ACUserName

Defines the name of the effective user that generated the trace record.

AuthorizationResult

Defines the authorization result.

Values: P (permitted), D (denied), *

TraceMessageMask

Defines the trace message that was generated.

KBLSessionID

Displays the keyboard logger sessions ID