LOGRECHDR

There are many different types of audit log records, each with its own structure format. CA ControlMinder has to know what type of record structure to expect for the next record; therefore, each record stored in the audit log file has a header structure common to all audit log records.

LOGRECHDR is the header structure common to all audit log records.

unsigned long nBytes

The size, in bytes, of the record in the compressed log file, not including the header.

time_t tLog

The time the record was placed in the file.

unsigned long positor

A code for the module that wrote the record. Normally, it has a value of zero.

unsigned long rectype

The record type. Valid record type codes are:

AUDIT_LOGIN
AUDIT_GENR
AUDIT_WDWARN
AUDIT_INWARN
AUDIT_ADMIN
AUDIT_DOWN
AUDIT_START
AUDIT_USER
AUDIT_CWS

These codes are described in the selogtype.h file.

unsigned long rv

Return code that caused the record to be written to log. Possible reasons are listed in the table in Return Codes in this chapter.

Code	Value	Audit Record Types	Description
SEOS_AUTH_CHECK	C	All	An error occurred in CA ControlMinder.
SEOS_AUTH_DENY	D	Login General Resource Admin Inet	CA ControlMinder denied access to a resource, did not permit a login, or did not permit an update to the database because the accessor did not have sufficient authorization.
SEOS_AUTH_PASS	P	Login General Resource Inet	CA ControlMinder permitted access to a resource or permitted a login.
SEOS_DOWN_RES	M	Down Start	The CA ControlMinder daemons started up or shut down.
SEOS_LANG_DENY	D	Admin	An attempt to update the database was denied.
SEOS_LANG_FAIL	F	Admin	An attempt to update the database failed.
SEOS_LANG_SUCC	S	Admin	The database was successfully updated.
SEOS_LOGATP_RES	A	Login	An attempt to log in failed because an invalid password was entered more than once.
SEOS_LOGDIS_RES	I	Login	The serevu daemon disabled a user.
SEOS_LOGENA_RES	E	Login	The serevu daemon enabled a disabled user.
SEOS_LOGOUT_RES	O	Login	A user logged out.
SEOS_USER_RES	T	User	An audit record written because all actions of the user are being traced.
SEOS_WATCHDOG_RES	W	Watchdog	The seoswd or seosd daemon set a program in the PROGRAM class or a file in the SECFILE class as untrusted.

LOGRECORD

The LOGRECORD structure contains the complete audit log record. The generic void *data points to any of the data structures used to hold the record data.

LOGRECHDR lrh: Log record header.
void *data: The compressed data record. Note that the user function receives this data after it is uncompressed.

SEOS_ROUTENTRY

The SEOS_ROUTENTRY structure contains the filtering and target information from each rule in the configuration file. This information is parsed by selogrd. Note that in this structure, all elements in lowercase are read‑only, while elements in mixed case are read‑write.

char szClass

The class name.

char obj

The object or resource name.

char accr

The accessor user name.

char code

The access result code:

(Pass) Success

(Deny) Failure

(Untrust) Untrusted action was attempted on a trusted program checked by the Watchdog.

Additional values are documented in the file selogtype.h.

int dest

The destination type code. The codes are dynamically allocated as the destination types are registered.

char out

The target routing path.

void *SendData

A placeholder for information to be stored by the routing functions, such as open file handles.

int in_error

Boolean flag set if this route entry has previously failed to transmit information. selogrd calls the destination send function repeatedly to resend the audit records that failed to be transmitted.

LOGRAPI_FUNCS

The LOGRAPI_FUNCS structure contains pointers to the user‑defined functions for each of the tasks to be performed by a destination type. This structure is used only during target type registration.

LogrApiSendFunc pfSend: A pointer to the user's send function.
LogrApiFreeFunc pfFree: A pointer to the user's free function.
LogrApiSenseFunc pfSense: A pointer to the user's sense function.