Home | Previous Page | Next Page   Utility Syntax > The onaudit Utility >

Creating or Adding an Audit Mask

Read syntax diagramSkip visual syntax diagramCreating or Adding an Audit Mask:
 
                                           (1)
|--+- -a--| The Audit-Mask Specification |-------+--------------|
   |                                        (2)  |
   '- -f--| The onaudit Input-File Format |------'
Notes:
  1. see page The Audit-Mask Specification
  2. see page The onaudit Input-File Format
Element Purpose Key Considerations
-a Adds a new audit mask. None.
-f Names a file that can include instructions to add any or all of the audit masks to the mask table. References: The syntax for the input file is described in The onaudit Input-File Format.

The Audit-Mask Specification

Read syntax diagramSkip visual syntax diagramThe Audit-Mask Specification:
 
|-- -u--targetmask--+---------------+--------------------------->
                    '- -r--basemask-'
 
   .-----------------------------------------------.
   V                                               | (1)
>----+- -e--+---+--| Audit Event Specification |-+-+------------|
     |      '-+-'                                |
     '- -e-- ---| Audit Event Specification |----'
 
Audit Event Specification:
 
   .-,----------.
   V            |
|----+-event--+-+-----------------------------------------------|
     +-Fevent-+
     '-Sevent-'
Notes:
  1. Only one occurrence of each choice is allowed. However, multiple options are allowed on the same invocation

Element Purpose Key Considerations
+ Events that follow are to be added to targetmask list of audit events The + is the default and thus is optional.
Events that follow are to be dropped from targetmask list of audit events None.
-e Indicates that audit events are to be added or removed from targetmask Events specified as arguments to -e override events listed in any base mask specified with the -r option.
-r basemask Name of an existing audit mask. Events currently listed in basemask are applied to targetmask. Subsequent changes to basemask are not reflected in masks for which basemask has been used as a base.
If no basemask is specified and no events are specified with the -e flag, onaudit creates an empty target mask.
-u targetmask Names a user, template, _default, _require, or _exclude mask to be created or modified. The targetmask identifier must have 32 or fewer characters.
Fevent Specifies that only failed event attempts are to be audited. The event can include the event code (mnemonic) for any event listed in the table Audit-Event Mnemonics for IBM Informix Dynamic Server.
Sevent Specifies that only successful event attempts are to be audited. Same as for Fevent
event An event to audit, whether the event execution succeeds or fails. Same as for Fevent

Warning:
Do not include any spaces in the events list. You might get unpredictable results.

The following example creates a new audit mask named pat for the user pat. The new mask audits the events specified in the _secureL template mask, but excludes Read Row (RDRW) and includes Lock Table (LKTB), successful attempts at Add Chunk (ADCK), and all attempts at Create Table (CRTB). 

onaudit -a -u pat -r _secureL -e -RDRW, -e +LKTB,SADCK,CRTB

A user mask is only one of the three masks that specify auditing for an individual. Auditing instructions are read from the user mask first, followed by the _require and _exclude masks. For details, refer to Overview of Auditing.

The onaudit Input-File Format

Read syntax diagramSkip visual syntax diagramThe onaudit Input-File Format:
 
|--targetmask--+-basemask-+------------------------------------->
               '- --------'
 
   .-----------------------------------------------.
   V                                               | (2)
>----+-------------------------------------------+-+------------|
     |                                      (1)  |
     +-+---+--| Audit Event Specification |------+
     | '-+-'                                     |
     |                                   (1)     |
     '- ---| Audit Event Specification |---------'
Notes:
  1. See page The Audit-Mask Specification
  2. Only one occurrence of each choice is allowed. However, multiple options are allowed on the same invocation

Element Purpose Key Considerations
+ Events that follow are to be added to the list of audit events in targetmask. None.
Used before an event, it indicates that the events that follow are to be removed from the list of audit events in targetmask. Used alone, it creates an empty mask. None.
basemask Name of an existing audit mask to use as a base. The auditing instructions of the base mask are copied to the target mask, in addition to (or except for) the audit events that follow.
targetmask Identifies the user, template, _default, _require, or _exclude mask to add. Mask names must not exceed eight characters, and template mask names must begin with an underscore (_) symbol.

The following example uses a modified output file, created by the onaudit -o option, as the input file for onaudit -f: 

onaudit -f /work/masks_feb.97

For an example of an onaudit input file, see Audit Administration.

Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]