You add user‑defined features to the log routing daemons by writing C‑language programs that can be compiled and linked into a shared library. A LogRoute API function has three parts:
Registration initializes your LogRoute API function and registers it with the CA ControlMinder daemons. Implementation adds your tasks to the standard log routing daemon process. Termination unregisters and shuts your program down properly when the daemons themselves terminate.
Your LogRoute API function takes advantage of functions and header files provided by CA ControlMinder. You use the same registration, implementation, and termination functions for all your log routing functions.
Once your LogRoute API function is ready, you can add your shared library to the log routing daemon configuration file.
The log routing daemons use a configuration file to determine which audit log records to select and where to send those records. You can edit the configuration file to route specific audit information to a variety of selected targets supported by the log routing daemon.
Note: For more information about the syntax of the configuration file and the selogrd daemon, see the Reference Guide.
Your LogRoute API function uses built‑in functions and header files provided by CA ControlMinder, which provides the following predefined selogrd functions:
CA ControlMinder provides the following predefined selogrcd functions:
All LogRoute API functions must also include the following destination functions for each destination type implemented:
These three functions, which are grouped together in the LOGRAPI_FUNCS structure, are accessed using the pfSend, pfFree, and pfSense pointers. The API programmer must provide the code used for each of these functions, because each one is completely task‑dependent.
This section provides instructions for compiling and linking your LogRoute API function with the CA ControlMinder daemons. These are general instructions that describe the most common system configurations. Each system has its own specific requirements. Consult your system guides for the exact details of your particular system's compiler and linker.
You must include the header files lograpi.h and selogtype.h in your LogRoute API functions. These files are located in the API subdirectory. Put the following two lines near the top of the file:
#include <lograpi.h> #include <selogtype.h>
You can use any ANSI‑C compliant compiler.
After you compile your code, generate a shared library that contains the compiled version of your function. The apisamples directory contains sample log routing functions and a makefile demonstrating the process. Note that compilation for shared libraries usually requires additional compiler parameters to create position‑independent code. See the documentation for your compiler or linker for information on creating shared libraries in your particular system.
After you have written your code and created a shared library, add your shared library to the “on‑demand” shared libraries configuration file relevant to the daemon your code should link to.
If you have written a shared library for selogrd, add your shared library to the file ACDir/etc/selogrd.ext. If you have written a shared library for selogrcd, add your shared library to the file ACDir/etc/selogrcd.ext.
Each file contains two columns: the driver name and the shared library path. By convention, the driver name is a string that has the same name as your target type; however, it can be any valid C language symbol.
For example, if you have written code to implement a pager, your target name should be pager and the complete file entry would be:
pager /usr/local/lib/libseospager.so
This file entry means that the daemon selogrd loads the shared library /usr/local/lib/libseospager.so at startup and calls your function.
Although some systems support a predefined function called _init, we recommend that you use the function driver_RegisterDestination. This is the first function called from the shared library.
The function driver_RegisterDestination registers your new target type. On daemon shutdown, we recommend that you use the function driver_UnregisterDestination instead of the predefined _fini.
Note: Using the CA ControlMinder functions instead of the predefined system functions gives your code greater portability
The daemon selogrcd uses the same file configuration format as selogrd. However, selogrcd searches for the driver_Register and driver_UnRegister functions. If the function driver_UnRegister is not required, it can be omitted.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|