The Audit Log Manager generates events for the security audit log. More...

Collaboration diagram for Audit Log Support:

Functions
void	agt_audit_handle_edit_record (op_editop_t editop, ses_cb_t scb, rpc_msg_t msg, val_value_t curnode_clone, val_value_t newnode, val_value_t *curnode)
	Create and store a change-audit record, if needed. More...

void	agt_audit_handle_update_startup (ses_cb_t scb, rpc_msg_t msg, const xmlChar sourcetype, const xmlChar sourcename)
	Create and store an update-startup audit record, if needed. More...

void	agt_audit_handle_start_session (ses_cb_t *scb)
	Generate a start (client or control) session event if enabled. More...

void	agt_audit_handle_end_session (ses_cb_t *scb, ses_term_reason_t termreason, ses_id_t killedby)
	Generate an end (client or control) session event if enabled. More...

void	agt_audit_handle_acm_write_error (const xmlChar user, val_value_t val, op_editop_t editop)
	Generate an acm-write-error event if enabled. More...

void	agt_audit_handle_acm_exec_error (const xmlChar user, const xmlChar modname, const xmlChar *rpcname)
	Generate an acm-exec-error event if enabled. More...

void	agt_audit_handle_rpc_summary (ses_cb_t scb, rpc_msg_t msg)
	Create and store an rpc-summary event audit record, if needed. More...

uint32	agt_audit_cvt_log_events (val_value_t val, status_t res)
	Get the binary bits from the YANG bits value. More...

boolean	agt_audit_log_edit_candidate (void)
	Check if <candidate> edit events are being collected. More...

boolean	agt_audit_log_edit_running (void)
	Check if <running> edit events are being collected. More...

boolean	agt_audit_log_update_startup (void)
	Check if <startup> update events are being collected. More...

boolean	agt_audit_log_client_session (void)
	Check if client session events are being collected. More...

boolean	agt_audit_log_control_session (void)
	Check if control session events are being collected. More...

boolean	agt_audit_log_nacm_write_error (void)
	Check if NACM write-access errors are being collected. More...

boolean	agt_audit_log_nacm_exec_error (void)
	Check if NACM exec-access errors are being collected. More...

boolean	agt_audit_log_rpc_summary (void)
	Check if RPC summary events are being collected. More...

boolean	agt_audit_log_edit_data (void)
	Check if edit-data events are being collected. More...

boolean	agt_audit_log_rpc_request (void)
	Check if rpc-request events are being collected – Need to save some RPC requests since processing steals the inputval. More...

Detailed Description

The Audit Log Manager generates events for the security audit log.

The events are configured through the –audit-log-events parameter.

This audit log is not enabled at all unless the –audit-log parameter is configured in the server.

Function Documentation

◆ agt_audit_cvt_log_events()

uint32 agt_audit_cvt_log_events	(	val_value_t *	val,
		status_t *	res
	)

Get the binary bits from the YANG bits value.

Parameters

	val	value struct with the CLI parameter
[out]	res	address of return status; *res return status

Returns: bits for the events found (if *res == NO_ERR)

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_handle_acm_exec_error()

void agt_audit_handle_acm_exec_error	(	const xmlChar *	user,
		const xmlChar *	modname,
		const xmlChar *	rpcname
	)

Generate an acm-exec-error event if enabled.

Parameters

user	the user name
modname	the RPC module name
rpcname	the RPC method name

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_handle_acm_write_error()

void agt_audit_handle_acm_write_error	(	const xmlChar *	user,
		val_value_t *	val,
		op_editop_t	editop
	)

Generate an acm-write-error event if enabled.

Parameters

user	the user name
val	the value node that got an access-denied error
editop	the edit operation enum

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_handle_edit_record()

void agt_audit_handle_edit_record	(	op_editop_t	editop,
		ses_cb_t *	scb,
		rpc_msg_t *	msg,
		val_value_t *	curnode_clone,
		val_value_t *	newnode,
		val_value_t *	curnode
	)

Create and store a change-audit record, if needed.

this function generates a log message if log level set to LOG_INFO or higher; An audit record for a sysConfigChange event is also generated

Parameters

editop	edit operation requested
scb	session control block
msg	RPC message in progress
curnode_clone	value to display for deletes
newnode	top new value node involved in edit
curnode	top cur value node involved in edit

Here is the call graph for this function:

◆ agt_audit_handle_end_session()

void agt_audit_handle_end_session	(	ses_cb_t *	scb,
		ses_term_reason_t	termreason,
		ses_id_t	killedby
	)

Generate an end (client or control) session event if enabled.

