| |
| Command that controls the actions of the audit service audit -n starts a new audit file for the audit_binfile plugin. audit -s enables and refreshes auditing. audit -t disables auditing. audit -v verifies that at least one plugin is active.
|
| Default audit plugin, which sends audit records to a binary file. See
also Audit Plugins.
|
| Audit plugin that sends audit records to a remote receiver.
|
| Audit plugin that sends text summaries of audit records to the syslog utility.
|
|
File that contains the definitions of audit classes. The eight high-order bits are
available for customers to create new audit classes. For more information about the effect of
modifying this file on system upgrade, see How to Add an Audit
Class.
|
|
File that contains the definitions of audit events and maps the events to audit classes.
The mapping can be modified. For more information about the effect of modifying this file on system
upgrade, see How to Change an Audit Event's Class
Membership.
|
| Describes the syntax of audit class preselection, the prefixes for selecting
only failed events or only successful events, and the prefixes that modify
an existing preselection.
|
| Describes the naming of binary audit files, the internal structure of
a file, and the structure of every audit token.
|
|
Script that notifies an email alias when the audit service encounters an unusual
condition while writing audit records. You can customize this script for your site to warn of
conditions that might require manual intervention or can specify how to handle those conditions
automatically.
|
| Command that retrieves and sets audit
configuration parameters. Issue this auditconfig with no options to display a list of parameters that
can be retrieved and set.
|
|
|
| Command that post-selects and
merges audit records that are stored in binary format. The command can merge
audit records from one or more input audit files. The records remain in binary
format. Uppercase options affect file selection. Lowercase options affect record
selection.
|
| Command that displays kernel
audit statistics. For example, the command can display the number of records
in the kernel audit queue, the number of dropped records, and the number of
audit records that user processes produced in the kernel as a result of system
calls.
|
| Command that reads audit records
in binary format from standard input and displays the records in a presentable
format. The input can be piped from the auditreduce command
or from a single audit file or a list of audit files. Input can also be produced
with the tail -0f command for a current audit file.
|
| File that is configured to send text summaries of audit records
to the syslog utility for the audit_syslog plugin.
|