kblaudit

The tokens in the [kblaudit] section control the behavior of the Keyboard Logger session tracking program.
capamsc141
The tokens in the [kblaudit] section control the behavior of the Keyboard Logger session tracking program.
  • audit_back
    Specifies the name of the Keyboard Logger backup audit log file.
    Default
    :
    ACInstallDir
    /log/kbl.audit.bak
  • audit_group
    Specifies the group that can read the audit logs. If you set this token to
    none
    , only root can read the audit logs. This token does not verify the value of this token. If you enter an invalid group name, the token does not assign any group permissions to the audit log files.
    To change the group ownership of an existing audit log file, complete the following steps:
    Use the selang command chgrp to set the group ownership of the files.
    Change the UNIX permissions by entering the following command:
    chmod 640 ACInstallDir/log/seos.audit
    Default:
    none
  • audit_log
    Specifies the name of the Keyboard Logger audit log file.
    Default
    :
    ACInstallDir
    /log/kbl.audit
  • audit_max_files
    Specifies the maximum number of audit log files to keep in backup mode. When reached, deletes the earliest backup file when the latest file is created.
    Limits
    : a positive integer.
    Default
    : 0
    When set to 0, accumulates backup files and does not delete earlier files.
  • audit_size
    Specifies the maximum size, in KB, of the audit log file.
    Minimum value
    : 50 KB
    Default:
    24000
    Note
    : stops writing audit records to the audit file when the audit file size exceeds 2 GB.
  • BackUp_Date
    Specifies the criterion by which the session backs up the audit log file, and if it adds a timestamp to the backup file name.
     
    Always
    backs up the audit log file when it reaches the size that is specified in the audit_size configuration setting.
    Values:
    none, yes, daily, weekly, monthly
    • yes: The session backs up the audit log file when it reaches the size that is specified in audit_size. The session adds a timestamp to the backup file name.
    • none: The session backs up the audit log file when it reaches the size that is specified in audit_size. The session does not add a timestamp to the backup file name.
    • daily, weekly, monthly: The session backs up the audit log file whenever the specified interval has elapsed
      and
      when it reaches the size that is specified in audit_size. The session adds a timestamp to the backup file name. However, if no audit events are written to the audit log file in the specified interval, the session does not back up the file after the interval elapses.
      Note:
        Counts the specified interval from the time that it creates the first audit log file, and backs up the file at midnight on the appropriate day.
    Example:
    The configuration setting has a value of weekly, and creates the audit log file at 9:00 am on Friday April 1. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April.  backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, again backs up the audit log file and adds a timestamp to the backup file name.
    Default:
    NONE
  • cmd_log
    Specifies the link to the Keyboard Logger cmdlog binary file.
    Default
    : /etc/AC
  • debug_backup_dir
    Specifies the location of the backup debug messages files.
    Default:
    /opt/CA/PAMSC/log/kbl_debug
  • debug_backup_num
    Specifies the number of debug files to backup.
    Default:
    2
  • debug_file
    Specifies the location of the file that stores the Keyboard Logger debug messages.
    Default:
    /opt/CA/PAMSC/log/kbl_debug/cmdlog
  • debug_level
    Specifies the minimal level of debug messages to save.
    Values:
     
    • disabled: Messages are not saved
    • critical: CRITICAL messages are saved, only
    • very_high: CRITICAL + VERY_HIGH
    • high: CRITICAL + VERY_HIGH + HIGH
    • normal: CRITICAL + VERY_HIGH + HIGH + NORMAL
    • low: CRITICAL + VERY_HIGH + HIGH + NORMAL + LOW
    Default:
    critical
  • debug_size
    Specifies the maximum size (MB) of the debug messages file.
    Default:
    256 MB
  • error_back
    Specifies the name of the Keyboard Logger error log backup file.
    Default
    :
    ACInstallDir
    /log/kbl.error.bak
  • error_group
    Specifies the group that can read the error log files. If you set this token to
    none
    , only root can read the error log files.  Does not verify the value of this token, so if you enter an invalid group name, does not assign any group permissions to the error log files.
    To change the group ownership of an existing error log file, complete the following steps:
    Use the selang command chgrp to set the group ownership of the files.
    Change the UNIX permissions by entering the following command:
    chmod 640 ACInstallDir/log/seos.audit
    Default:
    none
  • error_log
    Specifies the name of the Keyboard Logger error log file.
    Default
    :
    ACInstallDir
    /log/kbl.error
  • error_size
    Defines the maximum size, in KB, of the error log file.
    Limits:
    A minimum value of 50 KB
    Default:
    500
  • kbl_enabled
    Specifies whether the Keyboard Logger is enabled.
    Values
    : yes, no
    Default
    : no
  • kbl_flush_timeout
    Specifies the user session inactivity interval, in seconds, after which the printable logged data is stored in the kbl audit file. Set the token to 0 to disable.
    Default
    : 30
  • kbl_output_limit
    Specifies the limit (bytes) for storing the output that is collected after the last user input. 
    Default:
    0 (no limit)
  • Kbl_seos_trace
    Specifies whether seosd activates trace on session and sends user activity data to the Keyboard Logger.
    Values
    : yes, no
    Default
    : yes
  • kbl_trace
    Specifies whether to print the Keyboard Logger debug messages.
    Values:
    0 (no tracing), 1 (use tracing)
    Default: 
    0
  • OS_etc_shells
    Specifies the name of the operating system shells file.
    Default
    : /etc/shells
  • socket_name
    Specifies the socket name for the Keyboard Logger audit manager.
    Default
    :
    ACInstallDir
    /kblserver