Using the Audit Manager
The audit subsystem records security-related events
that occur on a system in the form
of an ``audit trail'' that can later be examined.
Audit trails produced by
this subsystem can detect penetration of the system and the misuse of
resources. The audit subsystem is designed to meet the audit goals
specified by the U.S. National Computer Security Center.
Auditing permits the review of the collected data to examine
patterns of access to ``objects'' (files) and to observe the
actions of specific users and their processes. Attempts to
violate protection and authorization mechanisms are audited.
The audit subsystem provides a high degree of assurance that
attempts to bypass security mechanisms are audited. Because
security-related events are audited and are accountable to a
specific user, the audit subsystem serves as a deterrent to
users attempting to misuse the system.
Another useful aspect of auditing is in debugging programs. Because
an audit session can log specific activities, you can enable auditing while
running a troublesome program and find out exactly what it was doing.