Audit Access Control List
An audit log entry is written when an existing access control profile record
is changed or deleted.
struct ae_aclmod {
unsigned short ae_am_compname; /* offset */
unsigned short ae_am_username; /* offset */
unsigned short ae_am_resname; /* offset */
unsigned short ae_am_action;
unsigned short ae_am_datalen;
};
where:
- ae_am_compname is an offset (from the beginning
address of the ae_aclmod data structure) to an ASCIIZ string indicating
the requester that established the session.
- ae_am_username is an offset (from the beginning
address of the ae_aclmod data structure) to an ASCIIZ string indicating
the name of the user who initiated the session. If 0, ae_am_username
and ae_am_compname are the same.
- ae_am_resname is an offset (from the beginning
address of the ae_aclmod data structure) to an ASCIIZ string that
indicates the name of a resource that owns the accessed files.
- ae_am_action is the action performed on the
access control profile record, as follows: ┌───────┬──────────────────────────────────────────────────────────────────────┐
│ VALUE │ MEANING │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 0 │ Change │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 1 │ Deletion │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 2 │ Addition │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 9 │ Unsuccessful password change attempt (valid only for user record)
│
└───────┴──────────────────────────────────────────────────────────────────────┘
- ae_am_datalen is the length of data following
the fixed data structure. This is always 0 in records generated by LAN Server.
[Back: Audit Service Status or Text Change]
[Next: Audit User Account Subsystem]