OSF DCE Administration Guide--Core Components

Chapter 42. DCE Audit Service

Auditing plays a critical role in distributed systems. Adequate audit facilities are

necessary for detecting and recording critical events in distributed applications.

Auditing, a key component of DCE, is provided by the DCE Audit Service. This chapter

provides an introduction to the DCE Audit Service.

42.1 Features of the DCE Audit Service

The DCE Audit Service has the following features:

• An audit daemon (auditd) performs the logging of audit records based on speciﬁed

criteria.

• Application programming interfaces (APIs) can be used as part of application server

programs to record audit events. These APIs can also be used to create tools that can

analyze the audit records.

• An administrative command interface to the audit daemon directs the daemon in

selecting the events that are going to be recorded based on certain criteria. This

interface is accessed through the DCE control program (dcecp).

• An event classiﬁcation mechanism allows the logical grouping of a set of events for

ease of administration.

• Audit records can be directed to logs or to the console.

42.2 Components of the DCE Audit Service

The DCE Audit Service has three basic components:

• Application programming interfaces (APIs)

Provide the functions that are used to detect and record critical events when the

application server services a client. The application programmer uses these functions

124243 Tandem Computers Incorporated 42−1