XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 264 Proprietary and Confidential
B18: EMS_CRITICAL_IF_DENIED
The EMS_CRITICAL_IF_DENIED keyword causes failed-authentication audit
messages to be marked as critical, an internal audit attribute.
When the AUDIT keyword (App. A3:, A4: or A5: starting on page 206) includes the
CRITICAL sub-keyword, only messages marked as critical are included in the audit.
When audit messages marked as critical are sent to a collector via the EMS SPI
interface, messages are sent with the EMS CRITICAL attribute set.
Syntax:
EMS_CRITICAL_IF_DENIED { ON | OFF }
In the Example below, EMS_CRITICAL_IF_DENIED is set to ON only for the
UAGROUP FROZEN-OK-SECURITY. Hence, XUA will flag only the access that was
denied using the UAGROUP FROZEN-OK-SECURITY as critical and send it to EMS.
Example : How to send denied logon for a certain group to EMS
OSCONF Setting:
AUDIT $SYSTEM.XYGATEUA.AUDIT
AUDIT $0 EMS CRITICAL
EMS_CRITICAL_IF_DENIED OFF
OSACL Setting:
UAGROUP FROZEN-OK-SECURITY
DESCRIPTION "Allow $Security to logon even when Frozen send to EMS if denied"
FROZEN_OK ON
!Selection Criteria:
FROM_USER 0,0
TO_USER $SECURITY
EMS_CRITICAL_IF_DENIED ON
PROCESS_AS_RULE ! Fall-thru ACCESS
AUDIT_ACCESS_PASS OFF ! Audit Successes?
AUDIT_ACCESS_FAIL ON ! Audit Fails?
UAGROUP EVERYONE-ELSE
PASSWORD_REQUIRED ON
RESULT_GRANTED
!Selection Criteria:
FROM_USER $EVERYONE
TO_USER $EVERYONE
EMS_CRITICAL_IF_DENIED OFF
PROCESS_AS_RULE ! Fall-thru ACCESS
AUDIT_ACCESS_PASS OFF ! Audit Successes?
AUDIT_ACCESS_FAIL ON ! Audit Fails?
Note that the EMS option for the AUDIT keyword indicates that audit messages should
be sent using EMS SPI.