OSF DCE Administration Guide--Core Components
DCE Audit Service
Service are documented in the sec_audit_events(5sec) reference page. Code points and
their associated events for the DCE Distributed Time Service are documented in the
dts_audit_events(5sec) reference page. Code points and their associated events for the
DCE Audit Service are documented in the aud_audit_events(5sec) reference page.
42.3.3 Audit Events
An audit event is any event that an audit client wishes to record. Generally, audit events
involve the integrity of the system. For example, when a client withdraws cash from his
bank account, this can be an audit event because it can involve a possible security
violation on the bank account.
An audit event is associated with a code point in the application server code.
42.3.4 Event Numbers
Every audit event is assigned an event number by the application programmer. The
event number is a 32-bit integer, such as 0xC0000000. Event numbers are discussed in
more detail in the .
42.3.5 Event Classes
Audit events can be logically grouped together into an event class. Event classes
provide an efficient mechanism by which sets of events can be specified by a single
value. Generally, an event class consists of audit events with some commonality. For
example, in a bank server program, the cash transactions (deposit, withdrawal, and
transfer) may be grouped into an event class. Event classes are also discussed in Chapter
43.
42.3.5.1 Event Class Files
Event classes are defined in event class files. All event class files must be created in the
dcelocal/etc/audit/ec directory.
Default event class files are provided to classify auditable events from the DCE Security
Service, Time Service, and Audit Service. They are installed on the host system when
any of these services is installed.
124243 Tandem Computers Incorporated 42−3