Browse Prior Art Database

Filtering the Audit Trail File with the -Since Option in a Distributed Computing Environment

IP.com Disclosure Number: IPCOM000118761D
Original Publication Date: 1997-Jun-01
Included in the Prior Art Database: 2005-Apr-01

Publishing Venue

IBM

Related People

Tran, TM: AUTHOR

Abstract

Disclosed is a method for filtering the Audit Event Records (AERs) in the Audit Trail file. The filtered AERs can be printed directly either to a file or to a console.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 23% of the total text.

Filtering the Audit Trail File with the -Since Option in a Distributed
Computing Environment

      Disclosed is a method for filtering the Audit Event Records
(AERs) in the Audit Trail file.  The filtered AERs can be printed
directly either to a file or to a console.

      The main purpose of this method is to help Distributed
Computing Environment (DCE) Users reduce the unwanted number of the
Audit Event Records (AERs) to be analyzed in the Audit Trail file.
It allows DCE Users to select only the AERs, which were recorded
AFTER or BEFORE the specified date, to be displayed.

      The method is quite simple.  It consists of three steps.  The
first step is to parse and validate the -since option from dcecp
command.  The second step is to use the value supplied from the
command line to predicate the search.  The last step is to output the
results to  a file or to a console.

      The first step is done by introduction of a new option named
-since.  The second step is done by passing the value of the -since
option to the second input parameter of either dce_aud_next() or
dce_aud_prev().  The last step is done by using the -to option.  If
-to is parse, the filtered AERs will be routed to a file.  Otherwise,
the filtered AERs will be printed on the screen.

The support for the above three steps is shown in the audtrail_show()
routine:
  int audtrail_show(ClientData clientData, Tcl_Interp *interp,
                int argc, char **argv)
  {
    char      *since = NULL;
    char      *to_file = NULL;
    char      *expand_to_file = NULL;
    char      *expand_trail_file = NULL;
    Tcl_DString   buffer, outbuff;
    dce_aud_trail_t  trail;
    dce_aud_rec_t  ard;
    unsigned_char_t  *buff;
    char      **listv;
    int       fd, i, listc;
    int       since_date = 0;
    boolean32 done;
    error_status_t  st, st2;
    dcp_ArgvInfo arg_table{} = {{"-to", DCP_ARGV_STRING, NULL,
                               NULL, dcp_t_audtrail_show_to_help},
                               {NULL, DCP_ARGV_END, NULL, NULL, 0}};
    dcp_ArgvInfo arg_table{} = {{"-since", DCP_ARGV_STRING, NULL,
                               NULL, dcp_t_audtrail_show_to_help},
                               {NULL, DCP_ARGV_END, NULL, NULL, 0}};
    arg_table{0}.dst = (char *)&to_file;
    arg_table{1}.dst = (char *)&since;
    if (dcp_ParseArgv(interp, &argc, argv, arg_table, 0) != TCL_OK)
      return TCL_ERROR;
   /* Check to see if the user just wants help */
   DCP_CHECK_COMMAND_HELP();
   /* Did the user not specify a trail file? */
   if (argc < 2) {
       DCP_SET_RESULT_CODE(dcp_s_need_arg);
       return TCL_ERROR;
   }
   /* Check for extraneous arguments */
   if (argc > 3) {
    ...