Browse Prior Art Database

Algorithm for Traversing the Audit Trail File Forward and Backward

IP.com Disclosure Number: IPCOM000118754D
Original Publication Date: 1997-Jun-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 2 page(s) / 13K

Publishing Venue

IBM

Related People

Luan, S: AUTHOR [+2]

Abstract

Disclosed is a method for traversing the Audit Event Records (AERs) in an Audit Trail file. The traverse is performed in either forward or backward order.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 2

Algorithm for Traversing the Audit Trail File Forward and Backward

Disclosed is a method for traversing the Audit Event Records (AERs) in an Audit Trail file. The traverse is performed in either forward or backward order.

In order to traverse the Audit Trail file forward and backward properly, an Audit Index file and a Linked List are introduced. The Audit Index file is created or opened or read/written at the same time with the Audit Trail file. Its name is formed by the Audit Trail name concatenating with ".md_index" extension. For example, central_trail and central_trail.md_index are the Audit Trail and Audit Index for Audit Daemon whereas sec_audit_trail and sec_audit_trail.md_index are the Audit Trail and Audit Index for Security Daemon. The Linked List is defined as below: typedef struct _index_file {

unsigned32 sn;

unsigned32 ln;

struct _index_file *next;

} index_file;

The Audit Index file consists of the (Si, Li) pairs where Si is the starting point of the ith AER and Li is the length of the ith AER. Notice that Li is not a fixed number. When an AER is committed and written to the Audit Trail file, (Si, Li) are written to the Audit Index file.

To traverse the Audit Trail file forward, Distributed Computing Environment (DCE) Application Program opens the Audit Trail and Audit Index file, reads the Audit Index file and uses (Si, Li) to move the file pointer in the Audit Trail file accordingly. Thus, all the Audit Event Records in the Audit Trail file will be traversed forward with (S1, L1), (S2, L2,), ... , (Sn-1, Ln-1), (Sn, Ln). The implementation of this approach is done in dce_aud_next().

To traverse the Audit Trail file backward, DCE Application Program opens the Audit Index file, reads it and stores all the (Si,
Li) pairs into the Linked List in LIFO order. Once the Linked List is built, the DCE Application Program can use it to move the file pointers of the Audit Trail file accordingly. Thus, all the Audit Event Records in the Audit Trail file will be traversed backward with (Sn, Ln)->(Sn-1, Ln-1)-> (Sn-2, Ln-2)->....->(S2, L2)->...