Trusted Solaris Audit Administration

User-Level Generated Audit Records

These audit records are created by programs that operate outside the kernel. The records are sorted alphabetically by program. The description of each record includes:

The name of the program
A man page reference (if appropriate)
The audit event number
The audit event name
The audit record structure

Table B–230 add_drv(1M)

Event Name	Program	Event ID	Event Class	Mask
`AUE_add_drv`	/usr/sbin/add_drv	`9018`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `text-token` (driver name) `text-token` (base directory) `text-token` (class name) `text-token` (aliases)

Event Name

Program

Event ID

Event Class

Mask

AUE_add_drv

/usr/sbin/add_drv

9018

as

0x00020000

Format:
	header-token
	subject-token
	groups-token
	slabel-token
	return-token
	exec_args-token  (command-line arguments)
	text-token  (driver name)
	text-token  (base directory)
	text-token  (class name)
	text-token  (aliases)

Table B–231 Admin Editor Action - Modify System Files


Event Name	Program	Event ID	Event Class	Mask
`AUE_te_modsysfiles`	trusted editor	`9322`	`ao`	0x00080000
Format: `header-token` `path-token` (filename) `text-token` (changes) `host-token` `return-token` `subject-token` `slabel-token`

Table B–232 allocate(1) - device success


Event Name	Program	Event ID	Event Class	Mask
`AUE_allocate_succ`	/usr/sbin/allocate	`6200`	`ao`	0x00080000
Format: `header-token` `subject-token` [`slabel-token`] (subject) `newgroups-token` `exit-token`

Table B–233 allocate(1) - device failure


Event Name	Program	Event ID	Event Class	Mask
`AUE_allocate_fail`	/usr/sbin/allocate	`6201`	`ao`	0x00080000
Format: `header-token` `subject-token` [`slabel-token`] (subject) `newgroups-token` `exit-token`

Table B–234 allocate(1) - list devices success


Event Name	Program	Event ID	Event Class	Mask
`AUE_listdevice_succ`	/usr/sbin/allocate	`6205`	`ao`	0x00080000
Format: `header-token` `subject-token` [`slabel-token`] (subject) `newgroups-token` `exit-token`

Table B–235 allocate(1) - list devices failure


Event Name	Program	Event ID	Event Class	Mask
`AUE_listdevice_fail`	/usr/sbin/allocate	`6206`	`ao`	0x00080000
Format: `header-token` `subject-token` [`slabel-token`] (subject) `newgroups-token` `exit-token`

Table B–236 at(1) - create atjob


Event Name	Program	Event ID	Event Class	Mask
`AUE_at_create`	/usr/bin/at	`6144`	`ao`	0x00080000
Format: `header-token` `subject-token` `return-token` `exec_args-token` `text-token` (user name) `text-token` (job queue)

Table B–237 at(1) - delete atjob file (at or atrm)


Event Name	Program	Event ID	Event Class	Mask
`AUE_at_delete`	/usr/bin/at /usr/bin/atrm	`6145`	`ao`	0x00080000
Format: `header-token` `subject-token` `return-token` `exec_args-token` `text-token` (user name) `text-token` (job queue)

Table B–238 at(1) - permission


Event Name	Program	Event ID	Event Class	Mask
`AUE_at_perm`	/usr/bin/at	`6146`	`ao`	0x00080000
Format: `header-token` `subject-token` `[group-token]` `exit-token`

Table B–239 auditd(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_audit`	/usr/sbin/audit	`9016`	`aa`	0x00040000
Format: `header-token` `text-token` (“new audit file” \| “reread audit_control” \| “terminate auditd” \| “unknown option”) `return-token` `subject-token` `slabel-token`

Table B–240 auditwrite(3TSOL)


Event Name	Program	Event ID	Event Class	Mask
`AUE_auditwrite`	`auditwrite()`	`9015`	`aa`	0x00040000
Format: `header-token text-token` (error description) `subject-token` `return-token`

