Object data for auditable events
The following information is recorded
for all events that involve
an object (for example, the
open_rd
event) and is referred to as the ``object'' data:
-
the object name
-
the object type
-
the object's security level
NOTE:
The security level applies only to log files generated
on systems running UNIX System V Release 4.1 Enhanced Security, or
UNIX System V Release 4.2MP, with the Enhanced Security Utilities
installed. Security levels are not supported for this release,
so this field will be empty in log files produced on systems
running this release. However, the field is kept to maintain
compatibility with these earlier releases.
-
the object's device number
-
the major number component of the object's device
-
the minor number component of the object's device
-
the object's inode number
-
the object's filesystem ID
The remaining information recorded is unique to each event type.
For example the
ulimit
event will have the requested ``new limit'' recorded.
This information is referred to as the ``unique'' data.
auditrpt(1M)
contains
a description of the
unique data recorded for each event type.
Application programs
with the
auditwr
privilege
can write miscellaneous records to the audit event log file.
Audit records created by application programs are of the event type
misc.
The application program invokes the
auditdmp(2)
system call to record the audit record.
© 1999 The Santa Cruz Operation, Inc. All rights reserved.
UnixWare 7 Release 7.1.1 - 5 November 1999