audit_event(4)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO

NAME

audit_event– Audit event definition and class mapping file

SYNOPSIS

/etc/security/audit_event

DESCRIPTION

/etc/security/audit_event is a plain text system file that stores event definitions and specifies the event-to-class mappings. Programs use the getauevent(3BSM) routines to access this information.

The fields for each event entry are separated by colons. Each event is separated from the next by a newline.

Each entry in the audit_event file has the form:

---

number:name:description: flags

---

The fields are defined as follows:

number

The event number.

name

The event name.

description

The description of the event.

flags

Flags specifying classes to which the event is mapped.

EXAMPLES

---

Example 1 Some audit_event file entries




7:AUE_EXEC:exec(2):ps 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw 6152:AUE_login:login - local:lo 6153:AUE_logout:logout:lo 6154:AUE_telnet:login - telnet:lo 6155:AUE_rlogin:login - rlogin:lo

---

FILES

/etc/security/audit_event

Audit event definition and class mapping file.

SUMMARY OF TRUSTED SOLARIS CHANGES

The Trusted Solaris environment adds audit events to the audit_event file, and remaps some audit events to audit classes that do not exist in the Solaris environment. Also, auditing is enabled by default. See Trusted Solaris Audit Administration for how to disable and enable auditing.

SEE ALSO

Trusted Solaris 8 HW 12/02 Reference Manual

getauevent(3BSM), audit_control(4)

Trusted Solaris Audit Administration

SunOS 5.8  Last Revised 20 Apr 2000

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | FILES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO