System Administration Guide
Chapter 6, Using the Audit Manager

Choosing audit events

Choosing audit events

In the Audit Manager, select Events Modify. Use the arrow keys to move between event types. Use <Space> to toggle between ``Y'' (yes, audit) and ``N'' (no, do not audit). The event types are explained in Table 6-2.

This event mask can be modified and dynamically altered for the current audit session, and it can be written to the parameter file to take effect on future audit sessions.

Table 6-2 Audit event descriptions

 Event type                        Description
 A    Startup/Shutdown             system startups (boots) and shutdowns
 B    Login/Logoff                 successful and unsuccessful login
 C    Process Create/Delete        creation and termination of processes
 D    Make Object Available        file, message, semaphore opens and
                                   filesystem mounts
 E    Map Object to Subject        program execution
 F    Object Modification          file writes
 G    Make Object Unavailable      file, message, semaphore closes and
                                   filesystem unmounts
 H    Object Creation              file/message/semaphore creation
 I    Object Deletion              file/message/semaphore deletion
 J    DAC Changes                  file, message, semaphore permission
                                   or ownership changes
 K    DAC Denials                  denied permissions
 L    Admin/Operator Actions       system administrator and operator
 M    Insufficient Authorization   tasks that failed due to insufficient
 N    Resource Denials             missing files and insufficient memory
 O    IPC Functions                sending signals and messages to
 P    Process Modifications        effective identity or working
                                   directory changes
 Q    Audit Subsystem Events       system auditing enable, disable,
 R    Database Events              security data changes and integrity
 S    Subsystem Events             use of protected subsystems
 T    Use of Authorization         superuser-only actions