3.1.1.1.25.2.1 SearchIPAddressAuditByIPAddress

  • Article

The SearchIPAddressAuditByIPAddress procedure searches ADM_IPAddressAuditTable based on the specified search condition. The input parameters are as follows:

Param_IPAddress: The IP address for which the audit information is being requested.

Param_StartDate: The start date of the events pertaining to the specified IP address being requested.

Param_EndDate: The end date of the events pertaining to the specified IP address being requested.

Param_correlateUserLogon: A Boolean flag indicating whether the IP address specified is to be correlated to user logon/logoff event information that might be in the table.

The following is the output parameter for this procedure.

Result_searchResult: This is a collection of IPAuditRecords containing the result of the specified search criteria.

The following processing steps are involved:

  1. Enumerate the rows in the table that meet the following criteria:

    • TimeOfEvent is greater than or equal to Param_StartDate

    • TimeOfEvent is less than or equal to Param_EndDate

    • IPAddress is equal to Param_IPAddress

  2. For each matching row:

    1. Create an instance of IPAuditRecord, copy the row details to it and add it to Result_searchResult.

    2. If Param_correlateUserLogon flag is set, perform any additional correlation to the map the IP address to the user logon/logoff event that might have occurred during the time period in an implementation-specific manner.

    3. For each of the rows that have been obtained based on correlation, create the IPAuditRecord, copy the row details to it and add it to Result_searchResult.

  3. Return Result_searchResult as the output parameter.