Browse Prior Art Database

Method of Sorting the Audit Event Records in an Audit Trail File

IP.com Disclosure Number: IPCOM000118775D
Original Publication Date: 1997-Jul-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 6 page(s) / 106K

Publishing Venue

IBM

Related People

Tran, TM: AUTHOR

Abstract

Disclosed is an Algorithm for sorting the Audit Event Records (AERs) in an Audit Trail file. The sort can be specified in either ascendent or descendent order.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 41% of the total text.

Method of Sorting the Audit Event Records in an Audit Trail File

      Disclosed is an Algorithm for sorting the Audit Event Records
(AERs) in an Audit Trail file.  The sort can be specified in either
ascendent or descendent order.

      The sorting Algorithm presented in this paper is an extended
version of the Indexing Algorithm.  It is constructed based on two
Linked Lists.  The first Linked List is called the Row Linked List.
The second  Linked List is called the Column Linked List.  The Row
Linked List contains the Audit Event Record and a double linked list
to traverse the AERs in either way.  The Column Linked List contains
the following  members:
  o  Ei which is called the Indexing Event number
  o  The pointer, ards which points to the Row Linked List
  o  The pointer, ard_head which points to the head of the Row
      Linked List
  o  The pointer, ard_tail which points to the tail of the Row
      Linked List
  o  The flag, head_set which is set when ard_head is set
  o  The flag, tail_set which is set when ard_tail is set

      Notice that the double linked list in the Row Linked List and
the variables: ard_head, ard_tail, head_set, and tail_set in the
Column Linked List are used for traversing purposes.

      With the introductions of the Row and Column Linked List, the
sorting Algorithm can be implemented by the following steps:
  1.  Read the Audit Event Record into a buffer
  2.  Build the Column Linked List based on the Event number
  3.  Build the Row Linked List based on the Event number
  4.  Repeat step 1 until EOF

The structures of the Linked Lists are defined as below:
  /* Row Linked List */
  typedef struct _ard_t {
    dce_aud_rec_t  ard;          /* audit record data         */
    struct _ard_t *next;         /* point to the next record  */
    struct _ard_t *prev;         /* point to the prev record  */
  }
  /* Column Linked List */
  typedef struct _ep_t {
    unsigned32     event;        /* event index               */
    struct _ard_t *ards;         /* Audit record list         */
    struct _ard_t *ard_head;     /* point to head of the ards */
    struct _ard_t *ard_tail;     /* point to tail of the ards */
    boolean32      head_set;     /* flag to set the ard_head  */
    boolean32      tail_set;     /* flag to set the ard_tail  */
  } ep_t;

The first step is implemented in the dce_aud_event_table() routine:
  void dce_aud_event_table
             (
                     dce_aud_trail_t at,
                     ep_t **ep_table,
                     unsigned32 *status
  ) {
      dce_aud_rec_t  ard;
      boolean32     done = FALSE;
      if (at == NULL) {
        dce_svc_printf(AUD_S_INVALID_TRAIL_DESCRIPTOR_MSG);
 ...