Computer Security Threat Monitoring and Surveillance
Computer Security Threat Monitoring and Surveillance
Computer Security Threat Monitoring and Surveillance
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.4 Trace Subsystem Functional Description<br />
The function of the trace subsystem is to produce from the SMF records<br />
a detailed, time-sequenced log of activity by (or on) a selected entity.<br />
The <strong>Security</strong>-Trace Subsystem will accept parameters specifying the<br />
type of entity <strong>and</strong> the time scope of the trace. The trace report<br />
will be fixed for a given type of entity.<br />
Parameters to the trace should include:<br />
Type of entity (job--id, user-id, data set, device-id,<br />
Time parameters:<br />
etc.) :<br />
start date {if omitted - today)<br />
[end date] (if omitted - today)<br />
start time {if omitted - 00:00:00)<br />
[end time] {if omitted - 23:59:59)<br />
As long as the times specified are increasing (<strong>and</strong> not overlapping) ,<br />
it.should be feasible to trace multiple time ranges in a single pass<br />
of the "raw" SMF data.<br />
Some time parameters might look like:<br />
3/18/80<br />
3/18/80 1600<br />
3/18/80 - 3/20/80 1600<br />
3/18/80 1600- 1830, 3/20/80 14:30 •••