These audit records are created by programs that operate outside the kernel. The records are sorted alphabetically by program. The description of each record includes:
The name of the program
A man page reference (if appropriate)
The audit event number
The audit event name
The audit record structure
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_add_drv |
/usr/sbin/add_drv |
9018 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (driver name) text-token (base directory) text-token (class name) text-token (aliases) |
Table B–231 Admin Editor Action - Modify System Files
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_te_modsysfiles |
trusted editor |
9322 |
ao |
0x00080000 |
Format: header-token path-token (filename) text-token (changes) host-token return-token subject-token slabel-token |
Table B–232 allocate(1) - device success
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_allocate_succ |
/usr/sbin/allocate |
6200 |
ao |
0x00080000 |
Format: header-token subject-token [slabel-token] (subject) newgroups-token exit-token |
Table B–233 allocate(1) - device failure
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_allocate_fail |
/usr/sbin/allocate |
6201 |
ao |
0x00080000 |
Format: header-token subject-token [slabel-token] (subject) newgroups-token exit-token |
Table B–234 allocate(1) - list devices success
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_listdevice_succ |
/usr/sbin/allocate |
6205 |
ao |
0x00080000 |
Format: header-token subject-token [slabel-token] (subject) newgroups-token exit-token |
Table B–235 allocate(1) - list devices failure
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_listdevice_fail |
/usr/sbin/allocate |
6206 |
ao |
0x00080000 |
Format: header-token subject-token [slabel-token] (subject) newgroups-token exit-token |
Table B–236 at(1) - create atjob
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_at_create |
/usr/bin/at |
6144 |
ao |
0x00080000 |
Format: header-token subject-token return-token exec_args-token text-token (user name) text-token (job queue) |
Table B–237 at(1) - delete atjob file (at or atrm)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_at_delete |
/usr/bin/at /usr/bin/atrm |
6145 |
ao |
0x00080000 |
Format: header-token subject-token return-token exec_args-token text-token (user name) text-token (job queue) |
Table B–238 at(1) - permission
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_at_perm |
/usr/bin/at |
6146 |
ao |
0x00080000 |
Format: header-token subject-token [group-token] exit-token |
Table B–239 auditd(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_audit |
/usr/sbin/audit |
9016 |
aa |
0x00040000 |
Format: header-token text-token (“new audit file” | “reread audit_control” | “terminate auditd” | “unknown option”) return-token subject-token slabel-token |
Table B–240 auditwrite(3TSOL)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_auditwrite |
auditwrite() |
9015 |
aa |
0x00040000 |
Format: header-token text-token (error description) subject-token return-token |
Table B–241 automountd(1M) – mismatch
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_automountd_mismatch |
/usr/lib/fs/autofs/automount |
9034 |
ao |
0x00080000 |
Format: header-token path-token (mount dir) slabel-token (auto* file slabel) slabel-token (remote host template slabel) text-token (remote host server) return-token |
Table B–242 automountd(1M) – mount
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_automountd_mount |
/usr/lib/fs/autofs/automount |
9033 |
ao |
0x00080000 |
Format: header-token subject-token slabel-token (subject slabel) path-token (mount dir) return-token host-token (machine name) |
Table B–243 chroot(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_chroot |
/usr/sbin/chroot |
9029 |
ao |
0x00080000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) path-token (new root directory) path-token (command to execute) |
Table B–244 crontab(1) - crontab created
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_crontab_create |
/usr/bin/crontab |
6148 |
ao |
0x00080000 |
Format: header-token subject-token return-token exec_args-token text-token (user name) |
Table B–245 crontab(1) - crontab deleted
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_crontab_delete |
/usr/bin/crontab |
6149 |
ao |
0x00080000 |
Format: header-token subject-token return-token exec_args-token text-token (user name) |
Table B–246 crontab(1) - invoke atjob or crontab
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_cron_invoke |
/usr/bin/crontab |
6147 |
ao |
0x00080000 |
Format: header-token subject-token return-token exec_args-token text-token (user name) text-token (one of: at-job; batch-job, crontab-job, queue-job #; or unknown job type #) text-token (cron command or at job name) |