Table B–241 automountd(1M) – mismatch


Event Name	Program	Event ID	Event Class	Mask
`AUE_automountd_mismatch`	/usr/lib/fs/autofs/automount	`9034`	`ao`	0x00080000
Format: `header-token` `path-token` (mount dir) `slabel-token` (auto* file slabel) `slabel-token` (remote host template slabel) `text-token` (remote host server) `return-token`

Table B–242 automountd(1M) – mount


Event Name	Program	Event ID	Event Class	Mask
`AUE_automountd_mount`	/usr/lib/fs/autofs/automount	`9033`	`ao`	0x00080000
Format: `header-token` `subject-token` `slabel-token` (subject slabel) `path-token` (mount dir) `return-token` `host-token` (machine name)

Table B–243 chroot(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_chroot`	/usr/sbin/chroot	`9029`	`ao`	0x00080000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `path-token` (new root directory) `path-token` (command to execute)

Table B–244 crontab(1) - crontab created


Event Name	Program	Event ID	Event Class	Mask
`AUE_crontab_create`	/usr/bin/crontab	`6148`	`ao`	0x00080000
Format: `header-token` `subject-token` `return-token` `exec_args-token` `text-token` (user name)

Table B–245 crontab(1) - crontab deleted


Event Name	Program	Event ID	Event Class	Mask
`AUE_crontab_delete`	/usr/bin/crontab	`6149`	`ao`	0x00080000
Format: `header-token` `subject-token` `return-token` `exec_args-token` `text-token` (user name)

Table B–246 crontab(1) - invoke atjob or crontab

Event Name	Program	Event ID	Event Class	Mask
`AUE_cron_invoke`	/usr/bin/crontab	`6147`	`ao`	0x00080000
Format: `header-token` `subject-token` `return-token` `exec_args-token` `text-token` (user name) `text-token` (one of: at-job; batch-job, crontab-job, queue-job #; or unknown job type #) `text-token` (cron command or at job name)

Event Name

Program

Event ID

Event Class

Mask

AUE_cron_invoke

/usr/bin/crontab

6147

ao

0x00080000

Format:
  header-token
  subject-token
  return-token
  exec_args-token
  text-token (user name)
  text-token (one of: at-job; batch-job, 
                crontab-job, queue-job #; or unknown job type #)
  text-token  (cron command or at job name)

Table B–247 crontab(1) - modify


Event Name	Program	Event ID	Event Class	Mask
`AUE_crontab_mod`	`/usr/bin/crontab`	`6170`	`ad`	0x00000800
Format: `header-token` `subject-token` [`group-token`] `exit-token`

Table B–248 crontab(1) - permission


Event Name	Program	Event ID	Event Class	Mask
`AUE_crontab_perm`	/usr/bin/crontab	`6150`	`ao`	0x00080000
Format: `header-token` `subject-token` `[group-token]` `exit-token`

Table B–249 dbmgr (Obsolete)


Event Name	Event ID	Event Class	Mask
`AUE_dm_add`	`9319`	`ao`	0x00080000
`AUE_dm_del`	`9320`
`AUE_dm_mod`	`9321`
Format: `header-token` `text-token` (database info) `text-token` (database type) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–250 deallocate(1) - device success


Event Name	Program	Event ID	Event Class	Mask
`AUE_deallocate_succ`	/usr/sbin/deallocate	`6202`	`ao`	0x00080000
Format: `header-token` `subject-token` [`slabel-token`] (subject) `newgroups-token` `exit-token`

Table B–251 deallocate(1) — device failure


Event Name	Program	Event ID	Event Class	Mask
`AUE_deallocate_fail`	/usr/sbin/deallocate	`6203`	`ao`	0x00080000
Format: `header-token` `subject-token` [`slabel-token`] (subject) `newgroups-token` `exit-token`

Table B–252 dispadmin(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_dispadmin`	/usr/sbin/dispadmin	`9025`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `text-token` (scheduler class) `path-token` (input file)

Table B–253 dtfile(1) - copy and move


Event Name	Program	Event ID	Event Class	Mask
`AUE_dtfile_copy`	/usr/dt/bin/dtfile	`9037`	`fm`	0x00000008
`AUE_dtfile_move`		`9038`
Format: `header-token` `return-token` `path-token` (target path) `slabel-token` (slabel of target) `path-token` (source path) `slabel-token` (slabel of source) `host-token`

