Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
551552553554555556557558559560
OSF DCE Administration Guide—Core Components
43.5.1 Creating Filters
The following is an example audfilter create command for creating a filter:
dcecp> audfilter create {group trust} \
-attribute {ec_local_bank_audit denial log}
The example command specifies that a filter type group be created for the DCE group
named trust in the local cell.
The -attributes option is required. The argument to the option is a filter guide or list of
guides. Each filter guide is made up of three elements: an event class name or list of
names, an audit condition or list of conditions, and an audit action or list of actions.
The event class name corresponds to the name of the event class file for which your are
creating a filter.
The audit condition is the condition required for the event to be audited. Valid
conditions are success, denial, failure, pending, and all .
The audit action is the action to take if the event being generated matches the audit
condition specified. Valid actions are log, alarm, and all .
43.5.2 Modifying Filters
You can modify an existing audit filter by adding or deleting one or more of the filter’s
guides. The following is a sample dcecp command for modifying an existing filter:
dcecp> audfilter modify world -add {Monetary_Transfers denial log}
The example command adds a guide with an event class of Monetary_Transfers,an
audit condition of denial, and an audit action of log to the existing filter type world.
Note that the filter type world does not take a key.
The DCE control program does not use commas. Multiple guides and multiple filters are
specified in the standard dcecp list format: {x y} for single arguments or {{x y} {a b}} for
multiple arguments.
In order to execute the audfilter modify command, you must have write (w) permission
to the audit daemon’s ACL.
43.5.3 Deleting Filters
You can delete one or more of the audit filters for a DCE client by using the audfilter
delete command. The following is an example audfilter delete command:
43 6 Tandem Computers Incorporated 124243