Table B–247 crontab(1) - modify
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_crontab_mod |
/usr/bin/crontab |
6170 |
ad |
0x00000800 |
Format:
header-token
subject-token
[group-token]
exit-token
|
Table B–248 crontab(1) - permission
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_crontab_perm |
/usr/bin/crontab |
6150 |
ao |
0x00080000 |
Format: header-token subject-token [group-token] exit-token |
Table B–249 dbmgr (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_dm_add |
9319 |
ao |
0x00080000 |
|
AUE_dm_del |
9320 |
|
|
|
AUE_dm_mod |
|
9321 |
|
|
Format: header-token text-token (database info) text-token (database type) text-token (error message) return-token subject-token slabel-token |
Table B–250 deallocate(1) - device success
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_deallocate_succ |
/usr/sbin/deallocate |
6202 |
ao |
0x00080000 |
Format: header-token subject-token [slabel-token] (subject) newgroups-token exit-token |
Table B–251 deallocate(1) — device failure
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_deallocate_fail |
/usr/sbin/deallocate |
6203 |
ao |
0x00080000 |
Format: header-token subject-token [slabel-token] (subject) newgroups-token exit-token |
Table B–252 dispadmin(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_dispadmin |
/usr/sbin/dispadmin |
9025 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (scheduler class) path-token (input file) |
Table B–253 dtfile(1) - copy and move
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_dtfile_copy |
/usr/dt/bin/dtfile |
9037 |
fm |
0x00000008 |
AUE_dtfile_move |
|
9038 |
|
|
Format: header-token return-token path-token (target path) slabel-token (slabel of target) path-token (source path) slabel-token (slabel of source) host-token |
Table B–254 eeprom(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_eeprom |
/usr/sbin/eeprom |
9032 |
as |
0x00020000 |
Format: header-token return-token path-token (prom device) text-token (variable=old value) text-token (variable=new value) |
Table B–255 fuser(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_fuser |
/usr/sbin/fuser |
9031 |
ao |
0x00080000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) path-token (file name) arg-token (1, “PID”, process-id) |
Table B–256 groupmgr (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_gm_add_grp |
|
9307 |
ao |
0x00080000 |
AUE_gm_del_grp |
9308 |
ao |
0x00080000 |
|
AUE_gm_mod_grp |
|
9309 |
ao |
0x00080000 |
Format: header-token text-token (group info) text-token (error message) return-token subject-token slabel-token |
Table B–257 halt(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_halt_solaris |
/usr/sbin/halt |
6160 |
ss |
0x00010000 |
Format: header-token subject-token slabel-token return-token |
Table B–258 hostmgr (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_hm_add_host |
|
9310 |
ao |
0x00080000 |
AUE_hm_del_host |
9311 |
|
|
|
AUE_hm_mod_host |
|
9312 |
|
|
AUE_hm_set_def |
|
9313 |
|
|
Format: header-token text-token (host info) text-token (error message) return-token subject-token slabel-token |
Table B–259 inetd(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_inetd_connect |
/usr/sbin/inetd |
6151 |
na |
0x00000400 |
Format: header-token subject-token text-token (service name) ip-address-token ip-port-token return-token |
Table B–260 in.ftpd(1M) - ftp access
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_ftpd |
/usr/sbin/in.ftpd |
6165 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message, failure only) return-token |
Table B–261 installf(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_installf |
/usr/sbin/installf |
9042 |
as |
0x00020000 |
Format: header-token return-token argument-token (package name) subject-token slabel-token |
Table B–262 login(1) — local
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_login |
/usr/bin/login |
6152 |
lo |
0x00001000 |
Format: header-token text-token text-token (message - success or failure) subject-token return-token |
Table B–263 login(1) — rlogin
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_rlogin |
/usr/bin/login |
6155 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message) return-token |
Table B–264 login(1) — telnet
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_telnet |
/usr/bin/login |
6154 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message) return-token |
Table B–265 logout(1)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_logout |
/usr/bin/login |
6153 |
lo |
0x00001000 |
Format: header-token subject-token text-token return-token |
Table B–266 lpadmin(1M) - authorization
