Previous Topic: SEOS_AUDITDOWNNext Topic: Language Client API


LOGRECHDR

There are many different types of audit log records, each with its own structure format. CA ControlMinder has to know what type of record structure to expect for the next record; therefore, each record stored in the audit log file has a header structure common to all audit log records.

LOGRECHDR is the header structure common to all audit log records.

unsigned long nBytes

The size, in bytes, of the record in the compressed log file, not including the header.

time_t tLog

The time the record was placed in the file.

unsigned long positor

A code for the module that wrote the record. Normally, it has a value of zero.

unsigned long rectype

The record type. Valid record type codes are:

These codes are described in the selogtype.h file.

unsigned long rv

Return code that caused the record to be written to log. Possible reasons are listed in the table in Return Codes in this chapter.

Code

Value

Audit Record Types

Description

SEOS_AUTH_CHECK

C

All

An error occurred in CA ControlMinder.

SEOS_AUTH_DENY

D

Login
General
Resource
Admin
Inet

CA ControlMinder denied access to a resource, did not permit a login, or did not permit an update to the database because the accessor did not have sufficient authorization.

SEOS_AUTH_PASS

P

Login
General
Resource
Inet

CA ControlMinder permitted access to a resource or permitted a login.

SEOS_DOWN_RES

M

Down
Start

The CA ControlMinder daemons started up or shut down.

SEOS_LANG_DENY

D

Admin

An attempt to update the database was denied.

SEOS_LANG_FAIL

F

Admin

An attempt to update the database failed.

SEOS_LANG_SUCC

S

Admin

The database was successfully updated.

SEOS_LOGATP_RES

A

Login

An attempt to log in failed because an invalid password was entered more than once.

SEOS_LOGDIS_RES

I

Login

The serevu daemon disabled a user.

SEOS_LOGENA_RES

E

Login

The serevu daemon enabled a disabled user.

SEOS_LOGOUT_RES

O

Login

A user logged out.

SEOS_USER_RES

T

User

An audit record written because all actions of the user are being traced.

SEOS_WATCHDOG_RES

W

Watchdog

The seoswd or seosd daemon set a program in the PROGRAM class or a file in the SECFILE class as untrusted.

LOGRECORD

The LOGRECORD structure contains the complete audit log record. The generic void *data points to any of the data structures used to hold the record data.

LOGRECHDR lrh

Log record header.

void *data

The compressed data record. Note that the user function receives this data after it is uncompressed.

SEOS_ROUTENTRY

The SEOS_ROUTENTRY structure contains the filtering and target information from each rule in the configuration file. This information is parsed by selogrd. Note that in this structure, all elements in lowercase are readonly, while elements in mixed case are readwrite.

char szClass

The class name.

char obj

The object or resource name.

char accr

The accessor user name.

char code

The access result code:

(Pass) Success

(Deny) Failure

(Untrust) Untrusted action was attempted on a trusted program checked by the Watchdog.

Additional values are documented in the file selogtype.h.

int dest

The destination type code. The codes are dynamically allocated as the destination types are registered.

char out

The target routing path.

void *SendData

A placeholder for information to be stored by the routing functions, such as open file handles.

int in_error

Boolean flag set if this route entry has previously failed to transmit information. selogrd calls the destination send function repeatedly to resend the audit records that failed to be transmitted.

LOGRAPI_FUNCS

The LOGRAPI_FUNCS structure contains pointers to the user‑defined functions for each of the tasks to be performed by a destination type. This structure is used only during target type registration.

LogrApiSendFunc pfSend

A pointer to the user's send function.

LogrApiFreeFunc pfFree

A pointer to the user's free function.

LogrApiSenseFunc pfSense

A pointer to the user's sense function.