Managing Auditing in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

Audit Record Structure

An audit record is a sequence of audit tokens. Each audit token contains event information such as user ID, time, and date. A header token begins an audit record, and an optional trailer token concludes the record. Other audit tokens contain information relevant to the audit event. The following figure shows a typical kernel audit record and a typical user-level audit record.

Figure 7-1  Typical Audit Record Structures

image:Graphic shows two typical audit record structures. The kernel record contains data tokens before the subject token.