*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> audevent (1m)              
Title
Content
Arch
Section
 

Contents


 audevent(1M)                                                   audevent(1M)




 NAME    [Toc]    [Back]
      audevent - change or display event or system call audit status

 SYNOPSIS    [Toc]    [Back]
      audevent [-P|-p] [-F|-f] [-E] [[-e event] ...] [-S] [[-s syscall] ...]

      audevent [-l]

 DESCRIPTION    [Toc]    [Back]
      audevent changes or displays the auditing status of the given events
      or system calls.  The event is used to specify names associated with
      certain self-auditing commands; syscall is used to select related
      system calls.

      If neither -P, -p, -F, nor -f is specified, the current status of the
      selected events or system calls is displayed.

      If the -E option is supplied, it is redundant to specify events with
      the -e option.  This also applies to the -S and -s options.  If no
      event is specified, all events are selected.  If no system call is
      specified, all system calls associated with the selected events are
      selected.

      audevent takes effect immediately.  However, the events and system
      calls specified are audited only when called by a user currently being
      audited (see audusr(1M)).

      If -l is specified, a list of valid events and their associated system
      calls (if any) are displayed.  This option may be helpful when
      deciding which -e or -s options to use.

           Note: The set of audited system calls and corresponding audit
           events varies frequently as HP-UX evolves.  The system call name
           referred to by the auditing system usually matches the real
           system call name, but with a few exceptions.  Some important
           known exceptions are provided in System Call Name Mapping
           Execptions.

      Only the super-user can change or display audit status.

    Options    [Toc]    [Back]
      audevent recognizes the following options and command-line arguments:

           -P             Audit successful events or system calls.

           -p             Do not audit successful events or system calls.

           -F             Audit failed events or system calls.

           -f             Do not audit failed events or system calls.




 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003






 audevent(1M)                                                   audevent(1M)




           -E             Select all events for change or display.

           -e event       Select event for change or display.

           -S             Select all system calls for change or display.

           -s syscall     Select syscall for change or display.

           -l             Display a list of valid events and their
                          associated system calls.  This option should not
                          be used with any other options.

      The following is a list of the valid event types or categories:

           create         Object creation.  For example, file creation,
                          directory creation, and other object creation.

           delete         Object deletion.  For example, file deletion,
                          directory deletion, and other object deletion.

           readdac        Discretionary access control (DAC) information
                          reading events.

           moddac         DAC modification events.

           modaccess      Non-DAC modification events.

           open           Object opening.  For example, file open and other
                          object open.

           close          Object closing.  For example, file close and other
                          object close.

           process        Process operations.

           removable      Removable media events.  For example,  mounting
                          and unmounting events.

           login          Login and logout events not related to any
                          particular system call.

           admin          All administrative and privileged events.

           ipccreat       Interprocess Communication (IPC) object creation.

           ipcopen        IPC object opening.

           ipcclose       IPC object deletion.

           ipcdgram       IPC Datagram transactions.




 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003






 audevent(1M)                                                   audevent(1M)




           uevent1        User-defined event 1 (for self-auditing records).

           uevent2        User-defined event 2 (for self-auditing records).

           uevent3        User-defined event 3 (for self-auditing records).

    System Call Name Mapping Exceptions    [Toc]    [Back]
      The following are some important known system call name mapping
      exceptions:

           sem_open()     is referred to as ksem_open().

           sem_unlink()   is referred to as ksem_unlink().

           sem_close()    is referred to as ksem_close().

           gethostname(), sethostname(), uname(), ustat(), setuname() are
                          all referred to as utssys() by the auditing
                          system.

 WARNINGS    [Toc]    [Back]
      All modifications made to the auditing system are lost upon reboot.

      To make the changes permanent, set AUDEVENT_ARGS1, AUDEVENT_ARGS2, or
      AUDEVENT_ARGS3 in /etc/rc.config.d/auditing.

 AUTHOR    [Toc]    [Back]
      audevent was developed by HP.

 SEE ALSO    [Toc]    [Back]
      audisp(1M), audomon(1M), audsys(1M), audusr(1M), getevent(2),
      setevent(2), audit(4), audit(5).


 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003
[ Back ]
      
      
 Similar pages
Name OS Title
sat_eventtostr IRIX convert an audit event index to/from an audit event string
rtmon-run IRIX enable system call event tracing
audsys HP-UX start or halt the auditing system and set or display audit file information
icod_stat HP-UX Display instant Capacity on Demand (iCOD) status and system information.
aud_sitevent_num Tru64 audit site event operations
aud_sitevent Tru64 audit site event operations
audisp HP-UX display the audit information as requested by the parameters
gprof FreeBSD display call graph profile data
gprof HP-UX display call graph profile data
gprof OpenBSD display call graph profile data
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service