File Formats audit_event(4)
NAME
audit_event - audit event definition and class mapping
SYNOPSIS
/etc/security/audit_event
DESCRIPTION
/etc/security/audit_event is a user-configurable ASCII sys-
tem file that stores event definitions used in the audit system. As part of this definition, each event is mapped toone or more of the audit classes defined in audit_class(4).
See auditconfig(1M) and user_attr(4) for information about
changing the preselection of audit classes in the audit sys-
tem. Programs can use the getauevent(3BSM) routines to access audit event information. The fields for each event entry are separated by colons. Each event is separated from the next by a NEWLINE.Eachentry in the audit_event file has the form:
number:name:description:flags The fields are defined as follows: number Event number. Event number ranges are assigned as follows: 0 Reserved as an invalid event number.1-2047 Reserved for the Solaris Ker-
nel events.2048-32767 Reserved for the Solaris TCB
programs.32768-65535 Available for third party TCB
applications. System administrators must not add, delete, or modify (except to change the class mapping), events with an event number less than 32768. These eventsSunOS 5.11 Last change: 20 Sep 2010 1
File Formats audit_event(4)
are reserved by the system. name Event name. description Event description. flags Flags specifying classes to which the event is mapped. Classes are comma separated, without spaces. Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer generated. Obsolete events are retained to process old audit trail files. Other events which are not obsolete may also be assigned to the no class.EXAMPLES
Example 1 Using the audit_event File
The following is an example of some audit_event file
entries:7:AUE_EXEC:exec(2):ps,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - local:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 20 Sep 2010 2
File Formats audit_event(4)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | See below. ||_____________________________|_____________________________|
The file format stability is Committed. The file content is Uncommitted. FILES/etc/security/audit_event
SEE ALSO
auditconfig(1M), getauevent(3BSM), audit_class(4),
user_attr(4)
Part VII, Oracle Solaris Auditing, in System Administration Guide: Security Services NOTES This functionality is available only if Solaris Auditing has been enabled.SunOS 5.11 Last change: 20 Sep 2010 3