Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
661662663664665666667668669670
Using the Audit API Functions
FORMAT The format version number of the audit event record
Details of these attributes, their values, and the allowable operators are discussed in the
OSF DCE Application Development Reference.
For example, to have the function retrieve audit records that pertain to the event
number 0xC01000001 only, you can set the predicate to the following:
EVENT=0xC01000001
If the predicate parameter is set to NULL (that is, no criteria), the next audit record is
read. For example, to read the next audit record in a previously opened audit trail file,
the following call is made:
dce_aud_next(out_trail, NULL, &out_ard, status);
You can specify multiple predicates, in which case the predicates are treated as a logical
AND condition.
The dce_aud_next( ) function returns a pointer to the record that was read. This pointer
is used by the dce_aud_print( ), dce_aud_get_ev_info( ), and dce_aud_get_header( )
functions in transforming the audit records into ASCII format.
34.2.3 Transforming the Audit Record into Readable Text
After reading in the desired audit record by using the dce_aud_next( ) function, these
binary audit records must be transformed into human-readable form.
You can use any of the following three functions to transform the audit record
information to human readable form:
dce_aud_print( )
Formats the entire audit record (header and tail) into ASCII format.
dce_aud_get_header()
Obtains the header information of the audit record and formats it into human readable
form.
dce_aud_get_ev_info( )
Obtains the event-specific information in the tail of the audit record and formats it
into human readable form.
The dce_aud_next() function returns the address of the audit record to these functions.
These functions then allocate memory for the ASCII-format buffer (using malloc()) and
fills it with the ASCII representation of the audit record. The user must explicitly release
this memory (using free( )) when all audit record retrieving and transforming tasks have
been accomplished.
124245 Tandem Computers Incorporated 347