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_uauth |
/usr/lib/lpadmin |
6196 |
ao |
0x00000800 |
Format: header-token text-token (authorization used) return-token text-token (admin command line) subject-token slabel-token host-token |
Table B–267 lpsched(1M) - authorization
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_uauth |
/usr/lib/lpsched |
6196 |
ad |
0x00000800 |
Format: header-token text-token (“ print without banners | print without labels |print a PostScript file”) return-token text-token (hostname/jobnumber-filenumber) slabel-token (label of print job) subject-token slabel-token host-token |
Table B–268 lpsched(1M) - privilege
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_lp_cancel |
/usr/lib/lpsched |
9044 |
ao |
0x00080000 |
AUE_lp_status |
9045 |
|
|
|
Format: header-token return-token privilege-token text-token (hostname/jobnumber-filenumber) slabel-token (print job label) subject-token slabel-token host-token (error message) |
Table B–269 modload(1M), modunload(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_modload |
/usr/sbin/modload |
9020 |
as |
0x00020000 |
AUE_modunload |
/usr/sbin/modunload |
9021 |
|
|
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (module pathname) |
Table B–270 mountd(1M) – NFS mount
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_mountd_mount |
/usr/lib/nfs/mountd |
6156 |
na |
0x00000400 |
Format: header-token argument-token slabel-token (subject slabel) text-token (remote client hostname) path-token (mount dir) slabel-token (slabel of the directory) text-token (error message, failure only) attribute-token subject-token return-token |
Table B–271 mountd(1M) – NFS unmount
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_mountd_umount |
/usr/lib/nfs/mountd |
6157 |
na |
0x00000400 |
Format: header-token slabel-token (subject slabel) text-token (remote client hostname) path-token (mount dir) slabel-token (slabel of the directory) text-token (error message, failure only) attribute-token subject-token return-token |
Table B–272 passwd(1)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_passwd |
/usr/bin/passwd |
6163 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message) return-token |
Table B–273 pfexec(1)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_prof_cmd |
/usr/bin/pfexec |
6180 |
ao |
0x00080000 |
Format: header-token subject-token slabel-token clearance-token path-token (for pfexec) path-token (for invoking command) cmd-token process-token clearance-token slabel-token privilege-token return-token |
Table B–274 pbind(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pbind |
/usr/sbin/pbind |
9026 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (action: “BIND” | “UNBIND”) arg-token (1, “CPU”, processor id) arg-token (2, ”PID”, process-id) |
Table B–275 pfsh — Obsolete
Event Names |
Program |
Event IDs |
Event Class |
Mask |
---|---|---|---|---|
AUE_pfsh_trusted_priv |
/usr/bin/pfsh |
9007 |
ao |
0x00080000 |
AUE_pfsh_trusted_nopriv |
|
9008 |
|
|
AUE_pfsh_priv |
|
9009 |
|
|
AUE_pfsh_nopriv |
|
9010 |
ap |
0x00004000 |
Format: header-token path-token (of the executable) exec_args-token path-token (of current directory) privilege-token return-token exec_env-token (if AUDIT_ARGE is on) subject-token slabel-token |
Table B–276 pkgadd(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pkginstall |
/usr/sbin/pkgadd |
9040 |
as |
0x00020000 |
Format: header-token return-token argument-token (package name) subject-token slabel-token |
Table B–277 pkgrm(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pkgremove |
/usr/sbin/pkgrm |
9041 |
as |
0x00020000 |
Format: header-token return-token argument-token (package name) subject-token slabel-token |
Table B–278 Print Manager
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_printer_add |
|
6187 |
ad |
0x00000800 |
AUE_printer_delete |
6188 |
|
|
|
AUE_printer_delete |
|
6189 |
|
|
Format: header-token text-token (printer info) text-token (error message) return-token subject-token slabel-token |
Table B–279 printmgr (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pm_add_prn |
|
9316 |
ao |
0x00080000 |
AUE_pm_del_prn |
9318 |
ao |
0x00080000 |
|
AUE_pm_mod_prn |
|
9317 |
ao |
0x00080000 |
Format: header-token text-token (printer info) text-token (error message) return-token subject-token slabel-token |
Table B–280 profmgr - add profile (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pm_add_prof |
|
9306 |
ao |
0x00080000 |
Format: header-token text-token (new profile info) text-token (error message) return-token subject-token slabel-token See Table B–303 for the current Rights profile audit records. |