Parameters

scb	session control block
termreason	enum for the session end reason
killedby	session ID (relevant if reason=killed)

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_handle_rpc_summary()

void agt_audit_handle_rpc_summary	(	ses_cb_t *	scb,
		rpc_msg_t *	msg
	)

Create and store an rpc-summary event audit record, if needed.

Parameters

scb	session changing the startup datastore
msg	request message

Here is the call graph for this function:

◆ agt_audit_handle_start_session()

void agt_audit_handle_start_session ( ses_cb_t * scb )

Generate a start (client or control) session event if enabled.

Parameters

scb	session control block

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_handle_update_startup()

void agt_audit_handle_update_startup	(	ses_cb_t *	scb,
		rpc_msg_t *	msg,
		const xmlChar *	sourcetype,
		const xmlChar *	sourcename
	)

Create and store an update-startup audit record, if needed.

Parameters

scb	session changing the startup datastore
msg	request message
sourcetype	source of update
sourcename	name of update source

Here is the call graph for this function:

◆ agt_audit_log_client_session()

boolean agt_audit_log_client_session ( void )

Check if client session events are being collected.

Returns: TRUE if client session events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_control_session()

boolean agt_audit_log_control_session ( void )

Check if control session events are being collected.

Returns: TRUE if control session events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_edit_candidate()

boolean agt_audit_log_edit_candidate ( void )

Check if <candidate> edit events are being collected.

Returns: TRUE if <candidate> edit events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_edit_data()

boolean agt_audit_log_edit_data ( void )

Check if edit-data events are being collected.

Returns: TRUE if edit-data should be added to edit events

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_edit_running()

boolean agt_audit_log_edit_running ( void )

Check if <running> edit events are being collected.

Returns: TRUE if <running> edit events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_nacm_exec_error()

boolean agt_audit_log_nacm_exec_error ( void )

Check if NACM exec-access errors are being collected.

Returns: TRUE if NACM exec events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_nacm_write_error()

boolean agt_audit_log_nacm_write_error ( void )

Check if NACM write-access errors are being collected.

Returns: TRUE if NACM write events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_rpc_request()

boolean agt_audit_log_rpc_request ( void )

Check if rpc-request events are being collected – Need to save some RPC requests since processing steals the inputval.

Returns: TRUE if rpc-request reports should be audited

Here is the call graph for this function:

◆ agt_audit_log_rpc_summary()

boolean agt_audit_log_rpc_summary ( void )

Check if RPC summary events are being collected.

Returns: TRUE if RPC summary events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

◆ agt_audit_log_update_startup()

boolean agt_audit_log_update_startup ( void )

Check if <startup> update events are being collected.

Returns: TRUE if <startup> update events being collected

Here is the call graph for this function:

Here is the caller graph for this function:

Functions

Detailed Description

Function Documentation

◆ agt_audit_cvt_log_events()

◆ agt_audit_handle_acm_exec_error()

◆ agt_audit_handle_acm_write_error()

◆ agt_audit_handle_edit_record()

◆ agt_audit_handle_end_session()

◆ agt_audit_handle_rpc_summary()

◆ agt_audit_handle_start_session()

◆ agt_audit_handle_update_startup()

◆ agt_audit_log_client_session()

◆ agt_audit_log_control_session()

◆ agt_audit_log_edit_candidate()

◆ agt_audit_log_edit_data()

◆ agt_audit_log_edit_running()

◆ agt_audit_log_nacm_exec_error()

◆ agt_audit_log_nacm_write_error()

◆ agt_audit_log_rpc_request()

◆ agt_audit_log_rpc_summary()

◆ agt_audit_log_update_startup()