OSF DCE Application Development Guide--Core Components

DCE Audit Service

#define evt_vn_bank_server_acct_open 0x01000000

#define evt_vn_bank_server_acct_close 0x01000001

#define evt_vn_bank_server_acct_withdraw 0x01000002

#define evt_vn_bank_server_acct_deposit 0x01000003

#define evt_vn_bank_server_acct_transfer 0x01000004

33.3.3.5 Administration of Event Numbers

Organizations and vendors must administer the event numbers assigned to them (through

the set-id) to maintain the unique assignment of event numbers.

33.3.4 Event Class

Audit events can be logically grouped together into an event class. Event classes

provide an efﬁcient mechanism by which sets of events can be speciﬁed by a single

value. Generally, an event class consists of audit events with some commonality. For

example, in a bank server program, the cash transaction events (deposit, withdrawal, and

transfer) may be grouped into an event class.

Typically, the administrator creates and maintains event classes. For more details to

event classes, see the .

33.3.5 Event Class Number

Each event class is assigned an event class number. Like the event number, the event

class number is a 32-bit integer and is administered by OSF. Event class numbers are

discussed in more detail in the .

33.3.6 Filters

Once the code points are identiﬁed and placed in the application server, all audit events

corresponding to the code points will be logged in the audit trail ﬁle, irrespective of the

outcome of these audit events. However, recording all audit events under all conditions

may neither be practical nor necessary. Filters provide a means by which audit records

are logged only when certain conditions are satisﬁed. A ﬁlter is composed of ﬁlter

guides that specify these conditions. Filter guides also specify what action to take if the

condition (outcome) is met.

A ﬁlter answers the following questions:

• Who will be audited?

124245 Tandem Computers Incorporated 33−5