svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
audit_flags(7)
Standards, Environments, Macros, Character Sets, and miscellany
audit_flags(7)
NAME
audit_flags - audit preselection flags
DESCRIPTION
Audit flags specify which audit classes are to be audited for a
process. Audit classes are defined in the audit_class(5) file and group
together like audit events as defined in the audit_event(5) file. The
default Solaris system-wide audit flags are configured as part of the
audit service using auditconfig(8). Additional per-user or per-role
audit flags may be configured in the user_attr(5) database or in the
profiles granted to the user by the audit_flags=always-audit-
flags:never-audit-flags keyword. The audit flags of a process are
called the preselection mask. The preselection mask is set at login and
role assumption time by combining the default Solaris system-wide audit
flags with the per-user audit flags (default flags + always-audit-
flags) - never-audit-flags.
Audit flags are specified as a character string representing the audit
class names to be audited. Each flag identifies an audit class and is
separated by a comma (,) from others in the string. An audit class name
preceded by - means that the class should be audited for failure only;
successful attempts are not audited. An audit class name preceded by +
means that the class should be audited for success only; failed
attempts are not audited. Without a prefix, the audit class name indi‐
cates that the class is to be audited for both successes and failures.
The special string "all" indicates that all audit events are to be
audited; -all indicates that all failed attempts are to be audited and
+all indicates that all successful attempts are to be audited. The pre‐
fixes ^, ^- and ^+ turn off flags specified earlier in the string (^-
and ^+ for failed and successful attempts respectively, ^ for both).
They are typically used to reset flags. The special string no indicates
no audit events are to be audited.
EXAMPLES
Example 1 Preselect to audit for successful and failed "lo"
(login/logout), "am" (administration) audit events and all failed audit
events except for failed "fm" (file attribute modify) events.
lo,am,-all,^-fm
Example 2 Preselect to audit for successful and failed "lo"
(login/logout), "as" (system-wide administration) and failed "fm" (file
attribute modify) events.
lo,as,-fm
SEE ALSO
profiles(1), audit_class(5), audit_event(5), prof_attr(5),
user_attr(5), auditconfig(8), auditd(8), usermod(8)
Oracle Solaris 11.4 21 Jun 2021 audit_flags(7)