There are many different types of audit log records, each with its own structure format. CA ControlMinder has to know what type of record structure to expect for the next record; therefore, each record stored in the audit log file has a header structure common to all audit log records.
LOGRECHDR is the header structure common to all audit log records.
The size, in bytes, of the record in the compressed log file, not including the header.
The time the record was placed in the file.
A code for the module that wrote the record. Normally, it has a value of zero.
The record type. Valid record type codes are:
These codes are described in the selogtype.h file.
Return code that caused the record to be written to log. Possible reasons are listed in the table in Return Codes in this chapter.
Code |
Value |
Audit Record Types |
Description |
---|---|---|---|
SEOS_AUTH_CHECK |
C |
All |
An error occurred in CA ControlMinder. |
SEOS_AUTH_DENY |
D |
Login |
CA ControlMinder denied access to a resource, did not permit a login, or did not permit an update to the database because the accessor did not have sufficient authorization. |
SEOS_AUTH_PASS |
P |
Login |
CA ControlMinder permitted access to a resource or permitted a login. |
SEOS_DOWN_RES |
M |
Down |
The CA ControlMinder daemons started up or shut down. |
SEOS_LANG_DENY |
D |
Admin |
An attempt to update the database was denied. |
SEOS_LANG_FAIL |
F |
Admin |
An attempt to update the database failed. |
SEOS_LANG_SUCC |
S |
Admin |
The database was successfully updated. |
SEOS_LOGATP_RES |
A |
Login |
An attempt to log in failed because an invalid password was entered more than once. |
SEOS_LOGDIS_RES |
I |
Login |
The serevu daemon disabled a user. |
SEOS_LOGENA_RES |
E |
Login |
The serevu daemon enabled a disabled user. |
SEOS_LOGOUT_RES |
O |
Login |
A user logged out. |
SEOS_USER_RES |
T |
User |
An audit record written because all actions of the user are being traced. |
SEOS_WATCHDOG_RES |
W |
Watchdog |
The seoswd or seosd daemon set a program in the PROGRAM class or a file in the SECFILE class as untrusted. |
The LOGRECORD structure contains the complete audit log record. The generic void *data points to any of the data structures used to hold the record data.
Log record header.
The compressed data record. Note that the user function receives this data after it is uncompressed.
The SEOS_ROUTENTRY structure contains the filtering and target information from each rule in the configuration file. This information is parsed by selogrd. Note that in this structure, all elements in lowercase are read‑only, while elements in mixed case are read‑write.
The class name.
The object or resource name.
The accessor user name.
The access result code:
(Pass) Success
(Deny) Failure
(Untrust) Untrusted action was attempted on a trusted program checked by the Watchdog.
Additional values are documented in the file selogtype.h.
The destination type code. The codes are dynamically allocated as the destination types are registered.
The target routing path.
A placeholder for information to be stored by the routing functions, such as open file handles.
Boolean flag set if this route entry has previously failed to transmit information. selogrd calls the destination send function repeatedly to resend the audit records that failed to be transmitted.
The LOGRAPI_FUNCS structure contains pointers to the user‑defined functions for each of the tasks to be performed by a destination type. This structure is used only during target type registration.
A pointer to the user's send function.
A pointer to the user's free function.
A pointer to the user's sense function.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|