Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
651652653654655656657658659660
DCE Audit Service
33.3.8 Audit Trail File
The audit trail file contains all the audit records that are written by the audit daemon or
the audit APIs. You can specify either a central audit trail file or a local audit trail file.
The central audit trail file is maintained by the audit daemon. The local audit trail file is
maintained by the audit library. The terms audit trail file and audit trail are used
interchangeably in this book.
33.4 Administration and Programming in DCE Audit
This section gives you an example of how auditing is accomplished using the DCE Audit
Service. Both the programmer and the administrator have to perform tasks to enable the
writing of audit records in the audit trail. This section looks at the life cycle of an audit
trail, from the time that audit events are identified in the server code, to the time that they
are filtered and recorded in the audit trail file.
A bank server example illustrates each stage of the life cycle. In this example, the bank
server program offers five operations: acct_open(), acct_close( ), acct_withdraw(),
acct_deposit(), and acct_transfer().
33.4.1 Programmer Tasks
The programmer uses the audit APIs to enable auditing in the application server
program, as illustrated in the following:
1. The programmer identifies the code points in the bank server program. Because
each of the five operations (corresponding to an RPC interface) offered by the bank
server is a security-relevant operation, the programmer deems that all these
operations are security relevant, and assigns a codepoint to each operation. Each
code point corresponds to an audit event.
acct_open() /* first code point */
acct_close() /* second code point */
acct_withdraw() /* third code point */
acct_deposit() /* fourth code point */
acct_transfer() /* fifth code point */
2. The programmer then assigns an event number to each audit event (corresponding
to each code point). For example, the programmer defines these numbers in his
header file as follows:
/* event number for the 1st code point, acct_open() */
#define evt_vn_bank_server_acct_open 0xC1000000
/* event number for the 2nd code point, acct_close() */
124245 Tandem Computers Incorporated 337