dbCreateTable(3dba)


dbCreateTable -- create an Event Table

Synopsis

cc [flag ...] file ... -kthread -leels [library] ...
#include <eelsdba.h>

int dbCreateTable( DBConn *conn, char *name);

Description

dbCreateTable creates an Event Table within a database.

The following SQL command is used to create the Event Table within the database:

CREATE TABLE events
(
	UniqEventID			float8 NOT NULL,
                INDEX events_UniqEventID ( UniqEventID ),
	SequenceNumber			int4,
	ProcessID			int4,
	GroupID				varchar(64),
	LightWeightProcessID		int4,
	LogSystemSource			varchar(128),
	Length				int4,
	VersionID			int4,	
	TimeOffset			real,	
	TimeUncertaintyInterval		int4,
	TimeUncertaintyIndicator	int4,
	TimeSource			varchar(255),
	TimeZone			varchar(64),
	EventNumber			int4,
	EventNumberStr			varchar(255),
	Outcome				int4,	
	OriginatorHostName		varchar(255),
	OriginatorServiceName		varchar(255),
	OriginatorLocationAddress	varchar(255),
	OriginatorServiceType		varchar(255),
	OriginatorAuthAuthority		varchar(255),
	OriginatorPrincipalName		varchar(255),
	OriginatorPrincipalID		varchar(255),
	InitiatorAuthAuthority		varchar(255),
	InitiatorDomainSpecificName	varchar(255),
	InitiatorDomainSpecificID	varchar(255),
	TargetLocationName		varchar(255),
	TargetLocationAddress		varchar(255),
	TargetServiceType		varchar(255),
	TargetAuthAuthority		varchar(255),
	TargetPrincipalName		varchar(255),
	TargetPrincipalID		varchar(255),
	PtrToSourceDomain		varchar(255),
	SourceSpecificInformation	varchar(255),
	EventSpecificInformation	(see note below)
);


NOTE: The above syntax is compatible with any database that supports standard SQL (ANSI SQL 92). The size of the EventSpecificInformation field should be as large as the database can support. With some databases it may be of type BLOB (Binary Large Object) which supports large data types. Other databases may restrict the size to be no larger than varchar(255).

The fields are described in the following table:

Event Table fields

Field Description
UniqEventID A Database wide Unique ID for this record. If a single event record spans multiple database records, then it will have the same EventID field
SequenceNumber This field is used when the data in a single event record is so large that it must span multiple database records. The SequenceNumber corresponds to the data's position in the original event record. The SequenceNumber starts from 0. If there is only one record for an event, the SequenceNumber should still be set to 0
ProcessID The Process ID of the originator of the message
GroupID The group name of the process originating the message
LightWeightProcessID The Light Weight Process (LWP) ID of the originator of the message
LogSystemSource The source of the log message. For example, this could be syslog, audit, OSM, and so on
Length The total length of the data portion of the log record. If the log record is split across multiple database records , this length still reflects the total length of the log record
VersionID The EELS version Number
TimeOffset The offset in milliseconds from the beginning of the epoch
TimeUncertaintyInterval The uncertainty interval in milliseconds of the offset
TimeUncertaintyIndicator The uncertainty indicator as a percentage of confidence in the uncertainty interval
TimeSource The signal or source of trusted time. This is typically the hostname or network address of the network time server
TimeZone The timezone in the format specified in the XDAS specification
EventNumber The number which uniquely identifies the event (provided by caller)
EventNumberStr The textual description of the event
Outcome The outcome of the event
OriginatorHostName The host that detects and requests the recording of an audit event
OriginatorServiceName The service that detects and requests the recording of an audit event
OriginatorLocationAddress The address of service that detects and requests the recording of an audit event
OriginatorServiceType An optional list of the supported functions provided by the originator.
OriginatorAuthAuthority The Authentication Authority that detected the event. An example of an authentication authority is the hostname of the machine that generated the event
OriginatorPrincipalName The username associated with the process that generated the event
OriginatorPrincipalID The UID associated with the process that generated the event
InitiatorAuthAuthority The initiator represents the principal that is accountable for the initiation of the event. This field contains the hostname that is responsible for the event
InitiatorDomainSpecificName The username that is responsible for the generation of the event
InitiatorDomainSpecificID The UID that is responsible for the generation of the event
TargetLocationName The target represents the object that was the target of activity that caused the event to be generated. For example, a file or a record within a database
TargetLocationAddress The address of service that was the target of activity that caused the event to be generated.
TargetServiceType An optional list of the supported functions provided by the target
TargetAuthAuthority The Authentication Authority that was the target of the event
TargetPrincipalName The username associated with the target process
TargetPrincipalID The UID associated with the target process
PtrToSourceDomain For an imported record, the pointer to the original record within the originating domain
SourceSpecificInformation Information that is specific to the source of the event. For example, if the record originated from syslog, then this field would contain the level and facility of the syslog message
EventSpecificInformation The event specific information recorded for the record. The size of this field depends on the maximum record size supported by the target database