Table B–281 profmgr - delete profile (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pm_del_prof |
|
9304 |
ao |
0x00080000 |
Format: header-token text-token (profile info) text-token (error message) return-token subject-token slabel-token See Table B–303 for the current Rights profile audit records. |
Table B–282 profmgr - modify profile (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_pm_mod_prof |
|
9305 |
ao |
0x00080000 |
Format: header-token text-token (old profile info) text-token (new profile info) text-token (error message) return-token subject-token slabel-token See Table B–303 for the current Rights profile audit records. |
Table B–283 psradm(1m)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_psradm |
/usr/sbin/psradm |
9027 |
ps |
0x00100000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (action: “ON” | “OFF”) arg-token (1, ”PID”, processor id) |
Table B–284 reboot(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_reboot_solaris |
/usr/sbin/reboot |
6161 |
ss |
0x00010000 |
Format: header-token subject-token return-token |
Table B–285 removef(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_removef |
/usr/sbin/removef |
9043 |
as |
0x00020000 |
Format: header-token return-token argument-token (package name) subject-token slabel-token |
Table B–286 rpc.rexd(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_rexd |
/usr/sbin/rpc.rexd |
6164 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message, failure only) text-token (hostname) text-token (username) text-token (command to be executed) exit-token |
Table B–287 in.rexecd(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_rexecd |
/usr/sbin/in.rexecd |
6162 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message, failure only) text-token (hostname) text-token (username) text-token (command to be executed) exit-token |
Table B–288 in.rshd(1M) - rsh access
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_rshd |
/usr/sbin/in.rshd |
6158 |
lo |
0x00001000 |
Format: header-token subject-token text-token (command string) text-token (local user) text-token (remote user) return-token |
Table B–289 rem_drv(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_rem_drv |
/usr/sbin/rem_drv |
9019 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (driver name) [text-token] (base directory) |
Table B–290 init(1M) - run level change
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_run_level_change |
/usr/sbin/init |
9024 |
ss |
0x00010000 |
Format: header-token text-token (new run level) subject-token slabel-token (if slabel policy on) return-token |
Table B–291 role login
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_role_login |
|
6173 |
lo |
0x00001000 |
Format: header-token subject-token slabel-token (if slabel policy on) return-token host-token |
Table B–292 Selection Manager Transfer
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_sel_mgr_xfer |
|
9039 |
ax |
0x00002000 |
Format: header-token subject-token slabel-token return-token |
Table B–293 sendmail(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_sendmail_deliver AUE_sendmail_defer |
/usr/lib/sendmail |
9013 9014 |
ao |
0x00080000 |
Format: header-token text-token (message about status) text-token (to) text-token (message ID) text-token (from) text-token (from host) text-token (to user) text-token (to host) return-token slabel-token |
Table B–294 sendmail(1M) - upgrade
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_sendmail_upgrade |
/usr/lib/sendmail |
9012 |
ao |
0x00080000 |
Format: header-token text-token (message ID) slabel-token (old label) slabel-token (new label) subject-token slabel-token |
Table B–295 serialmgr (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_sm_del_ser |
|
9315 |
ao |
0x00080000 |
AUE_sm_mod_ser |
9314 |
|
|
|
Format: header-token text-token (port info) text-token (error message) return-token subject-token slabel-token |
Table B–296 setuname(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_setuname |
/usr/bin/setuname |
9022 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token(command-line arguments) text-token (action: “ADD” | “DELETE”) path-token (swapname) |
Table B–297 share(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_EXPORTFS |
/usr/lib/fs.d/nfs/share |
61 |
ao |
0x00080000 |
Format: header-token subject-token slabel-token (subject slabel) path-token (export directory) slabel-token (slabel of the directory) text-token (export options) return-token |
Table B–298 Solaris Management Console - authentication
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_admin_authenticate |
SMC — authentication
|
6123 |
ao |
0x00080000 |
Format: header-token subject-token slabel-token return-token host-token |
