AUDIT_EVENT(5) | File Formats and Configurations | AUDIT_EVENT(5) |
/etc/security/audit_event
The fields for each event entry are separated by colons. Each event is separated from the next by a NEWLINE.Each entry in the audit_event file has the form:
number:name:description:flags
The fields are defined as follows:
number
Event number ranges are assigned as follows:
0
1-2047
2048-32767
32768-65535
System administrators must not add, delete, or modify (except to change the class mapping), events with an event number less than 32768. These events are reserved by the system.
name
description
flags
Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer generated. Obsolete events are retained to process old audit trail files. Other events which are not obsolete may also be assigned to the no class.
The following is an example of some audit_event file entries:
7:AUE_EXEC:exec(2):ps,ex 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw 6152:AUE_login:login - local:lo 6153:AUE_logout:logout:lo 6154:AUE_telnet:login - telnet:lo 6155:AUE_rlogin:login - rlogin:lo
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | See below. |
The file format stability is Committed. The file content is Uncommitted.
March 6, 2017 | OmniOS |