right, here is what i did then.
# Copyright (c) 1988 by Sun Microsystems, Inc.
#
# ident "@(#)audit_control.txt 1.4 00/07/17 SMI"
#
dir:/var/audit
flags:lo,ad,cc,ex
minfree:20
naflags:lo
# User Level Class Masks
#
# Developers: If you change this file you must also edit audit.h.
#
# "Meta-classes" can be created; these are supersets composed of multiple base
# classes, and thus will have more than 1 bit in its mask. See "ad", "all",
# "am", and "pc" below for examples.
#
# The "no" (invalid) class below is commonly (but not exclusively) used in
# audit_event for obsolete events.
#
#
# File Format:
#
# mask:name:description
#
0x00000000:no:invalid class
0x00000001:fr:file read
0x00000002:fw:file write
0x00000004:fa:file attribute access
0x00000008:fm:file attribute modify
0x00000010:fc:file create
0x00000020:fd:file delete
0x00000040:cl:file close
0x00000100:nt:network
0x00000200:ip:ipc
0x00000400:na:non-attribute
0x00001000:lo:login or logout
0x00004000:ap:application
0x00010000:ss:change system state
0x00020000:as:system-wide administration
0x00040000:ua:user administration
0x00070000:am:administrative (meta-class)
0x00080000:aa:audit utilization
0x000f0000:ad
ld administrative (meta-class)
0x00100000
s
rocess start/stop
0x00200000
m
rocess modify
0x00300000
c
rocess (meta-class)
0x20000000:io:ioctl
0x40000000:ex:exec
0x80000000
t
ther
0xffffffff:all:all classes (meta-class)
0x08000000:cc:CIS custom class
23:AUE_EXECVE:execve(2)
s,ex,cc
Just like how you recommanded. ( I think) !!
Now, I cann't see things like (cd / or ls -ltr) command or i may need to look deep into the log files. In addation, the size of the logs is in Gigs, it looks like i am going to need to acquire more disk space soon!!
snap shot!!
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,168,2,memcntl(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.298 +00:00
argument,1,0xff360000,base
argument,2,0x73d4,len
argument,3,0x4,cmd
argument,4,0x3,arg
argument,5,0x0,attr
argument,6,0x0,mask
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,114,2,munmap(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.298 +00:00
argument,1,0xff344000,addr
argument,2,0x10000,len
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,168,2,memcntl(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.298 +00:00
argument,1,0xff340000,base
argument,2,0x12b8,len
argument,3,0x4,cmd
argument,4,0x3,arg
argument,5,0x0,attr
argument,6,0x0,mask
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,114,2,munmap(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.299 +00:00
argument,1,0xff2d4000,addr
argument,2,0x10000,len
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,168,2,memcntl(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.299 +00:00
argument,1,0xff200000,base
argument,2,0x204d8,len
argument,3,0x4,cmd
argument,4,0x3,arg
argument,5,0x0,attr
argument,6,0x0,mask
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,114,2,munmap(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.300 +00:00
argument,1,0xff31c000,addr
argument,2,0x10000,len
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,168,2,memcntl(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.300 +00:00
argument,1,0xff310000,base
argument,2,0x3588,len
argument,3,0x4,cmd
argument,4,0x3,arg
argument,5,0x0,attr
argument,6,0x0,mask
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,114,2,munmap(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.301 +00:00
argument,1,0xff192000,addr
argument,2,0x10000,len
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,168,2,memcntl(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.301 +00:00
argument,1,0xff100000,base
argument,2,0x15b74,len
argument,3,0x4,cmd
argument,4,0x3,arg
argument,5,0x0,attr
argument,6,0x0,mask
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
header,114,2,munmap(2),,beatrix.cyberslotz.co.uk,2007-03-06 13:56:42.301 +00:00
argument,1,0xff1e2000,addr
argument,2,0x10000,len
subject,hassan,root,root,root,root,10312,554721698,14555 65559 172.16.1.202
return,success,0
file,2007-03-06 13:56:42.310 +00:00,
the idea behind this auditing thing is, to have all commands logged now, i didn't think the output is going to be like that. Now, if i get a request from management to produce the command set for one the users is going to be a nightmare to have something that will explaine to them what that users did in a nice layout.
any idea when the gui will be downloadable.
thanks