 +----------------------------+----------------------------------------------------------------+
 |Field                       | Description                                                    |
 +----------------------------+----------------------------------------------------------------+
 |UniqEventID                 | A Database wide Unique ID for this record.  If a single event  |
 |                            | record spans multiple database records, then it will have the  |
 |                            | same EventID field                                             |
 +----------------------------+----------------------------------------------------------------+
 |SequenceNumber              | This field is used when the data in a single event record is   |
 |                            | so large that it must span multiple database records.  The     |
 |                            | SequenceNumber corresponds to the data's position in the       |
 |                            | original event record.  The SequenceNumber starts from 0.  If  |
 |                            | there is only one record for an event, the SequenceNumber      |
 |                            | should still be set to 0                                       |
 +----------------------------+----------------------------------------------------------------+
 |ProcessID                   | The Process ID of the originator of the message                |
 +----------------------------+----------------------------------------------------------------+
 |GroupID                     | The group name of the process originating the message          |
 +----------------------------+----------------------------------------------------------------+
 |LightWeightProcessID        | The Light Weight Process (LWP) ID of the originator of the     |
 |                            | message                                                        |
 +----------------------------+----------------------------------------------------------------+
 |LogSystemSource             | The source of the log message.  For example, this could be     |
 |                            | syslog, audit, OSM, and so on                                  |
 +----------------------------+----------------------------------------------------------------+
 |Length                      | The total length of the data portion of the log record.  If    |
 |                            | the log record is split across multiple database records ,     |
 |                            | this length still reflects the total length of the log record  |
 +----------------------------+----------------------------------------------------------------+
 |VersionID                   | The EELS version Number                                        |
 +----------------------------+----------------------------------------------------------------+
 |TimeOffset                  | The offset in milliseconds from the beginning of the epoch     |
 +----------------------------+----------------------------------------------------------------+
 |TimeUncertaintyInterval     | The uncertainty interval in milliseconds of the offset         |
 +----------------------------+----------------------------------------------------------------+
 |TimeUncertaintyIndicator    | The uncertainty indicator as a percentage of confidence in the |
 |                            | uncertainty interval                                           |
 +----------------------------+----------------------------------------------------------------+
 |TimeSource                  | The signal or source of trusted time.  This is typically the   |
 |                            | hostname or network address of the network time server         |
 +----------------------------+----------------------------------------------------------------+
 |TimeZone                    | The timezone in the format specified in the XDAS specification |
 +----------------------------+----------------------------------------------------------------+
 |EventNumber                 | The number which uniquely identifies the event (provided by    |
 |                            | caller)                                                        |
 +----------------------------+----------------------------------------------------------------+
 |EventNumberStr              | The textual description of the event                           |
 +----------------------------+----------------------------------------------------------------+
 |Outcome                     | The outcome of the event                                       |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorHostName          | The host that detects and requests the recording of an audit   |
 |                            | event                                                          |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorServiceName       | The service that detects and requests the recording of an      |
 |                            | audit event                                                    |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorLocationAddress   | The address of service that detects and requests the recording |
 |                            | of an audit event                                              |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorServiceType       | An optional list of the supported functions provided by the    |
 |                            | originator.                                                    |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorAuthAuthority     | The Authentication Authority that detected the event.  An      |
 |                            | example of an authentication authority is the hostname of the  |
 |                            | machine that generated the event                               |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorPrincipalName     | The username associated with the process that generated the    |
 |                            | event                                                          |
 +----------------------------+----------------------------------------------------------------+
 |OriginatorPrincipalID       | The UID associated with the process that generated the event   |
 +----------------------------+----------------------------------------------------------------+
 |InitiatorAuthAuthority      | The initiator represents the principal that is accountable for |
 |                            | the initiation of the event.  This field contains the hostname |
 |                            | that is responsible for the event                              |
 +----------------------------+----------------------------------------------------------------+
 |InitiatorDomainSpecificName | The username that is responsible for the generation of the     |
 |                            | event                                                          |
 +----------------------------+----------------------------------------------------------------+
 |InitiatorDomainSpecificID   | The UID that is responsible for the generation of the event    |
 +----------------------------+----------------------------------------------------------------+
 |TargetLocationName          | The target represents the object that was the target of        |
 |                            | activity that caused the event to be generated. For example, a |
 |                            | file or a record within a database                             |
 +----------------------------+----------------------------------------------------------------+
 |TargetLocationAddress       | The address of service that was the target of activity that    |
 |                            | caused the event to be generated.                              |
 +----------------------------+----------------------------------------------------------------+
 |TargetServiceType           | An optional list of the supported functions provided by the    |
 |                            | target                                                         |
 +----------------------------+----------------------------------------------------------------+
 |TargetAuthAuthority         | The Authentication Authority that was the target of the event  |
 +----------------------------+----------------------------------------------------------------+
 |TargetPrincipalName         | The username associated with the target process                |
 +----------------------------+----------------------------------------------------------------+
 |TargetPrincipalID           | The UID associated with the target process                     |
 +----------------------------+----------------------------------------------------------------+
 |PtrToSourceDomain           | For an imported record, the pointer to the original record     |
 |                            | within the originating domain                                  |
 +----------------------------+----------------------------------------------------------------+
 |SourceSpecificInformation   | Information that is specific to the source of the event.  For  |
 |                            | example, if the record originated from syslog, then this field |
 |                            | would contain the level and facility of the syslog message     |
 +----------------------------+----------------------------------------------------------------+
 |EventSpecificInformation    | The event specific information recorded for the record.  The   |
 |                            | size of this field depends on the maximum record size          |
 |                            | supported by the target database                               |
 +----------------------------+----------------------------------------------------------------+

Arguments


conn
(Input) A database connection that was returned by a previous call to dbConnect(3dba).

name
(Input) The name of the table to be created.

Return values

If successful, dbCreateTable returns 0. Otherwise, it returns -1.

Diagnostics

An application can call dbGetError(3dba) to obtain the error message returned from the database.

References

dbConnect(3dba), dbDeleteTable(3dba), Intro(3dba)


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004