audit man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

audit(4)							      audit(4)

NAME
       audit - audit trail format and other information for auditing

DESCRIPTION
       Audit  records  are  generated when users make security-relevant system
       calls, as well as  by  self-auditing  processes	that  call  (see  aud‐
       write(2)).  Access to the auditing system is restricted to super-user.

       Each audit record consists of an audit record header and a record body.
       The record header is comprised of sequence number,  process  ID,	 event
       type, and record body length.  The sequence number gives relative order
       of all records; the process ID belongs to the  process  being  audited;
       the event type is a field identifying the type of audited activity; the
       length is the record body length expressed in bytes.

       The record body is the variable-length component	 of  an	 audit	record
       containing  more	 information  about the audited activity.  For records
       generated by system calls, the body contains the time the audited event
       completes  in either success or failure, and the parameters of the sys‐
       tem calls; for records generated by self-auditing processes,  the  body
       consists	 of the time audwrite(2) writes the records and the high-level
       description of the event (see audwrite(2)).

       The records in the audit trail are compressed to save file space.  When
       a  process is audited the first time, a pid identification record (PIR)
       is written into the audit trail	containing  information	 that  remains
       constant	 throughout  the  lifetime  of the process.  This includes the
       parent's process ID, audit tag, real user ID, real group ID,  effective
       user  ID, effective group ID, group ID list, effective,	permitted, and
       retained privileges, compartment ID, and the terminal  ID  (tty).   The
       PIR is entered only once per process per audit trail.

       Information  accumulated in an audit trail is analyzed and displayed by
       (see audisp(1M)).

AUTHOR
       was developed by HP.

SEE ALSO
       audsys(1M),   audevent(1M),   audisp(1M),   audomon(1M),	  audwrite(2),
       audit(5), compartments(5), privileges(5).

								      audit(4)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net