Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Producing SAFEART Reports
Safeguard Audit Service Manual520480-014
6-10
Wild-Card Support for Object Name Under
SAFEART
You can specify additional criteria by using additional SET WHERE commands or by
combining comparison statements in the same SET WHERE command. For more
information, see Using Multiple Comparison Statements on page 6-12.
To practice specifying selection criteria, you might want to copy an audit file to your
subvolume and generate test reports with it. As mentioned earlier, you must have
READ authority for the audit file.
Wild-Card Support for Object Name Under SAFEART
SAFEART supports the use of wild cards while searching for events using the
ObjectName field. This capability is useful in searching for records generated by audit
clients using either the external name or the internal name of the OSS object.
These wild cards are supported:
Enclose the search string in double quotes. Wild-card searches are case-sensitive.
For example, to search for all records related to the path '/bin/sh', enter this command
under SAFEART:
SET WHERE objectname = '/bin/sh*'
Suppose that the object name displayed is:
/bin/sh=$oss1.ZYQ00000.Z000007S:453298
Using this information, you can search for all events related to the physical file
displayed.
Diskfile-Pattern Usage
Formulating diskfile-pattern objectnames in SAFEART is different than in SAFECOM.
To specify that the wild cards "*" and "?" in a diskfile-pattern objectname match those
exact characters, they must be enclosed in squared brackets. For example:
To search for all records related to diskfile pattern "$DATA.JA*.T???", enter this
command under SAFEART:
SET WHERE objectname='$DATA.JA[*].T[?][?][?]'
* Matches zero or more characters
? Matches any single character
[...] The set matches any one of the enclosed characters. In an expression
such as [a-z], the - (dash) means through. If the first character following
the [ (left bracket) is an ! (exclamation point), any character not enclosed is
matched. Nested sets are not supported.