Audit Record Structure

An audit record is a sequence of audit tokens. Each audit token contains event information such as user ID, time, and date. A header token begins an audit record, and an optional trailer token concludes the record. Other audit tokens contain information relevant to the auditable event. The following figure shows a typical audit record.

Figure 23–3 Typical Audit Record Structure

Diagram shows a typical audit record structure, which includes a header token followed by an arg, a data, a subject, and a return token.

Previous: Naming Conventions for Audit Files
Next: Audit Token Formats