aueventmgmt(1M) — ADMINISTRATOR COMMANDS
NAME
aueventmgmt − manages the audit event file
SYNOPSIS
aueventmgmt [ name ... ]
aueventmgmt [ -q ] [ -ieventID ] [ -d"description" ] name
aueventmgmt [ -q ] -a name eventID [ "description" ]
aueventmgmt [ -q ] -x name [ name ... ]
DESCRIPTION
aueventmgmt allows root to manage the audit event file, /var/security/auevent. If aueventmgmt is invoked without any parameters, the event IDs and descriptions for all events in the audit event file are printed to standard output. If aueventmgmt is invoked with only audit event names for parameters, the event IDs and descriptions for the supplied events will be printed to standard output.
The options available are:
-d"description" Sets the description field for the audit event name in /var/security/auevent. The description cannot be longer than 1024 characters (as defined by PATH_MAX in <limits.h>).
-ieventID Sets the event ID for the audit event name in /var/security/auevent. Audit event IDs must be unique.
-a Adds the audit event name to /var/security/auevent.
-x Deletes the audit event(s) name from /var/security/auevent.
-q Sets the event ID and/or description quietly.
If a new audit event is being added to /var/security/auevent, the event ID must be specified; the description is optional. Audit event names must be uniquely defined and cannot be longer than 45 characters (as defined by MAX_ALIAS_LEN in <sys/audit.h>).
FILES
/var/security/auevent Contains the valid audit events
SEE ALSO
getaeent(3A), auevent(4), audit(4)
NOTES
Though the descriptions of audit events distributed with the system may be modified, their audit event IDs must not be changed. The ability to change audit event IDs is intended for use only with new (locally created) audit events.
(Security Enhancement)