/etc/security/audit_event is an ASCII system file that stores event definitions and specifies the event to class mappings. Programs use the getauevent(3BSM) routines to access this information.
The fields for each event entry are separated by colons. Each event is separated from the next by a newline.
Each entry in the audit_event file has the form:
number:name:description: flags
The fields are defined as follows:
-
number
- The event number.
-
name
- The event name.
-
description
- The description of the event.
-
flags
- Flags specifying classes to which the event is mapped.
|