Table B–254 eeprom(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_eeprom`	/usr/sbin/eeprom	`9032`	`as`	0x00020000
Format: `header-token` `return-token` `path-token` (prom device) `text-token` (variable=old value) `text-token` (variable=new value)

Table B–255 fuser(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_fuser`	/usr/sbin/fuser	`9031`	`ao`	0x00080000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `path-token` (file name) `arg-token` (1, “PID”, process-id)

Table B–256 groupmgr (Obsolete)


Event Name	Event ID	Event Class	Mask
`AUE_gm_add_grp`	`9307`	`ao`	0x00080000
`AUE_gm_del_grp`	`9308`	`ao`	0x00080000
`AUE_gm_mod_grp`	`9309`	`ao`	0x00080000
Format: `header-token` `text-token` (group info) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–257 halt(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_halt_solaris`	/usr/sbin/halt	`6160`	`ss`	0x00010000
Format: `header-token` `subject-token` `slabel-token` `return-token`

Table B–258 hostmgr (Obsolete)


Event Name	Event ID	Event Class	Mask
`AUE_hm_add_host`	`9310`	`ao`	0x00080000
`AUE_hm_del_host`	`9311`
`AUE_hm_mod_host`	`9312`
`AUE_hm_set_def`	`9313`
Format: `header-token` `text-token` (host info) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–259 inetd(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_inetd_connect`	/usr/sbin/inetd	`6151`	`na`	0x00000400
Format: `header-token` `subject-token` `text-token` (service name) `ip-address-token` `ip-port-token` `return-token`

Table B–260 in.ftpd(1M) - ftp access


Event Name	Program	Event ID	Event Class	Mask
`AUE_ftpd`	/usr/sbin/in.ftpd	`6165`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message, failure only) `return-token`

Table B–261 installf(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_installf`	/usr/sbin/installf	`9042`	`as`	0x00020000
Format: `header-token` `return-token` `argument-token` (package name) `subject-token` `slabel-token`

Table B–262 login(1) — local


Event Name	Program	Event ID	Event Class	Mask
`AUE_login`	/usr/bin/login	`6152`	`lo`	0x00001000
Format: `header-token` `text-token` `text-token` (message - success or failure) `subject-token` `return-token`

Table B–263 login(1) — rlogin


Event Name	Program	Event ID	Event Class	Mask
`AUE_rlogin`	/usr/bin/login	`6155`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message) `return-token`

Table B–264 login(1) — telnet


Event Name	Program	Event ID	Event Class	Mask
`AUE_telnet`	/usr/bin/login	`6154`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message) `return-token`

Table B–265 logout(1)


Event Name	Program	Event ID	Event Class	Mask
`AUE_logout`	/usr/bin/login	`6153`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` `return-token`

Table B–266 lpadmin(1M) - authorization


Event Name	Program	Event ID	Event Class	Mask
`AUE_uauth`	/usr/lib/lpadmin	`6196`	`ao`	0x00000800
Format: `header-token` `text-token` (authorization used) `return-token` `text-token` (admin command line) `subject-token` `slabel-token` `host-token`

Table B–267 lpsched(1M) - authorization

Event Name	Program	Event ID	Event Class	Mask
`AUE_uauth`	/usr/lib/lpsched	`6196`	`ad`	0x00000800
Format: `header-token` `text-token` (“ print without banners \| print without labels \|print a PostScript file”) `return-token` `text-token` (hostname/jobnumber-filenumber) `slabel-token` (label of print job) `subject-token` `slabel-token` `host-token`

Event Name

Program

Event ID

Event Class

Mask

AUE_uauth

/usr/lib/lpsched

6196

ad

0x00000800

Format:
  header-token
  text-token (“ print without banners | 
                             print without labels |print a PostScript file”)
  return-token
  text-token (hostname/jobnumber-filenumber)
  slabel-token (label of print job)
  subject-token
  slabel-token
  host-token

