|
|  以 PDF 格式下载本书
NAME
- audit_event - audit event definition and class mapping
SYNOPSIS
-
/etc/security/audit_event
AVAILABILITY
- The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
DESCRIPTION
-
/etc/security/audit_event is an ASCII system file that stores event definitions and specifies the event to class mappings. Programs use the getauevent (3)routines to access this information.
- The fields for each event entry are separated by colons. Each event is separated from the next by a newline.
- Each entry in the audit_event file has the form:
-
number: name: description: flags
- The fields are defined as follows:
-
-
number
- The event number.
-
-
name
- The event name.
-
-
description
- The description of the event.
-
-
flags
- Flags specifying classes to which the event is mapped.
EXAMPLES
- Here is a sample of the audit_event file entries:
-
-
7:AUE_EXEC:exec(2):pc,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - success or failure:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - through telnet:lo
6155:AUE_rlogin:login - through rlogin:lo
FILES
-
/etc/security/audit_event
SEE ALSO
-
bsmconv(1M), getauevent (3),audit_control(4)
|
|
