Example of Filter Guides
The following is an example of a filter with two guides:
filter type: foreign_principal
key: /.../cell_x/foo
guide 1:
audit conditions - denial
audit actions - log
event classes -
Confidential
guide 2:
audit conditions - denial
audit actions - alarm, log
event classes - Restricted
Guide 1 specifies that an audit record will be logged for any event in event class Confidential if the user is the foreign principal /.../cell_x/foo and the event failed because of access denial. Guide 2 specifies that an audit record will not only be logged but also be displayed on the system console for any event in event class Restricted, for the same user and event outcome.