*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> aud_sitevent_num (3)              
Title
Content
Arch
Section
 

aud_sitevent(3)

Contents


NAME    [Toc]    [Back]

       aud_sitevent,  aud_sitevent_num  - audit site event operations

SYNOPSIS    [Toc]    [Back]

       aud_sitevent(
               int event,
               int subevent,
               int *eventname,
               char *subeventname ); aud_sitevent_num(
               char *eventname,
               char *subeventname,
               int *ev_num,
               int *subev_num );

LIBRARY    [Toc]    [Back]

       Audit Library  - libaud.a and libaud.so

DESCRIPTION    [Toc]    [Back]

       Audit site events are specific to and defined by a particular
 installation. For example, an installation could have
       its own database program, and want  to  have  it  use  the
       audit  subsystem.   To  do so, the installation's database
       events  and  subevents  would   be   registered   in   the
       /etc/sec/site_events file.

       The  site_events  file  contains  one  entry for each site
       event.  Each site event entry can contain  any  number  of
       subevents.    Both  preselection  (see  auditmask(8))  and
       postreduction (see audit_tool(8))  capabilities  are  supported
  for  site  events.  Postreduction capabilities are
       also supported for subevents.

       The  aud_sitevent  function,  when  provided   event   and
       subevent  numbers,  copies  the  corresponding  event  and
       subevent names into eventname  and  subeventname.   If  no
       subevent  for  that  site event exists, subevent should be
       set to -1, and no subeventname will be copied.  The  maximum
  length  of  an  event  or  subevent  name is AUD_MAXEVENT_LEN
 bytes. If the requested mapping does not  exist,
       -1 is returned.

       The aud_sitevent_num function, when provided eventname and
       subeventname, copies the corresponding event numbers  into
       ev_num  and subev_num.  If no subevent for that site event
       exists, subeventname should be set to the null string, and
       subev_num  will  be  set  to -1.  If the requested mapping
       does not exist, -1 is returned.

       Mappings between the event and subevent numbers and  names
       are  placed  into the file /etc/sec/site_events.  A sample
       file follows:

            eventname 2048,
                 subevent0 0,
                 subevent1 1,
                 ...
                 subevent99 99;
             my_rdb 2049,
                 rdb_creat 0,
                 rdb_open 1,
                 rdb_delete 2;
             nosubeventevent 2050;

       Each line contains an event or subevent name  followed  by
       its   number.    An   event   number   must   be   between
       MIN_SITE_EVENT (see sys/audit.h) and MIN_SITE_EVENT +  the
       output  of  the sysconfig -q sec audit_site_events for the
       running kernel.  A subevent number must be a  non-negative
       integer.   The  line is terminated either with a comma (,)
       if an associated subevent follows, or with a semicolon (;)
       if no further associated subevents follow.

EXAMPLES    [Toc]    [Back]

       The following example looks up the event and subevent numbers
 for event "my_rdb" and subevent "rdb_open", and  generates
 an audit record if the lookup succeeded:

       if ( aud_sitevent_num ( "my_rdb", "rdb_open",
                                              &event, &subev ) ==
       0 )
          audgenl ( event, T_SUBEVENT, subev, T_CHARP,
                                              "sample rec", 0 );

SEE ALSO    [Toc]    [Back]

      
      
       sysconfig(8), sysconfigdb(8)

       Security

       Programming Support Tools



                                                  aud_sitevent(3)
[ Back ]
 Similar pages
Name OS Title
sat_eventtostr IRIX convert an audit event index to/from an audit event string
audevent HP-UX change or display event or system call audit status
ftpgroups HP-UX group password file for use with the SITE GROUP and SITE GPASS commands.
sat_write_filehdr IRIX write audit file header, write close time to audit file header
alPendingEvents IRIX Get total number of event queued in event queue
DtDndVaDropRegister HP-UX specify a drop site
DtDndDropRegister HP-UX specify a drop site
DtDndDropUnregister HP-UX deactivate a drop site
alCheckEvent IRIX Looks for an event in the event queue and retrieves it.
htsmall IRIX create an index for a web site from a data definition
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service