Modifying Filters
You can modify an existing audit filter by adding or deleting one or more of the filter's guides. The following is a sample dcecp command for modifying an existing filter:
dcecp> audfilter modify world -add {Monetary_Transfers denial log}
dcecp>
The example command adds a guide with an event class of Monetary_Transfers, an audit condition of denial, and an audit action of log to the existing filter type world. Note that the filter type world does not take a key.
The DCE control program does not use commas. Multiple guides and multiple filters are specified in the standard dcecp list format: {x y} for single arguments or {{x y} {a b}} for multiple arguments.
In order to execute the audfilter modify command, you must have write (w) permission to the audit daemon's ACL.