audit_event man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

audit_event(4)			 File Formats			audit_event(4)

NAME
       audit_event - audit event definition and class mapping

SYNOPSIS
       /etc/security/audit_event

DESCRIPTION
       /etc/security/audit_event is a user-configurable ASCII system file that
       stores event definitions used in the audit system. As part of this def‐
       inition,	 each  event  is  mapped  to  one or more of the audit classes
       defined in audit_class(4). See audit_control(4) and  audit_user(4)  for
       information  about  changing  the  preselection of audit classes in the
       audit system. Programs can use the getauevent(3BSM) routines to	access
       audit event information.

       The  fields for each event entry are separated by colons. Each event is
       separated from the next by a NEWLINE.Each entry in the audit_event file
       has the form:

	 number:name:description:flags

       The fields are defined as follows:

       number	      Event number.

		      Event number ranges are assigned as follows:

		      0		     Reserved as an invalid event number.

		      1-2047	     Reserved for the Solaris Kernel events.

		      2048-32767     Reserved for the Solaris TCB programs.

		      32768-65535    Available	for  third  party TCB applica‐
				     tions.

				     System  administrators  must   not	  add,
				     delete,  or  modify (except to change the
				     class mapping), events with an event num‐
				     ber  less	than  32768.  These events are
				     reserved by the system.

       name	      Event name.

       description    Event description.

       flags	      Flags specifying classes to which the event  is  mapped.
		      Classes are comma separated, without spaces.

		      Obsolete	events	are  commonly  assigned to the special
		      class no (invalid) to indicate they are no longer gener‐
		      ated.  Obsolete events are retained to process old audit
		      trail files. Other events which  are  not	 obsolete  may
		      also be assigned to the no class.

EXAMPLES
       Example 1 Using the audit_event File

       The following is an example of some audit_event file entries:

	 7:AUE_EXEC:exec(2):ps,ex
	 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
	 6152:AUE_login:login - local:lo
	 6153:AUE_logout:logout:lo
	 6154:AUE_telnet:login - telnet:lo
	 6155:AUE_rlogin:login - rlogin:lo

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │ See below.		   │
       └─────────────────────────────┴─────────────────────────────┘

       The  file  format stability is Committed. The file content is Uncommit‐
       ted.

FILES
       /etc/security/audit_event

SEE ALSO
       bsmconv(1M),   getauevent(3BSM),	  audit_class(4),    audit_control(4),
       audit_user(4)

NOTES
       This  functionality  is	available  only	 if  Solaris Auditing has been
       enabled. See bsmconv(1M) for more information.

SunOS 5.10			  30 Apr 2008			audit_event(4)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net