*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> aud_audit_events (5)              
Title
Content
Arch
Section
 

Contents


 aud_audit_events(5)                 OSF                 aud_audit_events(5)




 NAME    [Toc]    [Back]
      aud_audit_events - Auditable events for the audit services

 DESCRIPTION    [Toc]    [Back]
      Code is in place for auditing audit service-significant events.  Among
      these events are:


        +  Administrative operations

           These are subdivided into modify and query operations.

        +  Filter operations

           These are subdivided into modify and query operations.


      Event class definitions, together with filters, control the auditing
      execution at these code points.  Filters can be updated dynamically.
      Filter files are maintained by a per-host audit daemon, and are shared
      among all the audit clients on the same host.   The dcecp command
      interface program is used for maintaining the filters.  (See the dcecp
      reference page.) The dcecp command is executable by all users and
      system administrators.  The control on who is allowed to modify
      filters is done through audit daemon's ACL, which maintains the
      filters.

      The Audit Service RPC interfaces include audit_control and
      audit_filter operations.

    Administrative Operations    [Toc]    [Back]
      The dce_audit_admin_modify and dce_audit_admin_query event classes
      lump together the administrative operations that are performed on the
      Audit daemon.

      The dce_audit_admin_modify event class has the following events that
      modify the operation of the Audit daemon:


        +  EVT_MODIFY_STATE - Enables or disables the Audit daemon for
           logging.

        +  EVT_MODIFY_SSTRATEGY - Modifies storage strategy.  This can be
           any of the following:


             -- Save - If the trail is full, it is backed up and renamed
                with a timestamp then writes on the original trail again.

             -- Wrap - If the trail is full, goes back to the beginning of
                the file, overwriting previously written records.



 Hewlett-Packard Company            - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 aud_audit_events(5)      Open Software Foundation       aud_audit_events(5)




        +  EVT_REWIND - Rewinds the Audit daemon's central trail file.

        +  EVT_STOP - Stops the Audit daemon.


      The following are the audit code points in the Audit Service
      interfaces, with their Event Types, Event Classes, and any EventSpecific
 Information.


      Event Type (Event Number, Event Classes)
                EVT_MODIFY_STATE (0x306, dce_audit_admin_modify)


                Event-Specific Information
                          None


      Event Type (Event Number, Event Classes)
                EVT_MODIFY_SSTRATEGY (0x305, dce_audit_admin_modify)


                Event-Specific Information
                          None


      Event Type (Event Number, Event Classes)
                EVT_REWIND (0x307, dce_audit_admin_modify)


                Event-Specific Information
                          None


      Event Type (Event Number, Event Classes)
                EVT_STOP (0x308, dce_audit_admin_modify)


                Event-Specific Information
                          None


      The dce_audit_admin_query event class has two events:


        +  EVT_SHOW_SSTRATEGY - Shows the storage strategy.

        +  EVT_SHOW_STATE - Shows the state of the Audit daemon.






 Hewlett-Packard Company            - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 aud_audit_events(5)      Open Software Foundation       aud_audit_events(5)




      Following are the details of this event class:


      Event Type (Event Number, Event Classes)
                EVT_SHOW_SSTRATEGY (0x309, dce_audit_admin_query)


                Event-Specific Information
                          None


      Event Type (Event Number, Event Classes)
                EVT_SHOW_STATE (0x30a, dce_audit_admin_query)


                Event-Specific Information
                          None


    Filter Operations    [Toc]    [Back]
      The dce_audit_filter_modify and dce_audit_filter_query event classes
      are the filter operations that the Audit daemon handles.

      The dce_audit_filter_modify event class has the following events:


        +  EVT_ADD_FILTER - Adds a filter.

        +  EVT_DELETE_FILTER - Removes all guides for a specific subject.

        +  EVT_REMOVE_FILTER - Removes a specific guide for a specific
           subject.


      Following are the details of this event class:


      Event Type (Event Number, Event Classes)
                EVT_ADD_FILTER (0x303, dce_audit_filter_modify)


                Event-Specific Information
                          None.


      Event Type (Event Number, Event Classes)
                EVT_DELETE_FILTER (0x300, dce_audit_filter_modify)


                Event-Specific Information
                          None.



 Hewlett-Packard Company            - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96






 aud_audit_events(5)      Open Software Foundation       aud_audit_events(5)




      Event Type (Event Number, Event Classes)
                EVT_REMOVE_FILTER (0x304,  dce_audit_filter_modify)


                Event-Specific Information
                          None.


      The dce_audit_filter_query contains two events:


        +  EVT_LIST_FILTER - Lists all subjects that have filters.

        +  EVT_SHOW_FILTER - Shows all filters for a specific principal.


      Following are the details of this event class.


      Event Type (Event Number, Event Classes)
                EVT_LIST_FILTER (0x302, dce_audit_filter_query)


                Event-Specific Information
                          None.


      Event Type (Event Number, Event Classes)
                EVT_SHOW_FILTER (0x301, dce_audit_filter_query)


                Event-Specific Information

                          aud_c_evt_info_long_int       esl_type
                          aud_c_evt_info_char_string    subject_name


 RELATED INFORMATION    [Toc]    [Back]
      Commands: dcecp(1m).

      Files: event_class.5.


 Hewlett-Packard Company            - 4 -OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
[ Back ]
 Similar pages
Name OS Title
sec_audit_events HP-UX Auditable events for the security services
dts_audit_events HP-UX Auditable events for the time services
audeventsta HP-UX define and describe audit system events
satconfig IRIX configure the system audit trail to collect particular events
sat_select IRIX preselect events for the system audit trail to gather
dcecp_audevents HP-UX A dcecp object that lists audit events on a DCE host
sat_eventtostr IRIX convert an audit event index to/from an audit event string
sat_write_filehdr IRIX write audit file header, write close time to audit file header
getservent Tru64 Get a services file entry from the /etc/services file.
getservent_r Tru64 Get a services file entry from the /etc/services file.
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service