Pseudo-events do have their own audit record structure. They create audit records for the event that uses privilege. When the pseudo-event AUE_UPRIV is in a class that is being audited, any use of privilege will be audited, including uses of privilege for events that are otherwise not being audited.
Table B–189 Use of privilege
Event Name |
Event ID |
Event Class |
Mask |
---|---|---|---|
AUE_UPRIV |
521 |
no |
0x00000000 |