OSF DCE Application Development Guide--Core Components
OSF DCE Application Development Guide—Core Components
Other APIs are also provided which can be used to create tools that examine and
analyze the audit event records.
• audit daemon
Maintains the filters and the audit logs.
• audit management interface
Management interface to the audit daemon. Used by the administrator to specify
how the audit daemon will filter the recording of audit events. This interface is
available from the DCE control program.
33.3 DCE Audit Service Concepts
This section briefly describes the DCE Audit Service concepts that are relevant to DCE
application programming.
33.3.1 Audit Clients
All RPC-based servers, such as DCE servers and user-written application servers, are
potential audit clients. The DCE Security Service, DTS, and the DCE Audit Service
itself are auditable. That is, code points (discussed in Section 33.3.2) are already in
place on these services.
The audit daemon can also audit itself.
33.3.2 CodePoint
A code point is a location in the application server program where DCE audit APIs are
used. Code points generally correspond to operations or functions offered by the
application server for which audit is required. For example, if a bank server offers the
cash withdrawal function acct_withdraw(), this function may be deemed to be an
auditable event and be designated as a code point.
As mentioned previously, code points are already in place in the DCE Security Service,
DTS, and DCE Audit Service. Code points and their associated events for the DCE
Security Service are documented in the sec_audit_events(5sec) reference page. Code
points and their associated events for the DTS are documented in the
dts_audit_events(5sec) reference page. Code points and their associated events for the
DCE Audit Service are documented in the aud_audit_events(5sec) reference page.
33−2 Tandem Computers Incorporated 124245