Browse Prior Art Database

Explaining Event Specific Information for DCE AUDIT Events

IP.com Disclosure Number: IPCOM000014716D
Original Publication Date: 1999-Dec-01
Included in the Prior Art Database: 2003-Jun-20
Document File: 2 page(s) / 43K

Publishing Venue

IBM

Related People

Woodrow Arkeketa: AUTHOR [+3]

Abstract

With the addition of *Tivoli support for DCE Audit events, it was apparent that the event specific data portion of the event was not very useful in its initial state. Some events had event specific data all the time, some part of the time, and some never. Some of those that had event specific data even had different event specific data depending on the contents of one of the event specific data fields. The event specific data for each Audit event was documented, but it was not readily available when viewing the detailed event data from the Tivoli Event Console. The Tivoli DCE Audit event adapter converted the DCE audit records to Tivoli events from the information that was available in the DCE Audit record. The DCE Audit record doesn't contain any explanation about what the event specific data is.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 2

Explaining Event Specific Information for DCE AUDIT Events

With the addition of *Tivoli support for DCE Audit events, it was apparent that the event specific data portion of the event was not very useful in its initial state. Some events had event specific data all the time, some part of the time, and some never. Some of those that had event specific data even had different event specific data depending on the contents of one of the event specific data fields. The event specific data for each Audit event was documented, but it was not readily available when viewing the detailed event data from the Tivoli Event Console. The Tivoli DCE Audit event adapter converted the DCE audit records to Tivoli events from the information that was available in the DCE Audit record. The DCE Audit record doesn't contain any explanation about what the event specific data is.

This disclosure addresses the changes made to the DCE Audit event class to accommodate describing all of the event specific data for every possible DCE Audit Event. The following shows how the event class was modified to accommodate this:

TEC_CLASS:

AuditEvent ISA EVENT

DEFINES {

source: default = "DCEAudit";

aud_event_class_name: STRING;

aud_event_class_number: STRING;

aud_event_name: STRING;

aud_event_number: STRING;

aud_server: STRING, dup_detect=yes;

aud_client: STRING, dup_detect=yes;

aud_client_addr: STRING;

aud_outcome: STRING, dup_detect=yes;

aud_authz_status: STRING, dup_detect=yes;

aud_time: STRING;

| aud_event_specific_info: STRING, default = "None"; | aud_event_specific_more: STRING, default = "None";

aud_event_specific_items: LIST_OF STRING, dup_detect=yes;

aud_date_last_duplicate: STRING;

aud_duplicate_data: LIST_OF STRING;

aud_dup_data_length: INTEGER, default=0;

};

END

The "|" in the previous event class definition shows the event's slots that were added to h...