개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

audit_event(5)

audit_event(5)                   File Formats                   audit_event(5)



NAME
       audit_event - audit event definition and class mapping

SYNOPSIS
       /etc/security/audit_event

DESCRIPTION
       /etc/security/audit_event is a user-configurable ASCII system file that
       stores event definitions used in the audit system. As part of this def‐
       inition,  each  event  is  mapped  to  one or more of the audit classes
       defined in audit_class(5).  See  auditconfig(8)  and  user_attr(5)  for
       information  about  changing  the  preselection of audit classes in the
       audit system.


       The fields for each event entry are separated by colons. Each event  is
       separated  from  the  next  by a NEWLINE. Each entry in the audit_event
       file has the form:



         event-number:event-name:event-description:event-classes



       The fields are defined as follows:

       event-number

           Event number. Ranges for event number are assigned as follows:

           0

               Reserved as an invalid event number.


           1-2047

               Reserved for the Solaris Kernel events. The kernel event table,
               and  possibly  MAX_KEVENTS,  must be updated in audit_kevents.h
               when changes are made to kernel events. Allocation  of  Solaris
               Kernel events:

               0           The kernel event table must start with AUE_NULL


               1-511       Allocated for Solaris


               512-2047    Reserved but not allocated



           2048-65535

               Allocated for user level audit events. Allocation of user level
               audit events:

               2048-5999      Reserved but not allocated


               6000-9999      Allocated for Solaris


               10000-32767    Reserved but not allocated


               32768-65535    Available for third party applications




       event-name

           Event name.


       event-description

           Event description.


       event-classes

           Specifies classes to which the event is mapped. Classes  are  comma
           separated, without spaces and may be added for any event other than
           those with the no class.

           Obsolete events are commonly  assigned  to  the  special  class  no
           (invalid) to indicate they are no longer generated. Obsolete events
           are retained to process old audit trail files. Other  events  which
           are not obsolete may also be assigned to the no class.


EXAMPLES
       Example 1 Using the audit_event File



       The following is an example of some audit_event file entries:


         7:AUE_EXEC:exec(2):ps,ex
         79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
         6152:AUE_login:login - local:lo
         6153:AUE_logout:logout:lo
         6154:AUE_telnet:login - telnet:lo
         6155:AUE_rlogin:login - rlogin:lo




ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Interface StabilitySee below.



       The file format stability is Committed. The file content  is  Uncommit‐
       ted.

FILES
       /etc/security/audit_event

SEE ALSO
       audit_class(5), user_attr(5), auditconfig(8)

NOTES
       This  functionality  is  available  only  if  Solaris Auditing has been
       enabled.


       For changes to this file to be effective immediately, refresh svc:/sys‐
       tem/auditset:default. For example:

         # svcadm refresh svc:/system/auditset:default



       Third party developers wishing to use the audit interfaces must contact
       the Solaris Audit team through their Oracle representative.



Oracle Solaris 11.4               27 Nov 2017                   audit_event(5)