Table B–268 lpsched(1M) - privilege


Event Name	Program	Event ID	Event Class	Mask
`AUE_lp_cancel`	/usr/lib/lpsched	`9044`	`ao`	0x00080000
`AUE_lp_status`	/usr/lib/lpsched	`9045`
Format: `header-token` `return-token` `privilege-token` `text-token` (hostname/jobnumber-filenumber) `slabel-token` (print job label) `subject-token` `slabel-token` `host-token` (error message)

Table B–269 modload(1M), modunload(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_modload`	/usr/sbin/modload	`9020`	`as`	0x00020000
`AUE_modunload`	/usr/sbin/modunload	`9021`
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `text-token` (module pathname)

Table B–270 mountd(1M) – NFS mount

Event Name	Program	Event ID	Event Class	Mask
`AUE_mountd_mount`	/usr/lib/nfs/mountd	`6156`	`na`	0x00000400
Format: `header-token` `argument-token` `slabel-token` (subject slabel) `text-token` (remote client hostname) `path-token` (mount dir) `slabel-token` (slabel of the directory) `text-token` (error message, failure only) `attribute-token` `subject-token` `return-token`

Event Name

Program

Event ID

Event Class

Mask

AUE_mountd_mount

/usr/lib/nfs/mountd

6156

na

0x00000400

Format:
	header-token
	argument-token
	slabel-token (subject slabel)
	text-token  (remote client hostname)
	path-token  (mount dir)
	slabel-token  (slabel of the directory)
	text-token  (error message, failure only)
	attribute-token
	subject-token
	return-token

Table B–271 mountd(1M) – NFS unmount

Event Name	Program	Event ID	Event Class	Mask
`AUE_mountd_umount`	/usr/lib/nfs/mountd	`6157`	`na`	0x00000400
Format: `header-token` `slabel-token` (subject slabel) `text-token` (remote client hostname) `path-token` (mount dir) `slabel-token` (slabel of the directory) `text-token` (error message, failure only) `attribute-token` `subject-token` `return-token`

Event Name

Program

Event ID

Event Class

Mask

AUE_mountd_umount

/usr/lib/nfs/mountd

6157

na

0x00000400

Format:
	header-token
	slabel-token  (subject slabel)
	text-token  (remote client hostname)
	path-token  (mount dir)
	slabel-token  (slabel of the directory)
	text-token  (error message, failure only)
	attribute-token
	subject-token
	return-token

Table B–272 passwd(1)


Event Name	Program	Event ID	Event Class	Mask
`AUE_passwd`	/usr/bin/passwd	`6163`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message) `return-token`

Table B–273 pfexec(1)

Event Name	Program	Event ID	Event Class	Mask
`AUE_prof_cmd`	/usr/bin/pfexec	`6180`	`ao`	0x00080000
Format: `header-token` `subject-token` `slabel-token` `clearance-token` `path-token` (for pfexec) `path-token` (for invoking command) `cmd-token` `process-token` `clearance-token` `slabel-token` `privilege-token` `return-token`

Event Name

Program

Event ID

Event Class

Mask

AUE_prof_cmd

/usr/bin/pfexec

6180

ao

0x00080000

Format:
    header-token
    subject-token
    slabel-token
    clearance-token
    path-token (for pfexec) 
    path-token (for invoking command)
    cmd-token
    process-token
    clearance-token
    slabel-token
    privilege-token
    return-token

Table B–274 pbind(1M)

Event Name	Program	Event ID	Event Class	Mask
`AUE_pbind`	/usr/sbin/pbind	`9026`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `text-token` (action: “BIND” \| “UNBIND”) `arg-token` (1, “CPU”, processor id) `arg-token` (2, ”PID”, process-id)

Event Name

Program

Event ID

Event Class

Mask

AUE_pbind

/usr/sbin/pbind

9026

as

0x00020000

Format:
	header-token
	subject-token
	groups-token
	slabel-token
	return-token
	exec_args-token  (command-line arguments)
	text-token  (action: “BIND” | “UNBIND”)
	arg-token	  (1, “CPU”, processor id)
	arg-token	  (2, ”PID”, process-id)

