Contains information about system audit events.
The /etc/security/audit/events file is an ASCII stanza file that contains information about audit events. The file contains just one stanza, auditpr, which lists all the audit events in the system. The stanza also contains formatting information that the auditpr command needs to write an audit tail for each event.
Each attribute in the stanza is the name of an audit event, with the following format:
The format command can have the following parameters:
Format | Description |
%A | Formatted output is similar to the aclget command. |
%d | Formatted as a 32-bit signed decimal integer |
%G | Formatted as a comma-separated list of group names or numerical identifiers. |
%o | Formatted as 32-bit octal integer. |
%P | Formatted output is similar to the pclget command. |
%s | Formatted as a text string. |
%T | Formatted as a text string giving include date and time with 6 significant digits for the seconds DD Mmm YYYY HH:MM:SS:mmmuuu ). |
%u | Formatted as a 32-bit unsigned integer. |
%x | Formatted as a 32-bit hexidecimal integer. |
%X | Formatted as a 32-bit hexidecimal integer with upper case letters. |
Access Control: This file should grant read (r) access to the root user and members of the audit group, and grant write (w) access only to the root user.
To format the tail of an audit record for new audit events, such as FILE_Open and PROC_Create , add format specifications like the following to the auditpr stanza in the /etc/security/audit/events file:
auditpr: FILE_Open = printf "flags: %d mode: %o \ fd: %d filename: %s" PROC_Create = printf "forked child process %d"
This file is part of Base Operating System (BOS) Runtime.
/etc/security/audit/events | Specifies the path to the file. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/objects | Contains information about audited objects. |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
/etc/security/audit/streamcmds | Contains auditstream commands. |
The audit command, auditpr command.
Auditing Overview, Setting Up Auditing, and Security Administration in AIX Version 4.3 System Management Guide: Operating System and Devices.