audit_event_defs(4M) DG/UX B2 Security R4.12MU02 audit_event_defs(4M)
NAME
auditeventdefs - audit event definitions
DESCRIPTION
The file /etc/tcb/audit/auditeventdefs specifies the name,
abbreviation, number, and class of each event. Each entry has the
following format:
name abbrev number class
Fields are separated by spaces or tabs, and each entry is delimited
by a new-line character. Comment lines begin with number sign (#).
The entry fields are as follows:
name This is the text string (or alias) used to uniquely identify
the event.
abbrev This is a short name (abbreviation) for the event. A minus
sign (-) in this field indicates that no abbreviation is
defined for this event.
number The event number, which determines the mapping to which the
entry belongs. (See below.)
class The class name of the event. Class names are defined in the
auditmaskdefs file [see auditmaskdefs(4M)].
The auditeventdefs file is divided into four sections, each of
which defines an event-to-class mapping:
The DG/UX command map, which lists the audit events in
commands supplied by the DG/UX system.
The DG/UX kernel map, which lists the audit events associated
with the DG/UX kernel.
The ISV map, which lists the audit events in code supplied by
independent software vendors (ISVs).
The SITE map, which lists the audit events in code written by
customers.
Each map is assigned an offset value, which is added to the event
number for use in selector value sets for audselect(1M):
+------------------------------------------------+
|Constant Map Default Value |
+------------------------------------------------+
|DG_ET_LOWEST_CMD_EVENT Command 0 |
+------------------------------------------------+
|DG_ET_LOWEST_ISV_EVENT ISV 5,000 |
+------------------------------------------------+
|DG_ET_LOWEST_KERNEL_EVENT kernel 10,000 |
+------------------------------------------------+
|DG_ET_LOWEST_SITE_EVENT SITE 20,000 |
+------------------------------------------------+
On a DG/UX system with an added Information Security Option, these
constants are defined in the sys/dgevents.h file.
SEE ALSO
audadmin(1M), audprint(1M), audselect(1M), auditaliasdefs(4M),
auditmaskdefs(4M).
Licensed material--property of copyright holder(s)