Modify.
Use the arrow keys to move between event types.
Use <Space> to toggle between ``Y'' (yes, audit) and ``N''
(no, do not audit).
The event types are explained in
``Audit event descriptions''.
|
|
In the
Audit Manager,
select
Events Modify.
Use the arrow keys to move between event types.
Use <Space> to toggle between ``Y'' (yes, audit) and ``N''
(no, do not audit).
The event types are explained in
``Audit event descriptions''.
This event mask can be modified and dynamically altered for the current audit session, and it can be written to the parameter file to take effect on future audit sessions.
Audit event descriptions
| Event type | Description | |
|---|---|---|
| A | Startup/Shutdown | system startups (boots) and shutdowns |
| B | Login/Logoff | successful and unsuccessful login attempts |
| C | Process Create/Delete | creation and termination of processes |
| D | Make Object Available | file, message, semaphore opens and filesystem mounts |
| E | Map Object to Subject | program execution |
| F | Object Modification | file writes |
| G | Make Object Unavailable | file, message, semaphore closes and filesystem unmounts |
| H | Object Creation | file/message/semaphore creation |
| I | Object Deletion | file/message/semaphore deletion |
| J | DAC Changes | file, message, semaphore permission or ownership changes |
| K | DAC Denials | denied permissions |
| L | Admin/Operator Actions | system administrator and operator tasks |
| M | Insufficient Authorization | tasks that failed due to insufficient privileges |
| N | Resource Denials | missing files and insufficient memory |
| O | IPC Functions | sending signals and messages to processes |
| P | Process Modifications | effective identity or working directory changes |
| Q | Audit Subsystem Events | system auditing enable, disable, modification |
| R | Database Events | security data changes and integrity |
| S | Subsystem Events | use of protected subsystems |
| T | Use of Authorization | superuser-only actions |