|AUDIT_CLASS(5)||File Formats and Configurations||AUDIT_CLASS(5)|
The fields for each class entry are separated by colons. Each class entry is a bitmap and is separated from each other by a newline.
Each entry in the audit_class file has the form:
The fields are defined as follows:
Each class is represented as a bit in the class mask which is an unsigned integer. Thus, there are 32 different classes available. Meta-classes can also be defined. These are supersets composed of multiple base classes, and thus will have more than 1 bit in its mask. See Examples. Two special meta-classes are also pre-defined: all, and no.
The following is an example of an audit_class file:
0x00000000:no:invalid class 0x00000001:fr:file read 0x00000002:fw:file write 0x00000004:fa:file attribute access 0x00000008:fm:file attribute modify 0x00000010:fc:file create 0x00000020:fd:file delete 0x00000040:cl:file close 0x00000100:nt:network 0x00000200:ip:ipc 0x00000400:na:non-attribute 0x00001000:lo:login or logout 0x00004000:ap:application 0x000f0000:ad:old administrative (meta-class) 0x00070000:am:administrative (meta-class) 0x00010000:ss:change system state 0x00020000:as:system-wide administration 0x00040000:ua:user administration 0x00080000:aa:audit utilization 0x00300000:pc:process (meta-class) 0x00100000:ps:process start/stop 0x00200000:pm:process modify 0x20000000:io:ioctl 0x40000000:ex:exec 0x80000000:ot:other 0xffffffff:all:all classes (meta-class)
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
|Interface Stability||See below.|
The file format stability is Committed. The file content is Uncommitted.
|March 6, 2017||OmniOS|