audgen(8) [osf1 man page]

audgen(8)						      System Manager's Manual							 audgen(8)

NAME

       audgen - Generates an audit record

SYNOPSIS

       /usr/sbin/audgen audit_record_parameter_list

DESCRIPTION

       The  audgen  utility  generates an audit record, which is placed in the auditlog.  Standard audit event information, such as identification
       information and a timestamp, are automatically inserted.  The audit_record_parameter_list consists of 1 to 8  strings,  each  of  which	is
       inserted into the audit record.	The event type is set to AUDGEN8.

RESTRICTIONS

       This  utility makes use of the audgen system call, which requires privilege.  No record will be generated if the event AUDGEN8 is not being
       audited for the current process.

EXAMPLES

       The following is an example of an audit_record_parameter_list for audgen:

       # audgen "string 1" "string 2" string3

RELATED INFORMATION

       Commands: auditconfig(8)

       Functions: audgen(2) delim off

																	 audgen(8)

audit(4)						     Kernel Interfaces Manual							  audit(4)

NAME

       audit - audit trail format and other information for auditing

DESCRIPTION

       Audit  records  are  generated  when  users  make security-relevant system calls, as well as by self-auditing processes that call (see aud-
       write(2)).  Access to the auditing system is restricted to super-user.

       Each audit record consists of an audit record header and a record body.	The record header is comprised of  sequence  number,  process  ID,
       event  type,  and record body length.  The sequence number gives relative order of all records; the process ID belongs to the process being
       audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes.

       The record body is the variable-length component of an audit record containing more information about the audited  activity.   For  records
       generated  by  system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the
       system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the  high-
       level description of the event (see audwrite(2)).

       The  records  in  the audit trail are compressed to save file space.  When a process is audited the first time, a pid identification record
       (PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process.   This  includes
       the  parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective,  permit-
       ted, and retained privileges, compartment ID, and the terminal ID (tty).  The PIR is entered only once per process per audit trail.

       Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)).

AUTHOR

       was developed by HP.

SEE ALSO

       audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5).

																	  audit(4)