Table B–275 pfsh — Obsolete


Event Names	Program	Event IDs	Event Class	Mask
`AUE_pfsh_trusted_priv`	/usr/bin/pfsh	9007	`ao`	0x00080000
`AUE_pfsh_trusted_nopriv`		9008
`AUE_pfsh_priv`		`9009`
`AUE_pfsh_nopriv`		`9010`	`ap`	0x00004000
Format: `header-token` `path-token` (of the executable) `exec_args-token` `path-token` (of current directory) `privilege-token` `return-token` `exec_env-token` (if AUDIT_ARGE is on) `subject-token` `slabel-token`

Table B–276 pkgadd(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_pkginstall`	/usr/sbin/pkgadd	`9040`	`as`	0x00020000
Format: `header-token` `return-token` `argument-token` (package name) `subject-token` `slabel-token`

Table B–277 pkgrm(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_pkgremove`	/usr/sbin/pkgrm	`9041`	`as`	0x00020000
Format: `header-token` `return-token` `argument-token` (package name) `subject-token` `slabel-token`

Table B–278 Print Manager


Event Name	Event ID	Event Class	Mask
`AUE_printer_add`	`6187`	`ad`	0x00000800
`AUE_printer_delete`	`6188`
`AUE_printer_delete`	`6189`
Format: `header-token` `text-token` (printer info) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–279 printmgr (Obsolete)


Event Name	Event ID	Event Class	Mask
`AUE_pm_add_prn`	`9316`	`ao`	0x00080000
`AUE_pm_del_prn`	`9318`	`ao`	0x00080000
`AUE_pm_mod_prn`	`9317`	`ao`	0x00080000
Format: `header-token` `text-token` (printer info) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–280 profmgr - add profile (Obsolete)


Event Name	Program	Event ID	Event Class	Mask
`AUE_pm_add_prof`		`9306`	`ao`	0x00080000
Format: `header-token` `text-token` (new profile info) `text-token` (error message) `return-token` `subject-token` `slabel-token` See Table B–303 for the current Rights profile audit records.

Table B–281 profmgr - delete profile (Obsolete)


Event Name	Program	Event ID	Event Class	Mask
`AUE_pm_del_prof`		`9304`	`ao`	0x00080000
Format: `header-token` `text-token` (profile info) `text-token` (error message) `return-token` `subject-token` `slabel-token` See Table B–303 for the current Rights profile audit records.

Table B–282 profmgr - modify profile (Obsolete)


Event Name	Program	Event ID	Event Class	Mask
`AUE_pm_mod_prof`		`9305`	`ao`	0x00080000
Format: `header-token` `text-token` (old profile info) `text-token` (new profile info) `text-token` (error message) `return-token` `subject-token` `slabel-token` See Table B–303 for the current Rights profile audit records.

Table B–283 psradm(1m)

Event Name

Program

Event ID

Event Class

Mask

AUE_psradm

/usr/sbin/psradm

9027

ps

0x00100000

Format:
	header-token
	subject-token
	groups-token
	slabel-token
	return-token
	exec_args-token  (command-line arguments)
	text-token  (action: “ON” | “OFF”)
	arg-token	  (1, ”PID”, processor id)

Table B–284 reboot(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_reboot_solaris`	/usr/sbin/reboot	`6161`	`ss`	0x00010000
Format: `header-token` `subject-token` `return-token`

Table B–285 removef(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_removef`	/usr/sbin/removef	`9043`	`as`	0x00020000
Format: `header-token` `return-token` `argument-token` (package name) `subject-token` `slabel-token`

Table B–286 rpc.rexd(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_rexd`	/usr/sbin/rpc.rexd	`6164`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message, failure only) `text-token` (hostname) `text-token` (username) `text-token` (command to be executed) `exit-token`

Table B–287 in.rexecd(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_rexecd`	/usr/sbin/in.rexecd	`6162`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message, failure only) `text-token` (hostname) `text-token` (username) `text-token` (command to be executed) `exit-token`

Table B–288 in.rshd(1M) - rsh access


Event Name	Program	Event ID	Event Class	Mask
`AUE_rshd`	/usr/sbin/in.rshd	`6158`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (command string) `text-token` (local user) `text-token` (remote user) `return-token`

