This set of events relate to the creation and management of data items and resource elements within a domain. The type of data item or resource element is dependent upon the domain. For example, files and directories, device special files, and shared memory segments within an operating system, tables and records within a database, messages within an e-mail system. The term data item is used in this context to refer to any type of resource element.
Table 5-3 Data Item and Resource Element Management Event Taxonomy
Event Name |
Event Identifier |
Corresponding eDir Event |
Description |
Use |
---|---|---|---|---|
Create Data Item |
0.0.2.0 |
DSE_CREATE_BACKLINK DSE_CREATE_ENTRY DSE_CREATE_SUBREF DSE_LDAP_ADD DSE_LDAP_ADDRESPONSE DSE_NAME_COLLISION DSE_SPLIT_DONE DSE_SPLIT_PARTITION |
Create a data item |
This event is reported whenever a security-relevant data item or resource element is created. |
Delete Data Item |
0.0.2.1 |
DSE_DELETE_ENTRY DSE_JOIN_PARTITIONS DSE_LDAP_DELETE DSE_LDAP_DELETERESPONSE DSE_MOVE_SOURCE_ENTRY DSE_REMOVE_ENTRY DSE_REMOVE_ENTRY_DIR DSE_REMOTE_SERVER_DOWN |
Delete a data item |
This event is reported whenever a security-relevant data item or resource element is deleted |
Modify Data Item Attribute |
0.0.2.3 |
DSE_ABORT_PARTITION_OP DSE_ADD_PROPERTY DSE_ADD_REPLICA DSE_ADD_VALUE DSE_CHANGE_REPLICA_TYPE DSE_CHECK_SEV DSE_DEFINE_ATTR_DEF DSE_DEFINE_CLASS_DEF DSE_DELETE_ATTRIBUTE DSE_DELETE_PROPERTY DSE_DELETE_VALUE DSE_LDAP_MODDN DSE_LDAP_MODDNRESPONSE DSE_GEN_CA_KEYS DSE_LDAP_MODIFY DSE_LDAP_MODIFYRESPONSE DSE_LDAP_PASSWDMODIFY DSE_MERGE_ENTRIES DSE_MODIFY_CLASS_DEF DSE_MODIFY_ENTRY DSE_MODIFY_RDN DSE_MOVE_SUBTREE DSE_MOVE_TREE DSE_MUTATE_ENTRY DSE_PARTITION_STATE_CHG DSE_PARTITION_EVENT DSE_RECERT_PUB_KEY DSE_REMOVE_ATTR_DEF DSE_REMOVE_BACKLINK DSE_REMOVE_CLASS_DEF DSE_REMOVE_REPLICA DSE_RENAME_ENTRY DSE_STREAM DSE_UPDATE_ATTR_DEF DSE_UPDATE_CLASS_DEF DSE_UPDATE_REPLICA DSE_UPDATE_SCHEMA DSE_UPDATE_SEV |
Modify data item attributes |
This event is reported whenever a security-relevant data item or resource element is modified – either the value, or an attribute of the data item |
Query Data Item Attribute |
0.0.2.2 |
DSE_CHECK_SEV DSE_COMPARE_ATTR_VALUE DSE_DSA_READ DSE_INSPECT_ENTRY DSE_LDAP_COMPARE DSE_LDAP_COMPARERESPONSE DSE_LDAP_SEARCH DSE_LDAP_SEARCHENTRYRESPONSE DSE_LDAP_SEARCHRESPONSE DSE_LIST_CONT_CLASSES DSE_LIST_PARTITIONS DSE_LIST_SUBORDINATES DSE_READ_ATTR DSE_READ_REFERENCES DSE_REFERRAL DSE_SEARCH DSE_STREAM DSE_VERIFY_PASS DSE_LOW_LEVEL_JOIN |
Query data item attributes |
This event is reported whenever a security-relevant data item or resource element is queried – either for value, or for an attribute of the data item. |
The following sections are some examples to generate Data Item and Resource Element Management events.
Click Create Data Item to generate an event for creating a data item, as shown in the following example:
Jan 17 12:15:31 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "DYN_MARA","Name" : "CN=SLES11-SP2-164,O=novell"},"Entity" : {"SysAddr" : "164.99.179.164","SysName" : "SLES11-SP2-164.labs.blr.novell.com"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=novell","Id" : "32797"}},"Target" : {"Data" : {"ClassName" : "Computer","Name" : "CN=TEST-COM,O=novell"}},"Action" : {"Event" : {"Id" : "0.0.6.0","Name" : "CREATE_DATA_ITEM","CorrelationID" : "eDirectory#15#d40ca920-e43e-4ecc-79b4-20a90cd43ee4","SubEvent" : "DSE_CREATE_ENTRY"},"Time" : {"Offset" : 1389941131},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Delete Data Item to generate an event for deleting a data item, as shown in the following example:
Jan 08 10:18:35 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "164.99.136.142:40645"}},"Target" : {"Data" : {"ClassName" : "User","Name" : "CN=NewTest User1,dc=LDAPValidate","newRDN" : "á°¸à¶\u0092"}},"Action" : {"Event" : {"Id" : "0.0.2.1","Name" : "DELETE_DATA_ITEM","CorrelationID" : "eDirectory#41#7ba31085-4e90-47fd-0aa6-8510a37b904e","SubEvent" : "DSE_MOVE_SOURCE_ENTRY"},"Time" : {"Offset" : 1389847715},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Modify Data Item Attribute to generate an event for modifying a data item attribute, as shown in the following example:
Jan 08 10:18:36 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "100.1.2.164:40645"}},"Target" : {"Data" : {"Attribute Name" : "modifiersName","Attribute Value" : "CN=admin,O=mycom","ClassName" : "User","Name" : "CN=NewTest User2,OU=tmp,dc=LDAPValidate","Syntax" : "3"}},"Action" : {"Event" : {"Id" : "0.0.2.3","Name" : "MODIFY_DATA_ITEM_ATTRIBUTE","CorrelationID" : "eDirectory#41#0bbad762-4cd7-4063-4091-62d7ba0bd74c","SubEvent" : "DSE_DELETE_VALUE"},"Time" : {"Offset" : 1389847716},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Query Data Item Attribute to generate an event for querying a data item attribute, as shown in the following example:
Jan 08 10:18:36 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Id" : "4278190081"},"Entity" : {"SysAddr" : "100.1.2.164:35218"}},"Target" : {"Data" : {"Name" : "CN=SRV1,O=mycom"}},"Action" : {"Event" : {"Id" : "0.0.2.2","Name" : "QUERY_DATA_ITEM_ATTRIBUTE","CorrelationID" : "eDirectory#19#","SubEvent" : "DSE_READ_ATTR"},"Time" : {"Offset" : 1389847716},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}