Some processes invoke a series of actions that
can be audited. To reduce the amount of audit log data collected and
to provide for more meaningful notations in the audit log files, some
of these processes are programmed to suspend auditing of the actions
they invoke and produce one audit log entry describing the process
that occurred. Processes programmed in this way are called self-auditing
programs; using self-auditing programs streamlines audit log data.
|NOTE: The list of self-auditing processes varies from
system to system.|
The following processes have self-auditing capabilities:
Change finger entry
Change login shell
The login utility
Change effective group
Select events to be audited
Display the audit data
Start or halt the auditing
Select users to be audited
Change run levels, users
Schedule line printer requests
Flexible file backup
File transfer protocol daemon
Remote shell server daemon
Remote login server daemon
Telnet server daemon
Invokes legacy application.
Allows authorized users to edit files.
Edits role information.
Edits authorization information.
Edits command authorizations and privileges.
Most self-auditing programs generate audit data
under a single event category. For example, the audsys command generate the audit data under the admin event. Some commands generate audit data under multiple event categories.
For example, the init command generates data under
the login and admin events.