Audit User Account Subsystem
An audit log entry is written when (1) an existing user accounts subsystem
(UAS) record is changed or deleted, or (2) the UAS modals are changed.
struct ae_uasmod {
unsigned short ae_um_compname; /* offset */
unsigned short ae_um_username; /* offset */
unsigned short ae_um_resname; /* offset */
unsigned short ae_um_rectype;
unsigned short ae_um_action;
unsigned short ae_um_datalen;
};
where:
- ae_um_compname is an offset (from the beginning
address of the ae_uasmod data structure) to an ASCIIZ string indicating
the requester that established the session.
- ae_um_username is an offset (from the beginning
address of the ae_uasmod data structure) to an ASCIIZ string indicating
the name of the user who initiated the session. If 0, ae_um_username
and ae_um_compname are the same.
- ae_um_resname is an offset (from the beginning
address of the ae_uasmod data structure) to an ASCIIZ string indicating
the name of a resource that owns the accessed files.
- ae_um_rectype is the type of UAS record, as
follows: ┌───────┬──────────────────────────────────────────────────────────────────────┐
│ VALUE │ MEANING │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 0 │ User record │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 1 │ Group record │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 2 │ UAS modals │
└───────┴──────────────────────────────────────────────────────────────────────┘
- ae_um_action is the action performed on the
UAS record, as follows: ┌───────┬──────────────────────────────────────────────────────────────────────┐
│ VALUE │ MEANING │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 0 │ Change │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 1 │ Deletion │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 2 │ Addition │
└───────┴──────────────────────────────────────────────────────────────────────┘
- ae_um_datalen is the length of data following
the fixed data structure. This is always 0 in records generated by LAN Server.
[Back: Audit Access Control List]
[Next: Audit User Network Logon Record]