The Audit Log Manager generates events for the security audit log.
More...
|
| void | agt_audit_handle_edit_record (op_editop_t editop, ses_cb_t *scb, rpc_msg_t *msg, val_value_t *curnode_clone, val_value_t *newnode, val_value_t *curnode) |
| | Create and store a change-audit record, if needed. More...
|
| |
| void | agt_audit_handle_update_startup (ses_cb_t *scb, rpc_msg_t *msg, const xmlChar *sourcetype, const xmlChar *sourcename) |
| | Create and store an update-startup audit record, if needed. More...
|
| |
| void | agt_audit_handle_start_session (ses_cb_t *scb) |
| | Generate a start (client or control) session event if enabled. More...
|
| |
| void | agt_audit_handle_end_session (ses_cb_t *scb, ses_term_reason_t termreason, ses_id_t killedby) |
| | Generate an end (client or control) session event if enabled. More...
|
| |
| void | agt_audit_handle_acm_write_error (const xmlChar *user, val_value_t *val, op_editop_t editop) |
| | Generate an acm-write-error event if enabled. More...
|
| |
| void | agt_audit_handle_acm_exec_error (const xmlChar *user, const xmlChar *modname, const xmlChar *rpcname) |
| | Generate an acm-exec-error event if enabled. More...
|
| |
| void | agt_audit_handle_rpc_summary (ses_cb_t *scb, rpc_msg_t *msg) |
| | Create and store an rpc-summary event audit record, if needed. More...
|
| |
| uint32 | agt_audit_cvt_log_events (val_value_t *val, status_t *res) |
| | Get the binary bits from the YANG bits value. More...
|
| |
| boolean | agt_audit_log_edit_candidate (void) |
| | Check if <candidate> edit events are being collected. More...
|
| |
| boolean | agt_audit_log_edit_running (void) |
| | Check if <running> edit events are being collected. More...
|
| |
| boolean | agt_audit_log_update_startup (void) |
| | Check if <startup> update events are being collected. More...
|
| |
| boolean | agt_audit_log_client_session (void) |
| | Check if client session events are being collected. More...
|
| |
| boolean | agt_audit_log_control_session (void) |
| | Check if control session events are being collected. More...
|
| |
| boolean | agt_audit_log_nacm_write_error (void) |
| | Check if NACM write-access errors are being collected. More...
|
| |
| boolean | agt_audit_log_nacm_exec_error (void) |
| | Check if NACM exec-access errors are being collected. More...
|
| |
| boolean | agt_audit_log_rpc_summary (void) |
| | Check if RPC summary events are being collected. More...
|
| |
| boolean | agt_audit_log_edit_data (void) |
| | Check if edit-data events are being collected. More...
|
| |
The Audit Log Manager generates events for the security audit log.
The events are configured through the –audit-log-events parameter.
This audit log is not enabled at all unless the –audit-log parameter is configured in the server.
◆ agt_audit_cvt_log_events()
Get the binary bits from the YANG bits value.
- Parameters
-
| val | value struct with the CLI parameter |
| [out] | res | address of return status; *res return status |
- Returns
- bits for the events found (if *res == NO_ERR)
◆ agt_audit_handle_acm_exec_error()
| void agt_audit_handle_acm_exec_error |
( |
const xmlChar * |
user, |
|
|
const xmlChar * |
modname, |
|
|
const xmlChar * |
rpcname |
|
) |
| |
Generate an acm-exec-error event if enabled.
- Parameters
-
| user | the user name |
| modname | the RPC module name |
| rpcname | the RPC method name |
◆ agt_audit_handle_acm_write_error()
Generate an acm-write-error event if enabled.
- Parameters
-
| user | the user name |
| val | the value node that got an access-denied error |
| editop | the edit operation enum |
◆ agt_audit_handle_edit_record()
Create and store a change-audit record, if needed.
this function generates a log message if log level set to LOG_INFO or higher; An audit record for a sysConfigChange event is also generated
- Parameters
-
| editop | edit operation requested |
| scb | session control block |
| msg | RPC message in progress |
| curnode_clone | value to display for deletes |
| newnode | top new value node involved in edit |
| curnode | top cur value node involved in edit |
◆ agt_audit_handle_end_session()
Generate an end (client or control) session event if enabled.
- Parameters
-
| scb | session control block |
| termreason | enum for the session end reason |
| killedby | session ID (relevant if reason=killed) |
◆ agt_audit_handle_rpc_summary()
Create and store an rpc-summary event audit record, if needed.
- Parameters
-
| scb | session changing the startup datastore |
| msg | request message |
◆ agt_audit_handle_start_session()
| void agt_audit_handle_start_session |
( |
ses_cb_t * |
scb | ) |
|
Generate a start (client or control) session event if enabled.
- Parameters
-
◆ agt_audit_handle_update_startup()
| void agt_audit_handle_update_startup |
( |
ses_cb_t * |
scb, |
|
|
rpc_msg_t * |
msg, |
|
|
const xmlChar * |
sourcetype, |
|
|
const xmlChar * |
sourcename |
|
) |
| |
Create and store an update-startup audit record, if needed.
- Parameters
-
| scb | session changing the startup datastore |
| msg | request message |
| sourcetype | source of update |
| sourcename | name of update source |
◆ agt_audit_log_client_session()
| boolean agt_audit_log_client_session |
( |
void |
| ) |
|
Check if client session events are being collected.
- Returns
- TRUE if client session events being collected
◆ agt_audit_log_control_session()
| boolean agt_audit_log_control_session |
( |
void |
| ) |
|
Check if control session events are being collected.
- Returns
- TRUE if control session events being collected
◆ agt_audit_log_edit_candidate()
| boolean agt_audit_log_edit_candidate |
( |
void |
| ) |
|
Check if <candidate> edit events are being collected.
- Returns
- TRUE if <candidate> edit events being collected
◆ agt_audit_log_edit_data()
| boolean agt_audit_log_edit_data |
( |
void |
| ) |
|
Check if edit-data events are being collected.
- Returns
- TRUE if edit-data should be added to edit events
◆ agt_audit_log_edit_running()
| boolean agt_audit_log_edit_running |
( |
void |
| ) |
|
Check if <running> edit events are being collected.
- Returns
- TRUE if <running> edit events being collected
◆ agt_audit_log_nacm_exec_error()
| boolean agt_audit_log_nacm_exec_error |
( |
void |
| ) |
|
Check if NACM exec-access errors are being collected.
- Returns
- TRUE if NACM exec events being collected
◆ agt_audit_log_nacm_write_error()
| boolean agt_audit_log_nacm_write_error |
( |
void |
| ) |
|
Check if NACM write-access errors are being collected.
- Returns
- TRUE if NACM write events being collected
◆ agt_audit_log_rpc_summary()
| boolean agt_audit_log_rpc_summary |
( |
void |
| ) |
|
Check if RPC summary events are being collected.
- Returns
- TRUE if RPC summary events being collected
◆ agt_audit_log_update_startup()
| boolean agt_audit_log_update_startup |
( |
void |
| ) |
|
Check if <startup> update events are being collected.
- Returns
- TRUE if <startup> update events being collected
1.9.5