/etc/security/audit_event is an ASCII system file that stores event definitions and specifies the event to class mappings. Programs use the getauevent(3BSM) routines to access this information.
The fields for each event entry are separated by colons. Each event is separated from the next by a newline.
Each entry in the audit_event file has the form:
The fields are defined as follows:
The event number.
The event name.
The description of the event.
Flags specifying classes to which the event is mapped.
Here is a sample of the audit_event file entries:
7:AUE_EXEC:exec(2):pc,ex 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw 6152:AUE_login:login - success or failure:lo 6153:AUE_logout:logout:lo 6154:AUE_telnet:login - through telnet:lo 6155:AUE_rlogin:login - through rlogin:lo
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.