audfilter create

audfilter create audit_filter_name_list -attribute guide_name_list

Options

-attribute guide_name_list
Specifies a list of one or more guides to be added to the specified audit event filters that are created. A guide name consists of three elements: an event class, an audit condition, and an audit action.

See the Data Structures topic of this reference page for information about guide names.

Description
The audfilter create operation creates a new audit filter. The argument is a list of names of audit filters to be created. Because a filter that has no guides is removed by the audit daemon during a clean-up (garbage collection) phase, this command requires an -attribute option whose value is a list of guides to be added to the specified audit filters on creation. All guides are added to all audit filters specified to be created. Returns an empty string on success.

Privileges Required
You must have w (write) permission on the audit daemon's ACL and be authenticated.

Examples

dcecp> audfilter create {principal melman} -attribute {dce_sec_query denial log}
dcecp>