Audit File Object
The Audit File object is the NDS data structure used to manage an audit trail's configuration and access rights. Figure 3 shows the important object properties of the Audit File object, and the relationship of that object to the volume, container, or clients being audited.
The Audit File object has other properties that are not shown. The Volume, container, or workstation NDS object that is audited has an Audit File Link property pointing to the Audit File object.
Figure 3
Audit File object
Volumes are always represented by NDS Volume objects, and containers by NDS container objects such as an Organization object or an Organizational Unit object. The type of NDS object used for representing workstation objects depends on the client software.
Table 2 defines the context in which your audit trails are configured and accessed. Normally, except for setting access controls, you will not need to directly manipulate the Audit File object or its properties.
Table 2. Audit File Object Properties
Audit Policy |
The Audit Policy property stores audit configuration data for the audit trail. It includes the maximum size of the file, the number of old online audit files to be maintained by the server, a map of events to be audited, and other information. Users with the Read right to this property can read the auditing configuration. Users with the Write right to this property can modify the audit configuration and destroy old audit files. |
Audit Contents |
The Audit Contents property has no specific values. However, users with the Read right to this property can read the contents of any of the underlying audit data files. Subjects with the Write right to this property can append audit events to the current audit data file. |
Access Control List (ACL) |
Defines the rights held by other NDS objects to the Audit File object and its properties. |
Audit Link List |
Defines the links to the NDS Volume, container, and workstation objects that are audited in the audit trail. |
Audit Path |
For external audit trails, this property points to the volume (and, implicitly, to the server) that store the audit data files associated with the external audit trail. The Audit Path property is not necessary for volume and container audit trails; the pathnames are implicitly known for these audit trails. |
Audit Type |
Defines whether this Audit File object represents a Volume, container, or external audit trail. This property is used by AUDITCON when locating external audit trails. |
Your audit utility (AUDITCON, for example) creates the Audit File object when you enable auditing, and the Audit File object is transparently checked by the server for access rights each time a user attempts to access the audit trail.
