audeventstab - define and describe audit system events
The file lists audit event numbers, corresponding mnemonic names, and
brief explanations of each event. Blank lines and comments (beginning
with a character) are allowed. Each non-comment, non-blank line in
this file contains three parts:
event Audit event number in decimal: a single field
separated by whitespace.
name Corresponding mnemonic name: a single field sepa‐
rated by whitespace.
explanation Remainder of the line, following a character.
For kernel-generated audit events, event numbers match kernel-internal
system call numbers, and event names are system call names. For events
from self-auditing programs, names are macros defined in
To extract a list of event numbers and names from the file by stripping
comments and ignoring blank lines:
sed < /usr/audit/audeventstab -e 's/#.∗//' -e "/^[ $tab]∗$/d"
was developed by HP.
FILESSEE ALSOaudisp(1M), audevent(1M).