NAME
audeventstab — define and describe audit system events
DESCRIPTION
The
/usr/audit/audeventstab
file lists audit event numbers,
corresponding mnemonic names,
and brief explanations of each event.
Blank lines and comments (beginning with a
#
character) are allowed.
Each non-comment, non-blank line in this file contains three parts:
- event
Audit event number in decimal:
a single field separated by whitespace.
- name
Corresponding mnemonic name:
a single field separated by whitespace.
- explanation
Remainder of the line, following a
#
character.
For kernel-generated audit events,
event numbers match kernel-internal system call numbers,
and event names are system call names.
For events from self-auditing programs,
names are macros defined in
<sys/audit.h>.
EXAMPLES
To extract a list of event numbers and names from the file
by stripping comments and ignoring blank lines:
tab=' '
sed < /usr/audit/audeventstab -e 's/#.*//' -e "/^[ $tab]*$/d"
AUTHOR
audeventstab
was developed by
HP.
FILES
/usr/audit/audeventstab
Printable version
