The lograpi_UnregisterTargetType function unregisters a target or destination type previously registered with the log routing daemon.
If the function succeeds, it returns 0. If it fails, it returns an unsigned integer error code and assigns a value to the global variable errno according to the following table of values:
Return Value |
ERRNO |
Meaning |
---|---|---|
LOGRAPI_E_NULLPARM |
EINVAL |
The code parameter is NULL. |
LOGRAPI_E_NODEST |
ENOENT |
No such destination type. |
Important! Once a destination type is unregistered, it cannot be registered again during the current session. However, all subsequent records are marked as if the send to that destination was successful. Do not unregister a target type unless you definitely will not be working with that target type any more.
int lograpi_UnregisterTargetType (const char *name);
name
The name of the target or destination type to be unregistered.
The lograpi_MakeStringMessage function converts an audit log record to a one‑line text string in the standard format used by the seaudit and seauditx utilities.
If the function succeeds, it returns a char pointer to the audit log data string. This string is held in an area of static memory that is overwritten when a subsequent call is made to the function.
If the function fails, it returns NULL. Check the return value of errno for more information. Passing a NULL pointer as an input parameter generates an error. Possible errors are:
Return Value |
Meaning |
---|---|
EINVA |
Data on pointer parameters are NULL. |
char * lograpi_MakeStringMessage (LOGRECORD *plr, void *data);
A pointer to the audit log record structure passed to the LogrApiSendFunc function.
A pointer to the uncompressed audit log record information passed to the LogrApiSendFunc function.
LogrApiSenseFunc is a function pointer type that specifies a user‑defined sense function to be called while the selogrd daemon is initializing and restarting. The sense function determines (senses) if the configuration file route entry is valid. The sense function tests the target field entries in each configuration file line for validity. For example, if the destination name is user jsmith, then LogrApiSenseFunc should check that there is, in fact, a user by that name.
If the function succeeds, it should return 0. If it fails, it returns an error code.
typedef int (*LogrApiSenseFunc) (SEOS_ROUTENTRY *pre);
Configuration file entry to check for validity.
LogrApiSendFunc is a function pointer type that specifies a user‑defined send function. When an audit log record is found that matches the user's selection criteria, the send function transmits (sends) the selected audit log record to the user‑specified destination.
If the send action succeeds, the function should return 0. An audit log record successfully sent is never submitted again to LogrApiSendFunc.
If the send action fails, CA ControlMinder enters an error notice into the syslog file and returns a nonzero integer as an error flag. The same audit log record may be resubmitted an unlimited number of times.
typedef int (*LogrApiSendFunc) (LOGRECORD *plr, SEOS_ROUTENTRY *pre, \ int notify, void *data);
The audit log description file.
Information about the audit target destination for the audit log record.
Flag indicating if this audit log record is a notification record as follows:
Audit log record is a notification record.
Audit log record is not a notification record.
A pointer to the audit log record.
LogrApiFreeFunc is a function pointer type that specifies a user‑defined free function. When selogrd shuts down or restarts, it calls the free function to free the memory allocated to a previously registered function. The SendData member of the SEOS_ROUTENTRY structure is used as a placeholder for the allocated memory for a target, such as a FILE * or a CLIENT *. The pointer may be NULL, if the registered function uses no allocated resources.
The selogrd daemon shuts down and restarts every time seosd switches log files. This happens often; for example, whenever the log files exceed a specified maximum size. Be sure that your free function reliably frees all allocated memory or you may create problems on your system.
There is no return value.
If you do not need a free operation, set this function pointer to NULL.
typedef void (*LogrApiFreeFunc) (SEOS_ROUTENTRY *pre);
The target entry to free or close.
The servlog_IsThereExit function tests if an exit function is registered for the given type of audit record. Each audit record is defined as a particular record type, such as login, audit, or general resource. The values for rectype are defined in the header file selogtype.h, which is supplied with the CA ControlMinder API. The format of the rectype is AUDIT_rectype.
The function returns 1 if an exit function for the specified record type exists; otherwise, it returns 0.
int servlog_IsThere Exit (int rectype);
Is an exit function registered for the record type represented by this particular code?
The servlog_RegisterExit function registers an exit function to be called by the selogrcd daemon when a particular type of audit record is received. Each audit record in CA ControlMinder is identified as a particular record type, such as login, audit, or general resource. The values for rectype are defined in the header file selogtype.h, which is supplied with the CA ControlMinder API. The format of the rectype is AUDIT_rectype.
It is possible to register more than one exit function for each type of record; CA ControlMinder allows a maximum of 16 exit functions for each type of record. When a function is registered, it is assigned a sequence number in the list of exit functions for its particular type.
This function should be called during exit initialization to register the exit functions. This function is normally called from the driver_Register function.
The function returns a 0 on success and an error code on failure.
int servlog_RegisterExit (int rectype, collectexitf func, int *chain);
The code of the record type for which the exit function must be called.
A pointer to the user function that should gain control when an audit record of rectype is received.
The number in the chain of exit functions of the specified record type.
The servlog_UnRegisterExit function unregisters an exit function previously registered by a call to servlog_RegisterExit. After unregistering an exit function, it can no longer be called.
The function returns a 0 on success and an error code on failure.
int servlog_UnRegisterExit (int rectype, int *chain);
The code of the audit record type.
The number (from the chain of exit functions for the specified record type) of the exit function to be unregistered. The number was assigned to the function when it was registered.
This section describes the data structures used by LogRoute API functions to pass information back and forth between the functions and the CA ControlMinder daemons (in UNIX) and services (in Windows). Every field of each data structure is described.
The LogRoute API functions access two types of data structures: audit log record structures and information‑passing structures.
There are eight types of audit log records, each with its own structure format. The structures can be found in the source file selogtype.h. The following audit log record structures are included in the LogRoute API:
Used for database update events
Used for daemon shutdown events
Used for general resource check events
Used for TCP/IP request events
Used for login events
Used for daemon startup events
Used for user trace events
Used for Watchdog events
The LogRoute API includes data structures used to pass audit log records, configuration file information, and LogRoute API function pointers between the CA ControlMinder daemons and your LogRoute API functions. Details of the four data structures used to pass information between functions are given in the second half of this section. The structures themselves can be found in the source file lograpi.h. The four information‑passing structures are as follows:
Stores the audit log record header
Stores the audit log record data
Stores the configuration file entry
Contains LogRoute API implementation functions
CA ControlMinder lets you store notification information in the database as a string associated with a user or resource record. The administrator can specify mail addresses to be notified each time that an attempt is made to access the resource. A notification request is stored as a special audit log record in the audit log file. selogrd routes the notification request to the mail or the screen address of the destination specified in the audit log record.
Notification records for a given event are identical to the standard audit log records associated with that event, except that notification records also have their targets stored at the beginning of the audit log record. The log codes for the notification records are simply the log codes of regular audit log records, offset by 2048. For example, a normal login audit log record has a log type code of 1. The notification log type code would be 2049. Note that an audit log record can appear in the audit log file followed by the notification record of the same event.
Notification record structure names begin with SEOSNF_AUDIT. The exact names correspond to the matching audit log record name:
SEOS_AUDITADMIN
SEOS_AUDITDOWN
SEOS_AUDITGENR
SEOS_AUDITINWARN
SEOS_AUDITLOGIN
SEOS_AUDITSTART
SEOS_AUDITUSER
SEOS_AUDITWDWARN
In each structure, the first field is SEOS_NOTIFYSTR, a buffer of up to 30 bytes to hold the destination string pulled from the database. The second field is the audit log record corresponding to this notification record.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|