Trace Rule Syntax

Valid on UNIX
capamsc141
Valid on UNIX
The Trace rule filters trace messages on user events depending on the arguments that you specify. The format of the trace rule is as follows:
TRACE;<TracedClassName>;<TracedObjectName>;<RealUserName>;<ACUserName>;<AuthorizationResult>;<TraceMessageMask>;<KBLSessionID>;<InputCommandName>
  • <TracedClassName>
    Specifies the name of the object class that the user tries to access.
    Limits
    : KBL raw, KBL output, KBL input, KBL execargs
  • <TracedObjectName>
    Specifies the host that the user tries to access.
  • <RealUserName>
    Specifies the name of the logged in user that generates trace records.
  • <ACUserName>
    Specifies the name of the effective user who checks the rule. An effective user can be a logical user or a
    setuid
    user.
     
  • <AuthorizationResult>
    Specifies the authorization criteria to filter trace messages.
         
Limits:
P (permitted), D (denied), *
  • <TraceMessageMask>
    Specifies the trace message mask criteria to filter trace messages.
  • <KBLSessionID>
    Displays the keyboard logger sessions ID.
     
  • [Optional] <InputCommandName>
    Specifies that the utility filters audit records based on the command a user executes on the host. The input command argument is optional.