audit_event(4)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | SEE ALSO

NAME

audit_event- Audit event definition and class mapping file

SYNOPSIS

/etc/security/audit_event

DESCRIPTION

/etc/security/audit_event is a plain text system file that stores event definitions and specifies the event-to-class mappings. Programs use the getauevent(3) routines to access this information.

The fields for each event entry are separated by colons. Each event is separated from the next by a newline.

Each entry in the audit_event file has the form:

---

number:name:description: flags

---

The fields are defined as follows:

number

The event number.

name

The event name.

description

The description of the event.

flags

Flags specifying classes to which the event is mapped.

EXAMPLES

---

Example 1 Some audit_event file entries




7:AUE_EXEC:exec(2):ps 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw 6152:AUE_login:login - local:lo 6153:AUE_logout:logout:lo 6154:AUE_telnet:login - telnet:lo 6155:AUE_rlogin:login - rlogin:lo

---

SUMMARY OF TRUSTED SOLARIS CHANGES

Programs use the getauevent(3) routines rather than the getauevent(3) routines to access this information.

By default, auditing is enabled in the Trusted Solaris environment. See Trusted Solaris Audit Administration for how to disable and enable auditing.

FILES

/etc/security/audit_event

Audit event definition and class mapping file.

SEE ALSO

Trusted Solaris 7 Reference Manual

getauevent(3), audit_control(4)

Trusted Solaris Audit Administration

Trusted Solaris 7  Last Revised 5 May 1998

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | SEE ALSO