kblaudit
The tokens in the [kblaudit] section control the behavior of the Keyboard Logger session tracking program.
capamsc141
The tokens in the [kblaudit] section control the behavior of the Keyboard Logger session tracking program.
- audit_backSpecifies the name of the Keyboard Logger backup audit log file.Default:ACInstallDir/log/kbl.audit.bak
- audit_groupSpecifies the group that can read the audit logs. If you set this token tonone, only root can read the audit logs. This token does not verify the value of this token. If you enter an invalid group name, the token does not assign any group permissions to the audit log files.To change the group ownership of an existing audit log file, complete the following steps:Use the selang command chgrp to set the group ownership of the files.Change the UNIX permissions by entering the following command:chmod 640 ACInstallDir/log/seos.auditDefault:none
- audit_logSpecifies the name of the Keyboard Logger audit log file.Default:ACInstallDir/log/kbl.audit
- audit_max_filesSpecifies the maximum number of audit log files to keep in backup mode. When reached, deletes the earliest backup file when the latest file is created.Limits: a positive integer.Default: 0When set to 0, accumulates backup files and does not delete earlier files.
- audit_sizeSpecifies the maximum size, in KB, of the audit log file.Minimum value: 50 KBDefault:24000Note: stops writing audit records to the audit file when the audit file size exceeds 2 GB.
- BackUp_DateSpecifies the criterion by which the session backs up the audit log file, and if it adds a timestamp to the backup file name.Alwaysbacks up the audit log file when it reaches the size that is specified in the audit_size configuration setting.Values:none, yes, daily, weekly, monthly
- yes: The session backs up the audit log file when it reaches the size that is specified in audit_size. The session adds a timestamp to the backup file name.
- none: The session backs up the audit log file when it reaches the size that is specified in audit_size. The session does not add a timestamp to the backup file name.
- daily, weekly, monthly: The session backs up the audit log file whenever the specified interval has elapsedandwhen it reaches the size that is specified in audit_size. The session adds a timestamp to the backup file name. However, if no audit events are written to the audit log file in the specified interval, the session does not back up the file after the interval elapses.Note:Counts the specified interval from the time that it creates the first audit log file, and backs up the file at midnight on the appropriate day.
Example:The configuration setting has a value of weekly, and creates the audit log file at 9:00 am on Friday April 1. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April. backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, again backs up the audit log file and adds a timestamp to the backup file name.Default:NONE - cmd_logSpecifies the link to the Keyboard Logger cmdlog binary file.Default: /etc/AC
- debug_backup_dirSpecifies the location of the backup debug messages files.Default:/opt/CA/PAMSC/log/kbl_debug
- debug_backup_numSpecifies the number of debug files to backup.Default:2
- debug_fileSpecifies the location of the file that stores the Keyboard Logger debug messages.Default:/opt/CA/PAMSC/log/kbl_debug/cmdlog
- debug_levelSpecifies the minimal level of debug messages to save.Values:
- disabled: Messages are not saved
- critical: CRITICAL messages are saved, only
- very_high: CRITICAL + VERY_HIGH
- high: CRITICAL + VERY_HIGH + HIGH
- normal: CRITICAL + VERY_HIGH + HIGH + NORMAL
- low: CRITICAL + VERY_HIGH + HIGH + NORMAL + LOW
Default:critical - debug_sizeSpecifies the maximum size (MB) of the debug messages file.Default:256 MB
- error_backSpecifies the name of the Keyboard Logger error log backup file.Default:ACInstallDir/log/kbl.error.bak
- error_groupSpecifies the group that can read the error log files. If you set this token tonone, only root can read the error log files. Does not verify the value of this token, so if you enter an invalid group name, does not assign any group permissions to the error log files.To change the group ownership of an existing error log file, complete the following steps:Use the selang command chgrp to set the group ownership of the files.Change the UNIX permissions by entering the following command:chmod 640 ACInstallDir/log/seos.auditDefault:none
- error_logSpecifies the name of the Keyboard Logger error log file.Default:ACInstallDir/log/kbl.error
- error_sizeDefines the maximum size, in KB, of the error log file.Limits:A minimum value of 50 KBDefault:500
- kbl_enabledSpecifies whether the Keyboard Logger is enabled.Values: yes, noDefault: no
- kbl_flush_timeoutSpecifies the user session inactivity interval, in seconds, after which the printable logged data is stored in the kbl audit file. Set the token to 0 to disable.Default: 30
- kbl_output_limitSpecifies the limit (bytes) for storing the output that is collected after the last user input.Default:0 (no limit)
- Kbl_seos_traceSpecifies whether seosd activates trace on session and sends user activity data to the Keyboard Logger.Values: yes, noDefault: yes
- kbl_traceSpecifies whether to print the Keyboard Logger debug messages.Values:0 (no tracing), 1 (use tracing)Default:0
- OS_etc_shellsSpecifies the name of the operating system shells file.Default: /etc/shells
- socket_nameSpecifies the socket name for the Keyboard Logger audit manager.Default:ACInstallDir/kblserver