Valid on UNIX
Audit records that belong to a login event have the following filter format:
LOGIN;UserName;UserId;TerminalName;LoginProgram;AuthorizationResult
Specifies that the rule filters user trace records.
Defines the name of the accessor.
Defines the native user ID of the accessor.
Defines the remote host name at which the event occurred.
Defines the name of the program that attempted to log in or out.
Limits: cmdlog
Defines the filed authorization result.
Values:
P -Permitted
D - Denied
O - Logout
I - Inactivate (Disable user) by serevu
E - Enable user login by serevu
A - Password attempt detected
* - A wildcard that represents any value
Copyright © 2013 CA Technologies.
All rights reserved.
|
|