Table B–289 rem_drv(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_rem_drv`	/usr/sbin/rem_drv	`9019`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `text-token` (driver name) [`text-token`] (base directory)

Table B–290 init(1M) - run level change


Event Name	Program	Event ID	Event Class	Mask
`AUE_run_level_change`	/usr/sbin/init	`9024`	`ss`	0x00010000
Format: `header-token` `text-token` (new run level) `subject-token` `slabel-token` (if slabel policy on) `return-token`

Table B–291 role login


Event Name	Program	Event ID	Event Class	Mask
`AUE_role_login`		`6173`	`lo`	0x00001000
Format: `header-token` `subject-token` `slabel-token` (if slabel policy on) `return-token` `host-token`

Table B–292 Selection Manager Transfer


Event Name	Program	Event ID	Event Class	Mask
`AUE_sel_mgr_xfer`		`9039`	`ax`	0x00002000
Format: `header-token` `subject-token` `slabel-token` `return-token`

Table B–293 sendmail(1M)

Event Name

Program

Event ID

Event Class

Mask

AUE_sendmail_deliver AUE_sendmail_defer

/usr/lib/sendmail

9013 9014

ao

0x00080000

Format:
	header-token
	text-token	  (message about status)
	text-token	  (to)
	text-token  (message ID)
	text-token	  (from)
	text-token	  (from host)
	text-token	  (to user)
	text-token	  (to host)
	return-token	
	slabel-token

Table B–294 sendmail(1M) - upgrade


Event Name	Program	Event ID	Event Class	Mask
`AUE_sendmail_upgrade`	/usr/lib/sendmail	`9012`	`ao`	0x00080000
Format: `header-token` `text-token` (message ID) `slabel-token` (old label) `slabel-token` (new label) `subject-token` `slabel-token`

Table B–295 serialmgr (Obsolete)


Event Name	Event ID	Event Class	Mask
`AUE_sm_del_ser`	`9315`	`ao`	0x00080000
`AUE_sm_mod_ser`	`9314`
Format: `header-token` `text-token` (port info) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–296 setuname(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_setuname`	/usr/bin/setuname	`9022`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token`(command-line arguments) `text-token` (action: “ADD” \| “DELETE”) `path-token` (swapname)

Table B–297 share(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_EXPORTFS`	/usr/lib/fs.d/nfs/share	61	`ao`	0x00080000
Format: `header-token` `subject-token` `slabel-token` (subject slabel) `path-token` (export directory) `slabel-token` (slabel of the directory) `text-token` (export options) `return-token`

Table B–298 Solaris Management Console - authentication


Event Name	Program	Event ID	Event Class	Mask
`AUE_admin_authenticate`	SMC — authentication	`6123`	`ao`	0x00080000
Format: `header-token` `subject-token` `slabel-token` `return-token` `host-token`

Table B–299 Solaris Management Console - Computers and Networks


Event Name	Program	Event ID	Event Class	Mask
`AUE_network_add`	SMC Computers and Networks	`6184`	`ao`	0x00080000
`AUE_network_delete`	SMC Computers and Networks	`6185`
`AUE_network_modify`		`6186`
Format: `header-token` `subject-token` `slabel-token` `text-token` (a file, such as: `hosts`, `tnrhtp`, `tnrhdb`, `networks`, `tnidb`) `text-token` (name service) `uauth-token` `text-token` (attributes in key-value pair format) `return-token` `host-token`

Table B–300 Solaris Management Console - Mounts and Shares


Event Name	Program	Event ID	Event Class	Mask
`AUE_filesystem_add`	SMC Mounts and Shares	`6181`	`ao`	0x00080000
`AUE_filesystem_delete`	SMC Mounts and Shares	`6182`
`AUE_filesystem_modify`		`6183`
Format: `header-token` `subject-token` `slabel-token` `text-token` (SMC object) `text-token` (name service) `uauth-token` `text-token` (attributes in key-value pair format) `return-token` `host-token`

