Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
651652653654655656657658659660
OSF DCE Application Development Guide—Core Components
What events will be audited?
What should be the outcome of these events before an audit record is written?
Will the audit record be logged in the audit trail file or displayed on the system
console, or both?
For example, for the bank server program, you can impose the following conditions
before an audit record is written:
‘‘Audit all withdrawal transactions (the audit events) that fail because of access denial
(outcome of the event) that are performed by all customers in the DCE cell (who to
audit).’’
33.3.6.1 Filter Subject Identity
A filter is associated with one filter subject, which denotes to what the filter applies. The
filter subject is the client of the distributed application who caused the event to happen.
For more information on the filter subject identity, see the .
33.3.7 Audit Records
An audit record has a header and a trailer. The header contains the common information
of all events; for example, the identities of the client and the server, group privileges
used, address, and time. The trailer contains event-specific information; for example, the
dollar amount of a fund-transfer event.
Audit records are initialized and filled by calling the audit API functions.
There are four stages in the writing of an audit record:
1. First, the code point registers an audit event. At this point, the audit record does
not yet have any form.
2. The audit record descriptor is built. This is a representation of the audit data that is
built by the dce_aud_start( ), dce_aud_put_ev_info( ), and dce_aud_commit( )
functions. This is stored in a data structure in the client’s core memory until the
dce_aud_commit() function is called. This data is not IDL-encoded until the
dce_aud_commit() call.
3. The audit record is written to the log. This is stored as IDL-encoded data in the
audit log.
4. The audit record is transformed into human-readable form. This is a representation
built in a data structure in the core memory by calls to the dce_aud_next( ) and
dce_aud_print( ) functions. This is not an IDL-encoded representation.
336 Tandem Computers Incorporated 124245