[Go to CFHT Home Page] Man Pages
Back to Software Index  BORDER=0Manpage Top Level
    audit_event(4) manual page Table of Contents

Name

audit_event - audit event definition and class mapping

Synopsis

/etc/security/audit_event

Availability

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

Description

/etc/security/audit_event is an ASCII system file that stores event definitions and specifies the event to class mappings. Programs use the getauevent(3) routines to access this information.

The fields for each event entry are separated by colons. Each event is separated from the next by a newline.

Each entry in the audit_event file has the form:

number:name:description:flagsThe fields are defined as follows:
number
The event number.
name
The event name.
description
The description of the event.
flags
Flags specifying classes to which the event is mapped.

Examples

Here is a sample of the audit_event file entries: 


7:AUE_EXEC:exec(2):pc,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - success or failure:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - through telnet:lo
6155:AUE_rlogin:login - through rlogin:lo

Files


/etc/security/audit_event

See Also

bsmconv(1M) , getauevent(3) , audit_control(4)

Table of Contents