audit.cfg File Security Database Administration Events Filter Syntax

Audit records that belong to a security database administration event have the following filter format:
capamsc141
Audit records that belong to a security database administration event have the following filter format:
ADMIN;ClassName;ObjectName;UserName;EffectiveUserName;TerminalName;Command;CommandResult
  • ADMIN
    Specifies that the rule filters audit records generated by events performed by an administrator.
  • ClassName
    Defines the class on which the administrator executes the command.
  • ObjectName
    Defines the object that the administrator's command updated.
  • UserName
    Defines the name of the user who executed the command.
  • EffectiveUserName
    (UNIX) Defines the name of the effective user to which the rule applies.
    (Windows) Defines the name of the native user to which the rule applies.
  • TerminalName
    Defines the terminal at which the event occurred.
  • Command
    Defines the selang command that the administrator executed.
  • CommandResult
    Defines the authorization or command result.
    Values:
    S (command succeeded), F (command failed), D (command denied), *
Example: Filter Security Database Administration Events
This example filters all audit records generated by successful FILE management commands by admin01:
ADMIN;FILE'*;admin01;*;*;*;S