Previous Topic Next topic Print topic


Structures and Typedefs - AUDIT_RECORD

typedef struct audit_record
{
    cobuns32_t         version;                 Version of structure format
    cobuns32_t         flags;                   Control flags
    cobuns32_t         process_id_len;          Process identifier length (4 or 8 bytes)
    cobuns32_t         thread_id_len;           Thread identifier length (4 or 8 bytes)

    union
    {
	cobuns32_t            process_id_32;           Process identifier (32-bit)
	cobuns64_t            process_id_64;           Process identifier (64-bit)
    }p;

    union
    {
	cobuns32_t            thread_id_32;            Thread identifier (32-bit)
	cobuns64_t            thread_id_64;            Thread identifier (64-bit)
    }t;

    cobuns32_t         event_id;                Audit event identifier
    cobuns32_t         event_category;          Audit event category
    cobuns32_t         data_count;              Number of audit data items
    cobuns32_t         appname_len;             Application name length
    cobuns32_t         cmdline_len;             Process command line length
    cobuns32_t         os_name_len;             Operating system name length
    cobuns32_t         mc_name_len;             Machine name length
    cobuns32_t         sys_name_len;            System name length
    cobuns32_t         comp_name_len;           Component name length

    cobuns32_t         time;                    Encoded time
    cobuns32_t         hour;                    Decoded hour
    cobuns32_t         minute;                  Decoded minute
    cobuns32_t         second;                  Decoded second
    cobuns32_t         millisecond;             Decoded millisecond
    cobuns32_t         date;                    Encoded date
    cobuns32_t         year;                    Decoded year
    cobuns32_t         month;                   Decoded month
    cobuns32_t         day;                     Decoded day
    cobuns32_t         reserved1[7];            Reserved for future use

    const cobuns8_t    *appname;                Null-terminated application name
    const cobuns8_t    *cmdline;                Null-terminated process command line
    const cobuns8_t    *os_name;                Operating system name
    const cobuns8_t    *mc_name;                Machine name
    const cobuns8_t    *sys_name;               Null-terminated system name
    const cobuns8_t    *comp_name;              Null-terminated component name
    cobuns32_t         *event_len;              Audit data item lengths
    cobuns32_t         *event_type;             Audit data item types
    void               *event_data;             Audit data items
    void               *reserved2[7];           Reserved for future use
}AUDIT_RECORD;

Version types (version):

	#define AUDIT_RECORD_VERSION	0

Event categories (event_category):

	#define AUDIT_EVENT_CATEGORY_UNKNOWN             0
	#define AUDIT_EVENT_CATEGORY_AUDIT_FACILITY      1
	#define AUDIT_EVENT_CATEGORY_SYSTEM              2
	#define AUDIT_EVENT_CATEGORY_SEC_API_REQ_CHECK   3
	#define AUDIT_EVENT_CATEGORY_SEC_API_REQ_DEFINE  4
	#define AUDIT_EVENT_CATEGORY_SEC_API_REQ_OTHER   5
	#define AUDIT_EVENT_CATEGORY_SEC_API_RES_ALLOW   6
	#define AUDIT_EVENT_CATEGORY_SEC_API_RES_DENY    7
	#define AUDIT_EVENT_CATEGORY_SEC_API_RES_ERROR   8
	#define AUDIT_EVENT_CATEGORY_SEC_API_RES_SUCCESS 9

Audit data item types (event_type):

	#define AUDIT_EVENT_TYPE_BINARY    0
	#define AUDIT_EVENT_TYPE_TEXT      1
	#define AUDIT_EVENT_TYPE_ADDRESS   2
	#define AUDIT_EVENT_TYPE_COMP5     3
	#define AUDIT_EVENT_TYPE_COMPX     4
	#define AUDIT_EVENT_TYPE_UTF8      5
	#define AUDIT_EVENT_TYPE_COMP5S    6
	#define AUDIT_EVENT_TYPE_COMPXS    7
Previous Topic Next topic Print topic