Creating Filters
The following is an example audfilter create command for creating a filter:
dcecp> audfilter create {group trust} \
> -attribute {ec_local_bank_audit denial log}
dcecp>
The example command specifies that a filter type group be created for the DCE group named trust in the local cell.
The -attribute option is required. The argument to the option is a filter guide or list of guides. Each filter guide is made up of three elements: an event class name or list of names, an audit condition or list of conditions, and an audit action or list of actions.
The event class name corresponds to the name of the event class file for which your are creating a filter.
The audit condition is the condition required for the event to be audited. Valid conditions are success, denial, failure, pending, and all.
The audit action is the action to take if the event being generated matches the audit condition specified. Valid actions are log, alarm, and all.