XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix A: The ACCONF File
XYPRO Technology Corporation 98 Proprietary and Confidential
A5: AUDIT (IP Process Name)
Any one of the nine available AUDIT keyword entries can be defined as an IP address.
This section deals with the IP address form of the AUDIT specification. Refer to
Chapter 7, “XAC Auditing and Audit Reports” for more information.
Syntax:
AUDIT <IP-process-name> IP <address[:port]> [DETAIL] [INVOKE] [CRITICAL]
[SYSLOG_PREFIX "<134><normal text>"]
[SYSLOG_CRITICAL_PREFIX "<130><critical text>"]
Note: There is no error-checking available on an IP port write. In order to facilitate the
detection of missing records, a sequence number is present in the DETAIL
(XAC-C) record that starts with 1 for a new XAC session and ascends for the
lifetime of the session.
DETAIL
The optional DETAIL sub-keyword includes audit of specific tasks or commands that
were performed by the user in this session.
INVOKE
The optional INVOKE sub-keyword includes audits on how the session was started,
from what user, on which terminal, at what time and with what startup command.
CRITICAL
The CRITICAL sub-keyword causes only records that audit a failed command to be
written to the IP address.
SYSLOG_PREFIX
The optional SYSLOG_PREFIX sub-keyword is used to specify text that will be
prepended to the front of the audit message being written to the IP address.
<134> is the standard message tag indicating a normal message (angle brackets are
required), and <normal text> is freeform text prepended to the front of the message
(angle brackets are not required). Together, <134> and the text must be enclosed by
double-quotation marks.
Syntax:
SYSLOG_PREFIX "<134> <normal text>"
Example:
AUDIT $ZTC0 IP 10.1.1.12:514 INVOKE SYSLOG_PREFIX "<134> NonStop \N1 "
SYSLOG_CRITICAL_PREFIX "<130> NonStop CRITICAL"