hpux man page for aud_audit_events

aud_audit_events(5)													       aud_audit_events(5)

NAME
       aud_audit_events - Auditable events for the audit services

DESCRIPTION
       Code is in place for auditing audit service-significant events.	Among these events are: Administrative operations

       These are subdivided into modify and query operations.  Filter operations

       These are subdivided into modify and query operations.

       Event  class  definitions, together with filters, control the auditing execution at these code points.  Filters can be updated dynamically.
       Filter files are maintained by a per-host audit daemon, and are shared among all the audit clients on the same host.    The  dcecp  command
       interface  program  is used for maintaining the filters.  (See the dcecp reference page.)  The dcecp command is executable by all users and
       system administrators.  The control on who is allowed to modify filters is done through audit daemon's ACL, which maintains the filters.

       The Audit Service RPC interfaces include audit_control and audit_filter operations.

   Administrative Operations
       The dce_audit_admin_modify and dce_audit_admin_query event classes lump together the administrative operations that are	performed  on  the
       Audit daemon.

       The  dce_audit_admin_modify  event class has the following events that modify the operation of the Audit daemon: EVT_MODIFY_STATE - Enables
       or disables the Audit daemon for logging.  EVT_MODIFY_SSTRATEGY - Modifies storage strategy.  This can be any of the following: Save  -	If
       the trail is full, it is backed up and renamed with a timestamp then writes on the original trail again.  Wrap - If the trail is full, goes
       back to the beginning of the file, overwriting previously written records.  EVT_REWIND - Rewinds the Audit  daemon's  central  trail  file.
       EVT_STOP - Stops the Audit daemon.

       The  following  are  the  audit	code points in the Audit Service interfaces, with their Event Types, Event Classes, and any Event-Specific
       Information.  EVT_MODIFY_STATE (0x306, dce_audit_admin_modify) None EVT_MODIFY_SSTRATEGY (0x305,  dce_audit_admin_modify)  None	EVT_REWIND
       (0x307, dce_audit_admin_modify) None EVT_STOP (0x308, dce_audit_admin_modify) None

       The dce_audit_admin_query event class has two events: EVT_SHOW_SSTRATEGY - Shows the storage strategy.  EVT_SHOW_STATE - Shows the state of
       the Audit daemon.

       Following  are  the  details  of  this  event  class:  EVT_SHOW_SSTRATEGY  (0x309,  dce_audit_admin_query)  None   EVT_SHOW_STATE   (0x30a,
       dce_audit_admin_query) None

   Filter Operations
       The dce_audit_filter_modify and dce_audit_filter_query event classes are the filter operations that the Audit daemon handles.

       The  dce_audit_filter_modify  event class has the following events: EVT_ADD_FILTER - Adds a filter.  EVT_DELETE_FILTER - Removes all guides
       for a specific subject.	EVT_REMOVE_FILTER - Removes a specific guide for a specific subject.

       Following are  the  details  of	this  event  class:  EVT_ADD_FILTER  (0x303,  dce_audit_filter_modify)	None.	EVT_DELETE_FILTER  (0x300,
       dce_audit_filter_modify) None.  EVT_REMOVE_FILTER (0x304,  dce_audit_filter_modify) None.

       The  dce_audit_filter_query  contains two events: EVT_LIST_FILTER - Lists all subjects that have filters.  EVT_SHOW_FILTER - Shows all fil-
       ters for a specific principal.

       Following  are  the  details  of  this  event  class.   EVT_LIST_FILTER	(0x302,  dce_audit_filter_query)  None.   EVT_SHOW_FILTER  (0x301,
       dce_audit_filter_query) aud_c_evt_info_long_int	     esl_type aud_c_evt_info_char_string    subject_name

RELATED INFORMATION
       Commands: dcecp(1m).
       Files: event_class.5.

															       aud_audit_events(5)