Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for audit_event (opensolaris section 4)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

audit_event(4)				   File Formats 			   audit_event(4)

       audit_event - audit event definition and class mapping


       /etc/security/audit_event is a user-configurable ASCII system file that stores event defi-
       nitions used in the audit system. As part of this definition, each event is mapped to  one
       or  more  of  the  audit  classes  defined  in  audit_class(4).	See  audit_control(4) and
       audit_user(4) for information about changing the preselection  of  audit  classes  in  the
       audit  system. Programs can use the getauevent(3BSM) routines to access audit event infor-

       The fields for each event entry are separated by colons. Each event is separated from  the
       next by a NEWLINE.Each entry in the audit_event file has the form:


       The fields are defined as follows:

       number	      Event number.

		      Event number ranges are assigned as follows:

		      0 	     Reserved as an invalid event number.

		      1-2047	     Reserved for the Solaris Kernel events.

		      2048-32767     Reserved for the Solaris TCB programs.

		      32768-65535    Available for third party TCB applications.

				     System  administrators  must  not	add,  delete,  or  modify
				     (except to change the class mapping), events with	an  event
				     number  less  than  32768.  These events are reserved by the

       name	      Event name.

       description    Event description.

       flags	      Flags specifying classes to which the event is mapped.  Classes  are  comma
		      separated, without spaces.

		      Obsolete	events are commonly assigned to the special class no (invalid) to
		      indicate they are no longer generated.  Obsolete	events	are  retained  to
		      process old audit trail files. Other events which are not obsolete may also
		      be assigned to the no class.

       Example 1 Using the audit_event File

       The following is an example of some audit_event file entries:

	 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
	 6152:AUE_login:login - local:lo
	 6154:AUE_telnet:login - telnet:lo
	 6155:AUE_rlogin:login - rlogin:lo

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     | See below.		   |

       The file format stability is Committed. The file content is Uncommitted.


       bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)

       Part VII, Solaris Auditing, in System Administration Guide: Security Services

       This functionality is available only if	Solaris  Auditing  has	been  enabled.	See  bsm-
       conv(1M) for more information.

SunOS 5.11				   26 Jun 2008				   audit_event(4)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 12:06 AM.