OSF DCE Application Development Guide--Core Components
OSF DCE Application Development Guide—Core Components
These functions and the APIs that are used for each are discussed in the following
sections.
34.2.1 Opening an Audit Trail File for Reading
To open the audit trail file for reading, use the dce_aud_open( ) function and specify
aud_c_trl_open_read as the value for the flags parameter. In this case, the values for
the first_evt_number and num_of_evts does not affect the call. For example:
dce_aud_open(aud_c_trl_open_read, AUDIT_TRAIL_FILE,
0, 0, &out_trail, status);
34.2.2 Reading the Desired Audit Records into a Buffer
After opening the audit trail file, you can use the dce_aud_next( ) function to retrieve
audit records. Audit records are stored in the audit trail file in binary form. The
dce_aud_next( ) function does not convert the file into readable form. You must use the
dce_aud_print() function to translate the audit record into readable form.
The dce_aud_next() function allows you to specify a criteria that will be used in
selecting the records that will be read from the file. This criteria is known as predicates
and is expressed by setting the condition on the value of certain attributes. The condition
is set by using any of the following operators: = (equal to), > (greater than), and < (less
than).
Predicates can be expressed in any of the following forms:
• attribute=value
• attribute>value
• attribute<value
The following list summarizes these attributes and their acceptable values:
SERVER UUID of the principal that generated the record
EVENT Audit event number
OUTCOME Event outcome of the record
STATUS Authorization status of the application client
CLIENT UUID of the client principal
TIME Time when the record was generated.
CELL The UUID of the application client’s cell
GROUP The UUID of the application client’s group or groups
ADDR The address (binding handle) of the client
34−6 Tandem Computers Incorporated 124245