Object data for auditable events
The following information is recorded
for all events that involve
an object (for example, the
open_rd
event) and is referred to as the ``object'' data:
-
the object name
-
the object type
-
the object's device number
-
the major number component of the object's device
-
the minor number component of the object's device
-
the object's inode number
-
the object's filesystem ID
The remaining information recorded is unique to each event type.
For example the
ulimit
event will have the requested ``new limit'' recorded.
This information is referred to as the ``unique'' data.
auditrpt(ADM)
contains
a description of the
unique data recorded for each event type.
Application programs
with the
auditwr
privilege
can write miscellaneous records to the audit event log file.
Audit records created by application programs are of the event type
misc.
The application program invokes the
auditdmp(S)
system call to record the audit record.
Next topic:
Fixed events
Previous topic:
Common data for auditable events
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005