Audit Records
Each audit record describes the occurrence of a single audited event and includes such information as who did the action, which files were affected, what action was attempted, and where and when it occurred.
The type of information saved for each audit event is defined as a set of audit tokens. The definition and structure of every audit token are described in detail in Audit Token Structure. Each time an audit record is created for an event, the record contains some or all of the tokens defined for it, depending on the nature of the event and the audit policy. The audit record descriptions in Audit Records list in order the audit tokens defined for each event.
Audit records are stored in audit files. An audit trail is one or more audit files in a distributed system. The construction of the audit trail is shown in Figure 1–1. The audit trail may be converted to a human readable format by the praudit(1M) command. Specific audit records can be selectively chosen using the auditreduce(1M) command. See Audit Files Management, for details.
Figure 1–1 From the Audit Token to the Audit Trail
- © 2010, Oracle Corporation and/or its affiliates