Table B–301 Solaris Management Console - Serial Ports


Event Name	Program	Event ID	Event Class	Mask
`AUE_serialport_add`	SMC Serial Ports	`6193`	`ao`	0x00080000
`AUE_serialport_delete`	SMC Serial Ports	`6194`
`AUE_serialport_modify`		`6195`
Format: `header-token` `subject-token` `slabel-token` `text-token` (SMC object) `text-token` (name service) `uauth-token` `text-token` (attributes in key-value pair format) `return-token` `host-token`

Table B–302 Solaris Management Console - Scheduled Jobs


Event Name	Program	Event ID	Event Class	Mask
`AUE_scheduledjob_add`	SMC Scheduled Jobs	`6190`	`ao`	0x00080000
`AUE_scheduledjob_delete`	SMC Scheduled Jobs	`6191`
`AUE_scheduledjob_modify`		`6192`
Format: `header-token` `subject-token` `slabel-token` `text-token` (SMC object) `text-token` (name service) [`uauth-token`] (when required) `text-token` (attributes in key-value pair format) `return-token` `host-token`

Table B–303 Solaris Management Console - User Accounts and Rights


Event Name	Program	Event ID	Event Class	Mask
`AUE_usermgr_add`	SMC User Accounts	`6196`	`ad`	0x00000800
`AUE_usermgr_delete`	SMC User Accounts	`6197`
`AUE_usermgr_modify`		`6198`
Format: `header-token` `subject-token` `slabel-token` `text-token` (SMC object) [`text-token`] (domain name) `text-token` (name service) `uauth-token` `text-token` (attributes in key-value pair format) `return-token` `host-token` Adding a user generates three records, one for each SMC object.

Table B–304 Workspace Label Change


Event Name	Program	Event ID	Event Class	Mask
`AUE_sl_change`		`9035`	`ap`	0x00004000
Format: `header-token` `subject-token` `slabel-token` (original SL) `slabel-token` (new SL) `return-token` `host-token`

Table B–305 su(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_su`	/usr/bin/su	`6159`	`lo`	0x00001000
Format: `header-token` `subject-token` `text-token` (error message) `return-token`

Table B–306 swap(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_swap`	/usr/sbin/swap	`9030`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` `text-token` (new node name \| “none”) `text-token` (new systemname \| “none”)

Table B–307 uadmin(1M)

Event Name

Program

Event ID

Event Class

Mask

AUE_uadmin_cmd

/usr/sbin/uadmin

9023

ss

0x00010000

Format:
	header-token
	subject-token
	groups-token
	slabel-token
	return-token
	exec_args-token  (command-line arguments)
	argument-token  (1, “cmd”, command code)
	argument-token  (2, “fcn”, function code)

Table B–308 uauth - Use of Authorization


Event Name	Program	Event ID	Event Class	Mask
`AUE_uauth`	use of authorization	`6199`	`ao`	0x00080000
(See Table B–267 for use of authorization with printing) Format: `header-token` `subject-token` `slabel-token` `uauth-token` `text-token` (SMC object) `return-token` `host-token`

Table B–309 uautho (Obsolete)


Event Name	Program	Event ID	Event Class	Mask
`AUE_uauth`	use of authorization	`9017`	`ao`	0x00080000
Format: `header-token` `text-token` (user name) `text-token` (authorization) `subject-token` `return-token`

Table B–310 usermgr (Obsolete)


Event Name	Event ID	Event Class	Mask
`AUE_um_add_user`	`9302`	`ao`	0x00080000
`AUE_um_del_user`	`9301`
`AUE_um_mod_user`	`9300`
`AUE_um_set_def`	`9303`
Format: `header-token` `text-token` (user info) `text-token` (error message) `return-token` `subject-token` `slabel-token`

Table B–311 uname(1)


Event Name	Program	Event ID	Event Class	Mask
`AUE_uname_set`	/usr/bin/uname	`9024`	`as`	0x00020000
Format: `header-token` `subject-token` `groups-token` `slabel-token` `return-token` `exec_args-token` (command-line arguments) `text-token` (new node name)

Table B–312 unshare(1M)


Event Name	Program	Event ID	Event Class	Mask
`AUE_exportfs`	/usr/lib/fs.d/nfs/share		`na`	0x00000400
Format: `header-token` `subject-token` `slabel-token` (subject slabel) `path-token` (export directory) `return-token`