OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

551

552

553

554

555

556

557

558

559

560

DCE Audit Service Administrative Tasks

43.4.2 Example Event Class File

Following is a sample event class ﬁle named ec_local_cell_critical_events:

ECN = 0xC0000005

# Server Event Number Prefixes

# 0x000001 Security Service Events

# 0x000002 Time Service Events

# 0x000003 Audit Service Events

SEP = 0x00000100 0x00000200 0x00000300

# Security Service Critical Events

# evt_osf_dce_rs_properties_set_info (sets registry properties)

0x0000011f

# evt_osf_dce_rs_policy_set_info (sets registry policy)

0x00000121

# evt_osf_dce_rs_rep_admin_stop (stops the registery service)

0x00000127

# evet_osf_dce_rs_rep_admin_mkey (changes master key)

0x00000129

# Time Service Critical Events

# evt_osf_dce_dts_create (creates a server or a clerk)

0x00000201

# evt_osf_dce_dts_delete (deletes a server or a clerk)

0x00000202

# evt_osf_dce_dts_enable (enables the time service)

0x00000203

# evt_osf_dce_dts_disable (disables the time service)

0x00000204

# Audit Service Critical Events

# evt_osf_dce_aud_enable (enables audit-record logging service)

0x00000301

# evt_osf_dce_aud_disable (disables audit-record logging service)

0x00000302

# evt_osf_dce_aud_stop (terminates the execution of the audit daemon)

0x00000303

43.5 Creating and Maintaining Filters

After starting the audit daemon and creating the event class ﬁle, you can run dcecp to

create, modify, or display the ﬁlters maintained by the audit daemon. Use the audﬁlter

create, audﬁlter modify, and audﬁlter delete commands to create, modify, and delete

the ﬁlters. Use the audﬁlter catalog and audﬁlter show commands to display the

existing ﬁlters.

124243 Tandem Computers Incorporated 43−5