aud_audit_events man page on HP-UX

Printed from http://www.polarhome.com/service/man/?qf=aud_audit_events&af=0&tf=2&of=HP-UX

aud_audit_events(5)					   aud_audit_events(5)

NAME
       aud_audit_events - Auditable events for the audit services

DESCRIPTION
       Code  is in place for auditing audit service-significant events.	 Among
       these events are: Administrative operations

       These are subdivided into modify and query operations.	Filter	opera‐
       tions

       These are subdivided into modify and query operations.

       Event  class  definitions,  together with filters, control the auditing
       execution at these code points.	Filters can  be	 updated  dynamically.
       Filter  files are maintained by a per-host audit daemon, and are shared
       among all the audit clients on  the  same  host.	   The	dcecp  command
       interface  program is used for maintaining the filters.	(See the dcecp
       reference page.)	 The dcecp command is executable by all users and sys‐
       tem administrators.  The control on who is allowed to modify filters is
       done through audit daemon's ACL, which maintains the filters.

       The Audit Service RPC interfaces include audit_control and audit_filter
       operations.

   Administrative Operations
       The dce_audit_admin_modify and dce_audit_admin_query event classes lump
       together the administrative operations that are performed on the	 Audit
       daemon.

       The  dce_audit_admin_modify  event  class has the following events that
       modify the operation of the Audit daemon: EVT_MODIFY_STATE - Enables or
       disables the Audit daemon for logging.  EVT_MODIFY_SSTRATEGY - Modifies
       storage strategy.  This can be any of the  following:  Save  -  If  the
       trail is full, it is backed up and renamed with a timestamp then writes
       on the original trail again.  Wrap - If the trail is full, goes back to
       the  beginning  of  the	file,  overwriting previously written records.
       EVT_REWIND - Rewinds the Audit daemon's central trail file.  EVT_STOP -
       Stops the Audit daemon.

       The  following  are  the	 audit code points in the Audit Service inter‐
       faces, with their Event Types, Event Classes,  and  any	Event-Specific
       Information.   EVT_MODIFY_STATE	(0x306,	 dce_audit_admin_modify)  None
       EVT_MODIFY_SSTRATEGY (0x305,  dce_audit_admin_modify)  None  EVT_REWIND
       (0x307,	    dce_audit_admin_modify)	 None	  EVT_STOP     (0x308,
       dce_audit_admin_modify) None

       The dce_audit_admin_query event class has two events:  EVT_SHOW_SSTRAT‐
       EGY  - Shows the storage strategy.  EVT_SHOW_STATE - Shows the state of
       the Audit daemon.

       Following are the  details  of  this  event  class:  EVT_SHOW_SSTRATEGY
       (0x309,	   dce_audit_admin_query)    None    EVT_SHOW_STATE    (0x30a,
       dce_audit_admin_query) None

   Filter Operations
       The dce_audit_filter_modify and	dce_audit_filter_query	event  classes
       are the filter operations that the Audit daemon handles.

       The  dce_audit_filter_modify  event  class  has	the  following events:
       EVT_ADD_FILTER - Adds a filter.	EVT_DELETE_FILTER - Removes all guides
       for  a  specific subject.  EVT_REMOVE_FILTER - Removes a specific guide
       for a specific subject.

       Following are the details of this event class:  EVT_ADD_FILTER  (0x303,
       dce_audit_filter_modify)	     None.	 EVT_DELETE_FILTER     (0x300,
       dce_audit_filter_modify)	    None.	EVT_REMOVE_FILTER      (0x304,
       dce_audit_filter_modify) None.

       The dce_audit_filter_query contains two events: EVT_LIST_FILTER - Lists
       all subjects that have filters.	EVT_SHOW_FILTER -  Shows  all  filters
       for a specific principal.

       Following are the details of this event class.  EVT_LIST_FILTER (0x302,
       dce_audit_filter_query) None.  EVT_SHOW_FILTER  (0x301,	dce_audit_fil‐
       ter_query)	     aud_c_evt_info_long_int		      esl_type
       aud_c_evt_info_char_string    subject_name

RELATED INFORMATION
       Commands: dcecp(1m).
       Files: event_class.5.

							   aud_audit_events(5)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net