NAME
audit_event − audit event definition and class mapping
SYNOPSIS
/etc/security/audit_event
DESCRIPTION
/etc/security/audit_event is an ASCII system file that stores event definitions and specifies the event to class mappings. Programs use the getauevent(3BSM) routines to access this information.
The fields for each event entry are separated by colons. Each event is separated from the next by a newline.
Each entry in the audit_event file has the form:
number:name:description: flags
The fields are
defined as follows:
number
The event number.
|
name |
The event name. |
description
The description of the event.
|
flags |
Flags specifying classes to which the event is mapped. |
EXAMPLES
Example 1: Sample of the audit_event file entries.
Here is a sample of the audit_event file entries:
7:AUE_EXEC:exec(2):pc,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - success or failure:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - through telnet:lo
6155:AUE_rlogin:login - through rlogin:lo
FILES
/etc/security/audit_event
SEE ALSO
bsmconv(1M), getauevent(3BSM), audit_control(4)
NOTES
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.