Pseudo-events do have their own audit record structure. They create audit records for the event that uses privilege. When the pseudo-event AUE_UPRIV is in a class that is being audited, any use of privilege will be audited, including uses of privilege for events that are otherwise not being audited.
Table B-175 Use of privilege
Event Name |
Event ID |
Event Class |
Mask |
---|---|---|---|
AUE_UPRIV |
521 |
no |
0x00000000 |