Previous Topic: audit.cfg File—Security Database Administration Events Filter SyntaxNext Topic: auditrouteflt.cfg File—Filter Audit Records Routing


audit.cfg File—Trace Messages On a User Events Filter Syntax

Audit records that belong to a trace message on a user event have the following filter format:

TRACE;TracedClassName;TracedObjectName;RealUserName;EffectiveUserName;ACUserName;AuthorizationResult;TraceMessage

Note: The maximum limit for the trace filter is 1000 records.

TRACE

Specifies that the rule filters user trace records.

TracedClassName

Defines the name of the object class the user tried to access.

Note: Enter the name of the class in uppercase.

TracedObjectName

Defines the name of the object that the user tried to access.

RealUserName

(UNIX) Defines the name of the real user that generated the trace record.

(Windows) Defines the name of the native user that generated the trace record.

EffectiveUserName

(UNIX) Defines the name of the effective user that generated the trace record.

(Windows) Defines the name of the native user that generated the trace record. This parameter is identical to the RealUserName parameter. Use * for this parameter.

ACUserName

Defines the user name CA ControlMinder chose to authorize the event.

AuthorizationResult

Defines the authorization result.

Values: P (permitted), D (denied), *

TraceMessage

Defines the trace message that was generated.

Example: Filter Trace On a User Message Events

This example filters all user trace records generated when the effective user is root, and root accessed an object in the FILE class:

TRACE;FILE;*;*;root;*;*;*