Each audit record contains a series of audit tokens that describe the attributes of that record. Every audit record begins with a header token, which indicates where the audit record begins in the audit trail. The header token is followed by various data tokens that describe attributes such as user ID, process ID or session ID. Depending on the audit policy, optional tokens may be included in an audit record.
Oracle Solaris adds tokens to record sensitive information in new features. For example, in this release, the new tokens include annotation and cipher.
To view the list of tokens and their definitions, see the audit.log(5) man page.