Go to main content

Managing Auditing in Oracle® Solaris 11.4

Exit Print View

Updated: February 2019

Audit Token Formats

Each audit record contains a series of audit tokens that describe the attributes of that record. Every audit record begins with a header token, which indicates where the audit record begins in the audit trail. The header token is followed by various data tokens that describe attributes such as user ID, process ID or session ID. Depending on the audit policy, optional tokens may be included in an audit record.

Oracle Solaris adds tokens to record sensitive information in new features. For example, in this release, the new tokens include annotation and cipher.

To view the list of tokens and their definitions, see the audit.log(5) man page.

Note - Obsolete tokens are maintained for compatibility with previous Solaris releases. For information about obsolete tokens, see the reference material for the release that included the token.