Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for audit_event (opensolaris section 4)

audit_event(4)				   File Formats 			   audit_event(4)

NAME
       audit_event - audit event definition and class mapping

SYNOPSIS
       /etc/security/audit_event

DESCRIPTION
       /etc/security/audit_event is a user-configurable ASCII system file that stores event defi-
       nitions used in the audit system. As part of this definition, each event is mapped to  one
       or  more  of  the  audit  classes  defined  in  audit_class(4).	See  audit_control(4) and
       audit_user(4) for information about changing the preselection  of  audit  classes  in  the
       audit  system. Programs can use the getauevent(3BSM) routines to access audit event infor-
       mation.

       The fields for each event entry are separated by colons. Each event is separated from  the
       next by a NEWLINE.Each entry in the audit_event file has the form:

	 number:name:description:flags

       The fields are defined as follows:

       number	      Event number.

		      Event number ranges are assigned as follows:

		      0 	     Reserved as an invalid event number.

		      1-2047	     Reserved for the Solaris Kernel events.

		      2048-32767     Reserved for the Solaris TCB programs.

		      32768-65535    Available for third party TCB applications.

				     System  administrators  must  not	add,  delete,  or  modify
				     (except to change the class mapping), events with	an  event
				     number  less  than  32768.  These events are reserved by the
				     system.

       name	      Event name.

       description    Event description.

       flags	      Flags specifying classes to which the event is mapped.  Classes  are  comma
		      separated, without spaces.

		      Obsolete	events are commonly assigned to the special class no (invalid) to
		      indicate they are no longer generated.  Obsolete	events	are  retained  to
		      process old audit trail files. Other events which are not obsolete may also
		      be assigned to the no class.

EXAMPLES
       Example 1 Using the audit_event File

       The following is an example of some audit_event file entries:

	 7:AUE_EXEC:exec(2):ps,ex
	 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
	 6152:AUE_login:login - local:lo
	 6153:AUE_logout:logout:lo
	 6154:AUE_telnet:login - telnet:lo
	 6155:AUE_rlogin:login - rlogin:lo

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     | See below.		   |
       +-----------------------------+-----------------------------+

       The file format stability is Committed. The file content is Uncommitted.

FILES
       /etc/security/audit_event

SEE ALSO
       bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)

       Part VII, Solaris Auditing, in System Administration Guide: Security Services

NOTES
       This functionality is available only if	Solaris  Auditing  has	been  enabled.	See  bsm-
       conv(1M) for more information.

SunOS 5.11				   26 Jun 2008				   audit_event(4)


All times are GMT -4. The time now is 08:52 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password