Managing Auditing in Oracle® Solaris 11.2

Exit Print View

 
Updated: July 2014
 
 

Audit Token Formats

Each audit token has a token type identifier, which is followed by data that is specific to the token. The following table shows the token names with a brief description of each token. Obsolete tokens are maintained for compatibility with previous Solaris releases.

Table 7-1  Audit Tokens for Auditing
Token Name
Description
For More Information
acl
Access Control Entry (ACE) and Access Control List (ACL) information
acl Token
arbitrary
Data with format and type information
audit.log (4) man page
argument
System call argument value
argument Token
attribute
File vnode information
attribute Token
cmd
Command arguments and environment variables
cmd Token
exec_args
Exec system call arguments
exec_args Token
exec_env
Exec system call environment variables
exec_env Token
exit
Program exit information
audit.log (4) man page
file
Audit file information
file Token
fmri
Framework Management Resource Indicator
fmri Token
group
Process groups information
group Token
header
Indicates start of audit record
header Token
ip
IP header information
audit.log (4) man page
ip address
Internet address
ip address Token
ip port
Internet port address
ip port Token
ipc
System V IPC information
ipc Token
IPC_perm
System V IPC object access information
IPC_perm Token
opaque
Unstructured data (unspecified format)
audit.log (4) man page
path
Path information
path Token
path_attr
Access path information
path_attr Token
privilege
Privilege set information
privilege Token
process
Process information
process Token
return
Status of system call
return Token
sequence
Sequence number
sequence Token
socket
Socket type and addresses
socket Token
subject
Subject information (same format as process)
subject Token
text
ASCII string
text Token
trailer
Indicates end of audit record
trailer Token
use of authorization
Use of authorization
use of authorization Token
use of privilege
Use of privilege
use of privilege Token
user
User ID and user name
user Token
xclient
X client identification
xclient Token
zonename
Name of zone
zonename Token
Trusted Extensions tokens
label and X Window System information
Trusted Extensions Audit Reference in Trusted Extensions Configuration and Administration

    The following tokens are obsolete:

  • liaison

  • host

  • tid

For information about obsolete tokens, see the reference material for the release that included the token.

An audit record always begins with a header token, which indicates where the audit record begins in the audit trail. In the case of attributable events, the subject and the process tokens refer to the values of the process that caused the event. In the case of non-attributable events, the process token refers to the system.

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next