Audit records that belong to a trace message on a user event have the following filter format:
TRACE;TracedClassName;TracedObjectName;RealUserName;EffectiveUserName;ACUserName;AuthorizationResult;TraceMessage
Note: The maximum limit for the trace filter is 1000 records.
Specifies that the rule filters user trace records.
Defines the name of the object class the user tried to access.
Note: Enter the name of the class in uppercase.
Defines the name of the object that the user tried to access.
(UNIX) Defines the name of the real user that generated the trace record.
(Windows) Defines the name of the native user that generated the trace record.
(UNIX) Defines the name of the effective user that generated the trace record.
(Windows) Defines the name of the native user that generated the trace record. This parameter is identical to the RealUserName parameter. Use * for this parameter.
Defines the user name CA ControlMinder chose to authorize the event.
Defines the authorization result.
Values: P (permitted), D (denied), *
Defines the trace message that was generated.
Example: Filter Trace On a User Message Events
This example filters all user trace records generated when the effective user is root, and root accessed an object in the FILE class:
TRACE;FILE;*;*;root;*;*;*
Copyright © 2013 CA Technologies.
All rights reserved.
|
|