Table B–299 Solaris Management Console - Computers and Networks
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_network_add |
SMC Computers and Networks |
6184 |
ao |
0x00080000 |
AUE_network_delete |
6185 |
|
|
|
AUE_network_modify |
|
6186 |
|
|
Format: header-token subject-token slabel-token text-token (a file, such as: hosts, tnrhtp, tnrhdb, networks, tnidb) text-token (name service) uauth-token text-token (attributes in key-value pair format) return-token host-token |
Table B–300 Solaris Management Console - Mounts and Shares
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_filesystem_add |
SMC Mounts and Shares |
6181 |
ao |
0x00080000 |
AUE_filesystem_delete |
6182 |
|
|
|
AUE_filesystem_modify |
|
6183 |
|
|
Format: header-token subject-token slabel-token text-token (SMC object) text-token (name service) uauth-token text-token (attributes in key-value pair format) return-token host-token |
Table B–301 Solaris Management Console - Serial Ports
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_serialport_add |
SMC Serial Ports |
6193 |
ao |
0x00080000 |
AUE_serialport_delete |
6194 |
|
|
|
AUE_serialport_modify |
|
6195 |
|
|
Format: header-token subject-token slabel-token text-token (SMC object) text-token (name service) uauth-token text-token (attributes in key-value pair format) return-token host-token |
Table B–302 Solaris Management Console - Scheduled Jobs
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_scheduledjob_add |
SMC Scheduled Jobs |
6190 |
ao |
0x00080000 |
AUE_scheduledjob_delete |
6191 |
|
|
|
AUE_scheduledjob_modify |
|
6192 |
|
|
Format: header-token subject-token slabel-token text-token (SMC object) text-token (name service) [uauth-token] (when required) text-token (attributes in key-value pair format) return-token host-token |
Table B–303 Solaris Management Console - User Accounts and Rights
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_usermgr_add |
SMC User Accounts |
6196 |
ad |
0x00000800 |
AUE_usermgr_delete |
6197 |
|
|
|
AUE_usermgr_modify |
|
6198 |
|
|
Format: header-token subject-token slabel-token text-token (SMC object) [text-token] (domain name) text-token (name service) uauth-token text-token (attributes in key-value pair format) return-token host-token Adding a user generates three records, one for each SMC object. |
Table B–304 Workspace Label Change
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_sl_change |
|
9035 |
ap |
0x00004000 |
Format: header-token subject-token slabel-token (original SL) slabel-token (new SL) return-token host-token |
Table B–305 su(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_su |
/usr/bin/su |
6159 |
lo |
0x00001000 |
Format: header-token subject-token text-token (error message) return-token |
Table B–306 swap(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_swap |
/usr/sbin/swap |
9030 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token text-token (new node name | “*none*”) text-token (new systemname | “*none*”) |
Table B–307 uadmin(1M)
Event Name | Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_uadmin_cmd |
/usr/sbin/uadmin |
9023 |
ss |
0x00010000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) argument-token (1, “cmd”, command code) argument-token (2, “fcn”, function code) |
Table B–308 uauth - Use of Authorization
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_uauth |
use of authorization |
6199 |
ao |
0x00080000 |
(See Table B–267 for use of authorization with printing) Format: header-token subject-token slabel-token uauth-token text-token (SMC object) return-token host-token |
Table B–309 uautho (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_uauth |
use of authorization |
9017 |
ao |
0x00080000 |
Format: header-token text-token (user name) text-token (authorization) subject-token return-token |
Table B–310 usermgr (Obsolete)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_um_add_user |
|
9302 |
ao |
0x00080000 |
AUE_um_del_user |
9301 |
|
|
|
AUE_um_mod_user |
|
9300 |
|
|
AUE_um_set_def |
|
9303 |
|
|
Format: header-token text-token (user info) text-token (error message) return-token subject-token slabel-token |
Table B–311 uname(1)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_uname_set |
/usr/bin/uname |
9024 |
as |
0x00020000 |
Format: header-token subject-token groups-token slabel-token return-token exec_args-token (command-line arguments) text-token (new node name) |
Table B–312 unshare(1M)
Event Name |
Program |
Event ID |
Event Class |
Mask |
---|---|---|---|---|
AUE_exportfs |
/usr/lib/fs.d/nfs/share |
|
na |
0x00000400 |
Format: header-token subject-token slabel-token (subject slabel) path-token (export directory) return-token |