yumapro  24.10-3
YumaPro SDK
Loading...
Searching...
No Matches
Audit Log Support

The Audit Log Manager generates events for the security audit log. More...

Collaboration diagram for Audit Log Support:

Functions

void agt_audit_handle_edit_record (op_editop_t editop, ses_cb_t *scb, rpc_msg_t *msg, val_value_t *curnode_clone, val_value_t *newnode, val_value_t *curnode)
 Create and store a change-audit record, if needed. More...
 
void agt_audit_handle_update_startup (ses_cb_t *scb, rpc_msg_t *msg, const xmlChar *sourcetype, const xmlChar *sourcename)
 Create and store an update-startup audit record, if needed. More...
 
void agt_audit_handle_start_session (ses_cb_t *scb)
 Generate a start (client or control) session event if enabled. More...
 
void agt_audit_handle_end_session (ses_cb_t *scb, ses_term_reason_t termreason, ses_id_t killedby)
 Generate an end (client or control) session event if enabled. More...
 
void agt_audit_handle_acm_write_error (const xmlChar *user, val_value_t *val, op_editop_t editop)
 Generate an acm-write-error event if enabled. More...
 
void agt_audit_handle_acm_exec_error (const xmlChar *user, const xmlChar *modname, const xmlChar *rpcname)
 Generate an acm-exec-error event if enabled. More...
 
void agt_audit_handle_rpc_summary (ses_cb_t *scb, rpc_msg_t *msg)
 Create and store an rpc-summary event audit record, if needed. More...
 
uint32 agt_audit_cvt_log_events (val_value_t *val, status_t *res)
 Get the binary bits from the YANG bits value. More...
 
boolean agt_audit_log_edit_candidate (void)
 Check if <candidate> edit events are being collected. More...
 
boolean agt_audit_log_edit_running (void)
 Check if <running> edit events are being collected. More...
 
boolean agt_audit_log_update_startup (void)
 Check if <startup> update events are being collected. More...
 
boolean agt_audit_log_client_session (void)
 Check if client session events are being collected. More...
 
boolean agt_audit_log_control_session (void)
 Check if control session events are being collected. More...
 
boolean agt_audit_log_nacm_write_error (void)
 Check if NACM write-access errors are being collected. More...
 
boolean agt_audit_log_nacm_exec_error (void)
 Check if NACM exec-access errors are being collected. More...
 
boolean agt_audit_log_rpc_summary (void)
 Check if RPC summary events are being collected. More...
 
boolean agt_audit_log_edit_data (void)
 Check if edit-data events are being collected. More...
 
boolean agt_audit_log_rpc_error (void)
 Check if rpc-error events are being collected. More...
 

Detailed Description

The Audit Log Manager generates events for the security audit log.

The events are configured through the –audit-log-events parameter.

This audit log is not enabled at all unless the –audit-log parameter is configured in the server.

Function Documentation

◆ agt_audit_cvt_log_events()

uint32 agt_audit_cvt_log_events ( val_value_t val,
status_t res 
)

Get the binary bits from the YANG bits value.

Parameters
valvalue struct with the CLI parameter
[out]resaddress of return status; *res return status
Returns
bits for the events found (if *res == NO_ERR)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_handle_acm_exec_error()

void agt_audit_handle_acm_exec_error ( const xmlChar *  user,
const xmlChar *  modname,
const xmlChar *  rpcname 
)

Generate an acm-exec-error event if enabled.

Parameters
userthe user name
modnamethe RPC module name
rpcnamethe RPC method name
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_handle_acm_write_error()

void agt_audit_handle_acm_write_error ( const xmlChar *  user,
val_value_t val,
op_editop_t  editop 
)

Generate an acm-write-error event if enabled.

Parameters
userthe user name
valthe value node that got an access-denied error
editopthe edit operation enum
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_handle_edit_record()

void agt_audit_handle_edit_record ( op_editop_t  editop,
ses_cb_t scb,
rpc_msg_t msg,
val_value_t curnode_clone,
val_value_t newnode,
val_value_t curnode 
)

Create and store a change-audit record, if needed.

this function generates a log message if log level set to LOG_INFO or higher; An audit record for a sysConfigChange event is also generated

Parameters
editopedit operation requested
scbsession control block
msgRPC message in progress
curnode_clonevalue to display for deletes
newnodetop new value node involved in edit
curnodetop cur value node involved in edit
Here is the call graph for this function:

◆ agt_audit_handle_end_session()

void agt_audit_handle_end_session ( ses_cb_t scb,
ses_term_reason_t  termreason,
ses_id_t  killedby 
)

Generate an end (client or control) session event if enabled.

Parameters
scbsession control block
termreasonenum for the session end reason
killedbysession ID (relevant if reason=killed)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_handle_rpc_summary()

void agt_audit_handle_rpc_summary ( ses_cb_t scb,
rpc_msg_t msg 
)

Create and store an rpc-summary event audit record, if needed.

Parameters
scbsession changing the startup datastore
msgrequest message
Here is the call graph for this function:

◆ agt_audit_handle_start_session()

void agt_audit_handle_start_session ( ses_cb_t scb)

Generate a start (client or control) session event if enabled.

Parameters
scbsession control block
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_handle_update_startup()

void agt_audit_handle_update_startup ( ses_cb_t scb,
rpc_msg_t msg,
const xmlChar *  sourcetype,
const xmlChar *  sourcename 
)

Create and store an update-startup audit record, if needed.

Parameters
scbsession changing the startup datastore
msgrequest message
sourcetypesource of update
sourcenamename of update source
Here is the call graph for this function:

◆ agt_audit_log_client_session()

boolean agt_audit_log_client_session ( void  )

Check if client session events are being collected.

Returns
TRUE if client session events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_control_session()

boolean agt_audit_log_control_session ( void  )

Check if control session events are being collected.

Returns
TRUE if control session events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_edit_candidate()

boolean agt_audit_log_edit_candidate ( void  )

Check if <candidate> edit events are being collected.

Returns
TRUE if <candidate> edit events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_edit_data()

boolean agt_audit_log_edit_data ( void  )

Check if edit-data events are being collected.

Returns
TRUE if edit-data should be added to edit events
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_edit_running()

boolean agt_audit_log_edit_running ( void  )

Check if <running> edit events are being collected.

Returns
TRUE if <running> edit events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_nacm_exec_error()

boolean agt_audit_log_nacm_exec_error ( void  )

Check if NACM exec-access errors are being collected.

Returns
TRUE if NACM exec events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_nacm_write_error()

boolean agt_audit_log_nacm_write_error ( void  )

Check if NACM write-access errors are being collected.

Returns
TRUE if NACM write events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_rpc_error()

boolean agt_audit_log_rpc_error ( void  )

Check if rpc-error events are being collected.

Returns
TRUE if rpc-error reports should be audited
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_rpc_summary()

boolean agt_audit_log_rpc_summary ( void  )

Check if RPC summary events are being collected.

Returns
TRUE if RPC summary events being collected
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_audit_log_update_startup()

boolean agt_audit_log_update_startup ( void  )

Check if <startup> update events are being collected.

Returns
TRUE if <startup> update events being collected
Here is the call graph for this function:
Here is the caller graph for this function: