file Token

The file token is a special token generated by the audit daemon to mark the beginning of a new audit trail file and the end of an old file as it is deactivated. The audit daemon builds a special audit record containing this token to link together successive audit files into one audit trail. The fields are:

A token ID
A time and date stamp that identifies the time the file was created or closed
A byte count of the file name including a null terminator (does not show)
The file null-terminated name

The following figure shows the token format.

Figure B-10 file Token Format

A file token is displayed by praudit as follows:

file,Fri Jan 23 13:32:42 1997, + 79249 msec,	
/etc/security/audit/patchwork/files/19920901202558.19920901203241.patchwork

Previous: exit Token
Next: groups Token (Obsolete)