3.1.1.1.25.2.3 SearchIPAddressAuditByUserName

The SearchIPAddressAuditByUserName procedure can be used to search the ADM_IPAddressAuditTable based on the specified search condition.

The following are the input parameters to this procedure:

Param_UserName: The user name information for which the audit information is being requested.

Param_StartDate: The start date from when the events pertaining to the specified user name being requested.

Param_EndDate: The end date of the events pertaining to the specified user name being requested.

Param_correlateUserLogon: A Boolean flag indicating whether the user name specified has to be correlated to possible IP address and device-related event information that might be in the table.

The following is the output parameter for this procedure.

Result_searchResult: This is a collection of IPAuditRecord having the result for the specified search criteria.

The following are the steps involved:

  1. Enumerate the rows in the table which meet the following criteria:

    • TimeOfEvent >= Param_StartDate

    • TimeOfEvent <= Param_EndDate

    • UserName = Param_UserName

  2. For each of the rows enumerated above, perform the following:

    1. Create an instance of IPAuditRecord, copy the row details to it, and add it to Result_searchResult.

    2. If Param_correlateUserLogon flag is set, perform any additional correlation to the map the user’s logon/logoff event information to IP address and MAC address information in an implementation-specific manner.

    3. For each of the rows that have been obtained based on correlation, create the IPAuditRecord, copy the row details to it, and add it to Result_searchResult.

  3. Return Result_searchResult as the output parameter.