|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
File Formats audit_event(4)
NAME
audit_event - audit event definition and class mapping
SYNOPSIS
/etc/security/audit_event
DESCRIPTION
/etc/security/audit_event is a user-configurable ASCII sys-
tem file that stores event definitions used in the audit
system. As part of this definition, each event is mapped to
one or more of the audit classes defined in audit_class(4).
See audit_control(4) and audit_user(4) for information about
changing the preselection of audit classes in the audit sys-
tem. Programs can use the getauevent(3BSM) routines to
access audit event information.
The fields for each event entry are separated by colons.
Each event is separated from the next by a <NEWLINE>.Each
entry in the audit_event file has the form:
number:name:description:flags
The fields are defined as follows:
number Event number.
Event number ranges are assigned as follows:
0 Reserved as an invalid event
number.
1-2047 Reserved for the Solaris
Kernel events.
2048-32767 Reserved for the Solaris TCB
programs.
32768-65535 Available for third party
TCB applications.
System administrators must
not add, delete, or modify
SunOS 5.10 Last change: 6 Jan 2003 1
File Formats audit_event(4)
(except to change the class
mapping), events with an
event number less than
32768. These events are
reserved by the system.
name Event name.
description Event description.
flags Flags specifying classes to which the event
is mapped. Classes are comma separated,
without spaces.
Obsolete events are commonly assigned to the
special class no (invalid) to indicate they
are no longer generated. Obsolete events are
retained to process old audit trail files.
Other events which are not obsolete may also
be assigned to the no class.
EXAMPLES
Example 1: Using the audit_event File
The following is an example of some audit_event file
entries:
7:AUE_EXEC:exec(2):ps,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - local:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | See below |
|_____________________________|_____________________________|
SunOS 5.10 Last change: 6 Jan 2003 2
File Formats audit_event(4)
The file format stability is evolving. The file content is
unstable.
FILES
/etc/security/audit_event
SEE ALSO
bsmconv(1M), getauevent(3BSM), audit_class(4),
audit_control(4), audit_user(4)
NOTES
This functionality is available only if the Basic Security
Module (BSM) has been enabled. See bsmconv(1M) for more
information.
SunOS 5.10 Last change: 6 Jan 2003 3
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:18 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2876 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2487 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2407 hits)
(Suse Linux 10.1)
|
Man Pages 
