Overview of auditable event types and classes
An auditable event type (also referred to as an event)
represents a single action (either a command or system call)
that may affect the security of the system.
There are two types of events:
-
Fixed events are always audited when the auditing subsystem
is enabled and can not be altered.
The fixed events represent actions that must be recorded to ensure the
integrity and accuracy of the data in the audit event log file
(also referred to as the log file).
Recording only the fixed events will not give you a complete record of
all actions that affect system security.
-
Selectable events
are audited only if you select
them for auditing.
Therefore,
you can tailor the information recorded to meet the needs of
your site.
When you decide which events to record, you are pre-selecting the
events.
That is, the events are being selected for recording in the audit event log
file before they happen.
When you decide which events to report, you are post-selecting
the events.
That is, you are selecting which events will be reported out of all
the ones that have been recorded.
Note that
if you did not pre-select an event,
the audit event log file will not contain any record for that event type.
``Auditable events''
gives complete information on all events valid for this release.
``Summary of auditable events and classes''
lists all events recognized by the subsystem, including obsolete
events and events that are valid only for specific earlier releases.
NOTE:
The default audit event mask contains only the fixed event types.
Next topic:
Managing the audit event log file
Previous topic:
Writing audit data
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005