Nonattributable Audit Events (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: User-Level Audit Events
Next: Audit Classes

Nonattributable Audit Events

Most events are attributable to an individual user, but not all. These events are known as nonattributable events. Events are nonattributable if they occur at the kernel-interrupt level or before a user is identified and authenticated. Nonattributable events are auditable as well. AUE_ENTERPROM (kernel-level event number 153), and AUE_mountd_mount (user-level event number 6156), are examples of nonattributable events. Check the /etc/security/audit_event file for the exact numbers of individual events.

Previous: User-Level Audit Events
Next: Audit Classes