OS/2 LAN Manager: Mapping of Audit Events to AE_types (63409)


The information in this article applies to:

  • Microsoft LAN Manager 2.0
  • Microsoft LAN Manager 2.1
  • Microsoft LAN Manager 2.1a
  • Microsoft LAN Manager 2.2
This article was previously published under Q63409

SUMMARY

The following table shows how audit events map to the AE_types. Enabling auditing of a given event allows the server to generate the corresponding AE_type entries in the audit trail. 
Event Name     Event Bitmask        AE_types
----------     -------------        --------

service        SVAUD_SERVICE        AE_SRVSTATUS, AE_SERVICESTAT
goodsesslogon  SVAUD_GOODSESSLOGON  AE_SESSLOGON, AE_SESSLOGOFF
badsesslogon   SVAUD_BADSESSLOGON   AE_SESSPWERR, AE_SESSLOGOFF
sesslogon      SVAUD_SESSLOGON      AE_SESSLOGON, AE_SESSLOGOFF,
                                     AE_SESSPWERR
goodnetlogon   SVAUD_GOODNETLOGON   Not audited
badnetlogon    SVAUD_BADNETLOGON    Audited as badsesslogon
netlogon       SVAUD_NETLOGON       Only audited at badsesslogon
logon          SVAUD_LOGON          AE_SESSLOGON, AE_SESSLOGOFF,
                                     AE_SESSPWERR, AE_NETTLOGON,
                                     AE_NETLOGOFF, AE_NETLOGDENIED
gooduse        SVAUD_GOODUSE        AE_CONNSTART, AE_CONNSTOP
baduse         SVAUD_BADUSE         AE_CONNREJ, AE_CONNSTOP
use            SVAUD_USE            AE_CONNSTART, AE_CONNSTOP,
                                     AE_CONNREJ
userlist       SVAUD_USERLIST       AE_UASMOD
permissions    SVAUD_PERMISSIONS    AE_ACLMOD
resource       SVAUD_RESOURCE       AE_RESACCESS, AE_RESACCESSREJ,
                                     AE_CLOSEFILE
logonlimit     SVAUD_LOGONLIM       AE_ACCLIMITEXCD
Please note that if auditing is enabled, the server start is audited, regardless of how the auditing switches are set.
Modification Type:MajorLast Reviewed:9/30/2003
Keywords:KB63409
©2003 Microsoft Corporation. All rights reserved.